Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/bfI0UGg04QVzK66UdyokK5Ctdig.roa
File:                     bfI0UGg04QVzK66UdyokK5Ctdig.roa (raw, json)
Hash identifier:          wxVTaxI0RUoDDGyUOiq9MKxTRFzoF8PR/M1+nlcNg7s=
Subject key identifier:   6D:F2:34:50:68:34:E1:05:73:2B:AE:94:77:2A:24:2B:90:AD:76:28
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0198587199B9FBC7E38C6D4E6265C7B8F7E1
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/bfI0UGg04QVzK66UdyokK5Ctdig.roa
Signing time:             Tue 29 Jul 2025 23:08:16 +0000
ROA not before:           Tue 29 Jul 2025 23:08:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206300
IP address blocks:        2a12:bec4:1bd0::/44 maxlen: 44
                          2a12:bec4:1bd0::/48 maxlen: 48
                          2a12:bec4:1bd1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:58:71:99:b9:fb:c7:e3:8c:6d:4e:62:65:c7:b8:f7:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jul 29 23:08:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6df234506834e105732bae94772a242b90ad7628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e1:2d:3b:69:f4:0b:a0:51:58:85:43:91:a7:
                    54:6d:43:17:05:f7:55:42:f0:7c:7e:65:89:7d:46:
                    e8:51:ff:b2:83:8e:a2:f5:39:98:18:2c:c7:43:43:
                    39:55:54:aa:35:40:21:e1:63:df:22:16:d6:e1:ab:
                    20:c3:79:7d:84:99:76:31:5a:2c:9b:b6:9e:26:21:
                    22:d6:99:dc:f2:8c:d4:41:49:17:12:a9:ae:4e:c7:
                    dc:4e:04:ca:59:dc:78:6c:c4:d5:f8:84:57:cb:8f:
                    6c:75:0d:a0:a9:57:20:8e:50:5a:e4:22:84:cc:90:
                    d5:dc:4b:fe:80:4e:9b:fb:2e:72:d7:49:3e:54:84:
                    b1:28:84:c9:28:6e:84:60:c3:50:7f:e2:ec:ba:ae:
                    b2:aa:dd:20:f8:3b:d8:b0:56:48:b4:83:0c:e1:65:
                    bf:1c:b5:ca:38:a8:72:19:4b:03:98:92:27:e8:3a:
                    aa:cc:17:fc:df:d6:f4:91:67:93:68:e4:e6:08:a1:
                    6e:83:9f:1d:4b:9c:84:55:44:d4:70:89:13:6a:61:
                    70:ba:6d:05:9c:cf:65:19:25:e2:79:a9:7d:eb:9e:
                    d6:59:f7:74:ef:d7:e7:ab:00:6f:25:56:ca:cc:05:
                    b2:4a:66:01:72:c3:38:28:a5:c1:32:46:0e:f4:c0:
                    e6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F2:34:50:68:34:E1:05:73:2B:AE:94:77:2A:24:2B:90:AD:76:28
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/bfI0UGg04QVzK66UdyokK5Ctdig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1bd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5b:1a:a1:9d:4f:cc:c8:22:34:44:a0:91:f6:d1:0f:cc:4a:2e:
         46:a0:51:95:d4:e1:7a:04:f4:f8:67:54:26:c4:bf:5a:d7:ef:
         75:98:a2:7e:82:5d:f3:ed:e2:15:41:67:d5:89:9a:a7:28:b2:
         86:35:47:b5:ea:f9:5b:41:88:c5:52:8f:53:1b:35:a7:ec:a6:
         ed:a7:95:78:87:78:f9:16:4a:0a:cc:be:c2:df:ef:5e:8d:64:
         9a:44:3e:19:d9:34:9e:80:ec:6d:f5:27:81:9c:18:47:f4:21:
         c0:bc:ea:f9:51:fc:6f:c2:85:3a:ed:c2:8e:f2:92:e8:e3:7a:
         d1:23:24:76:a3:be:95:3f:df:81:89:e4:aa:9e:4d:7b:cc:0b:
         f8:a4:06:fa:a8:3d:66:ee:7f:5b:1e:03:12:10:c1:c6:cc:6f:
         a2:00:53:ef:6d:3a:1a:18:e2:f7:8c:7a:0a:8a:05:c1:c8:bc:
         42:e3:13:ae:d4:43:83:65:5d:9f:12:03:40:d9:7b:d8:32:a0:
         40:38:ea:11:7c:04:9a:a6:6b:fc:16:77:1f:4f:b8:3d:cd:ef:
         8a:98:6e:fe:85:68:39:ee:10:a3:03:c7:ee:67:7d:22:fe:1d:
         27:e7:76:93:1d:b8:b3:58:cf:cb:53:aa:09:6c:5c:56:e0:4e:
         4a:7c:a4:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhYcZm5+8fjjG1OYmXHuPfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNzI5MjMwODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGYyMzQ1MDY4MzRlMTA1NzMyYmFlOTQ3NzJhMjQyYjkwYWQ3NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+EtO2n0C6BRWIVDkadUbUMXBfdV
QvB8fmWJfUboUf+yg46i9TmYGCzHQ0M5VVSqNUAh4WPfIhbW4asgw3l9hJl2MVos
m7aeJiEi1pnc8ozUQUkXEqmuTsfcTgTKWdx4bMTV+IRXy49sdQ2gqVcgjlBa5CKE
zJDV3Ev+gE6b+y5y10k+VISxKITJKG6EYMNQf+Lsuq6yqt0g+DvYsFZItIMM4WW/
HLXKOKhyGUsDmJIn6DqqzBf839b0kWeTaOTmCKFug58dS5yEVUTUcIkTamFwum0F
nM9lGSXieal9657WWfd079fnqwBvJVbKzAWySmYBcsM4KKXBMkYO9MDmGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG3yNFBoNOEFcyuulHcqJCuQrXYoMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvYmZJMFVHZzA0UVZ6SzY2VWR5b2tLNUN0ZGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBvQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBbGqGdT8zIIjREoJH20Q/MSi5GoFGV1OF6BPT4
Z1QmxL9a1+91mKJ+gl3z7eIVQWfViZqnKLKGNUe16vlbQYjFUo9TGzWn7Kbtp5V4
h3j5FkoKzL7C3+9ejWSaRD4Z2TSegOxt9SeBnBhH9CHAvOr5UfxvwoU67cKO8pLo
43rRIyR2o76VP9+BieSqnk17zAv4pAb6qD1m7n9bHgMSEMHGzG+iAFPvbToaGOL3
jHoKigXByLxC4xOu1EODZV2fEgNA2XvYMqBAOOoRfASapmv8FncfT7g9ze+KmG7+
hWg57hCjA8fuZ30i/h0n53aTHbizWM/LU6oJbFxW4E5KfKTs
-----END CERTIFICATE-----