Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BV_eIoGqrx_GSe7fDzgdv8ep8p8.roa
File:                     BV_eIoGqrx_GSe7fDzgdv8ep8p8.roa (raw, json)
Hash identifier:          +4PQAS+G21fUtMiNuWp/FnWfbdUwJObMdH6Sy6lirfM=
Subject key identifier:   05:5F:DE:22:81:AA:AF:1F:C6:49:EE:DF:0F:38:1D:BF:C7:A9:F2:9F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01967B916E9F299B8FBBADE5C96772833ACC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BV_eIoGqrx_GSe7fDzgdv8ep8p8.roa
Signing time:             Mon 28 Apr 2025 08:44:10 +0000
ROA not before:           Mon 28 Apr 2025 08:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215287
IP address blocks:        89.213.127.0/24 maxlen: 24
                          109.176.193.0/24 maxlen: 24
                          213.210.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 14:57:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:91:6e:9f:29:9b:8f:bb:ad:e5:c9:67:72:83:3a:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 28 08:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=055fde2281aaaf1fc649eedf0f381dbfc7a9f29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:eb:57:17:7b:61:ec:f1:d2:fb:83:52:42:29:
                    d4:ee:a9:3b:64:86:1d:70:76:57:69:62:81:2e:da:
                    d7:09:c8:bf:6a:1a:d1:06:cf:71:68:eb:f3:51:d1:
                    77:86:d1:c6:d3:a9:78:4b:9f:bf:98:2a:ac:0d:41:
                    fd:ab:5e:90:c8:bc:dd:a4:d4:54:91:f6:e8:29:11:
                    05:fb:b9:6a:34:36:98:2a:41:93:a4:0f:ac:92:9d:
                    a8:d7:3c:ef:3c:df:48:a1:80:2c:d6:17:d7:b3:d3:
                    6e:3d:27:e1:f4:9d:32:af:34:cc:59:b7:34:dc:b8:
                    ad:53:1b:f8:ab:36:ca:3e:37:f1:b6:17:39:86:4e:
                    16:19:3e:6e:93:60:bc:1d:42:f1:17:80:69:0f:92:
                    d9:8e:9b:75:98:ba:1d:7d:64:ca:d3:80:50:61:b2:
                    90:dd:46:29:e3:5a:06:64:32:93:06:db:b5:c1:c8:
                    90:e9:8e:4f:7f:97:cb:af:cd:2d:31:a7:07:5a:60:
                    5d:b4:6a:ba:69:f8:09:74:ad:de:63:25:90:93:27:
                    be:ca:1d:ef:12:43:71:18:b0:26:46:59:7e:19:64:
                    34:80:1b:d2:39:e2:00:3d:1e:6b:8e:cf:86:ad:6a:
                    96:0e:a6:5f:4f:8b:05:9d:50:b8:84:21:a6:b6:7d:
                    b3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:5F:DE:22:81:AA:AF:1F:C6:49:EE:DF:0F:38:1D:BF:C7:A9:F2:9F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BV_eIoGqrx_GSe7fDzgdv8ep8p8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.127.0/24
                  109.176.193.0/24
                  213.210.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f4:0d:42:56:2d:ef:b5:2a:df:de:ac:f3:17:eb:20:7a:0d:
         57:4b:f1:dd:fd:8b:14:11:3a:e2:84:d1:97:28:5e:24:98:c6:
         28:48:ce:db:29:91:20:c1:64:26:74:da:ed:1f:eb:ec:01:23:
         69:42:2b:49:50:75:f4:94:e1:b4:60:41:b7:24:15:55:f9:40:
         a1:95:a4:35:9c:ca:ed:33:20:bf:4a:36:27:81:93:49:e1:ed:
         66:c8:5c:79:56:cb:f5:d9:27:a8:3d:3f:b0:18:93:e2:3b:35:
         e5:9e:b4:07:50:7d:17:b3:62:cd:df:39:86:da:fd:52:30:d6:
         2f:37:ea:5e:84:df:cb:63:3f:d0:7c:e6:26:47:07:ad:2e:b9:
         c3:27:b7:cd:23:63:1d:2b:4a:95:67:c5:e5:52:b8:e2:bb:95:
         62:cf:90:07:6e:0f:6f:d2:26:c0:07:a7:a7:8f:2f:dd:0f:62:
         86:f3:fa:70:bf:63:91:ec:d4:6a:67:32:99:81:8c:48:cf:e9:
         d5:43:17:30:ab:f7:af:2c:7a:96:cf:ea:cd:34:a5:de:0d:13:
         02:4d:57:f6:be:24:f4:fb:b5:b5:18:5f:37:16:03:3c:68:c4:
         3e:90:6c:53:64:b1:87:69:b9:3a:57:28:9d:58:d7:5a:ad:77:
         89:fe:53:ba
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZ7kW6fKZuPu63lyWdygzrMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDI4MDg0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTVmZGUyMjgxYWFhZjFmYzY0OWVlZGYwZjM4MWRiZmM3YTlmMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+tXF3th7PHS+4NSQinU7qk7ZIYd
cHZXaWKBLtrXCci/ahrRBs9xaOvzUdF3htHG06l4S5+/mCqsDUH9q16QyLzdpNRU
kfboKREF+7lqNDaYKkGTpA+skp2o1zzvPN9IoYAs1hfXs9NuPSfh9J0yrzTMWbc0
3LitUxv4qzbKPjfxthc5hk4WGT5uk2C8HULxF4BpD5LZjpt1mLodfWTK04BQYbKQ
3UYp41oGZDKTBtu1wciQ6Y5Pf5fLr80tMacHWmBdtGq6afgJdK3eYyWQkye+yh3v
EkNxGLAmRll+GWQ0gBvSOeIAPR5rjs+GrWqWDqZfT4sFnVC4hCGmtn2zvQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAVf3iKBqq8fxknu3w84Hb/HqfKfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQlZfZUlvR3FyeF9HU2U3ZkR6Z2R2OGVwOHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWdV/AwQA
bbDBAwQA1dI+MA0GCSqGSIb3DQEBCwUAA4IBAQAa9A1CVi3vtSrf3qzzF+sgeg1X
S/Hd/YsUETrihNGXKF4kmMYoSM7bKZEgwWQmdNrtH+vsASNpQitJUHX0lOG0YEG3
JBVV+UChlaQ1nMrtMyC/SjYngZNJ4e1myFx5Vsv12SeoPT+wGJPiOzXlnrQHUH0X
s2LN3zmG2v1SMNYvN+pehN/LYz/QfOYmRwetLrnDJ7fNI2MdK0qVZ8XlUrjiu5Vi
z5AHbg9v0ibAB6enjy/dD2KG8/pwv2OR7NRqZzKZgYxIz+nVQxcwq/evLHqWz+rN
NKXeDRMCTVf2viT0+7W1GF83FgM8aMQ+kGxTZLGHabk6VyidWNdarXeJ/lO6
-----END CERTIFICATE-----