Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/bo7KO9XdD_Urskdk1n4Bj-fW4fs.roa
File:                     bo7KO9XdD_Urskdk1n4Bj-fW4fs.roa (raw, json)
Hash identifier:          ubQY2gOF+3dPO6O676JWntfiT2uJ103t4smlNmiKGh4=
Subject key identifier:   6E:8E:CA:3B:D5:DD:0F:F5:2B:B2:47:64:D6:7E:01:8F:E7:D6:E1:FB
Certificate issuer:       /CN=500151e464b29791376c0c57beb40c584ef5a1cf
Certificate serial:       01976B5452DA923683A125DBBE47FE0DFFAC
Authority key identifier: 50:01:51:E4:64:B2:97:91:37:6C:0C:57:BE:B4:0C:58:4E:F5:A1:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UAFR5GSyl5E3bAxXvrQMWE71oc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/bo7KO9XdD_Urskdk1n4Bj-fW4fs.roa
Signing time:             Fri 13 Jun 2025 22:06:17 +0000
ROA not before:           Fri 13 Jun 2025 22:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43824
IP address blocks:        185.222.49.0/24 maxlen: 24
                          185.222.50.0/24 maxlen: 24
                          2a0d:3680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/UAFR5GSyl5E3bAxXvrQMWE71oc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/UAFR5GSyl5E3bAxXvrQMWE71oc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UAFR5GSyl5E3bAxXvrQMWE71oc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 19:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:6b:54:52:da:92:36:83:a1:25:db:be:47:fe:0d:ff:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=500151e464b29791376c0c57beb40c584ef5a1cf
        Validity
            Not Before: Jun 13 22:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e8eca3bd5dd0ff52bb24764d67e018fe7d6e1fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2d:b7:52:87:6c:55:d4:b1:be:f7:c0:5d:84:
                    28:31:85:65:7f:d4:bc:e7:b1:30:3d:ce:da:d9:4e:
                    de:96:cc:b7:53:36:fa:01:e2:dc:88:c1:ca:ae:c2:
                    34:5d:0e:f0:3f:79:c0:a6:7c:c2:01:94:95:56:19:
                    33:40:11:f1:7e:85:c8:1f:45:b3:cb:22:59:25:06:
                    70:99:da:c9:04:9d:b5:b8:ce:12:f7:2e:03:36:03:
                    4d:99:5a:12:5b:d9:10:f3:fb:ab:ff:c7:3c:69:0f:
                    84:5f:71:d2:81:a3:0b:2b:98:d8:0c:aa:1a:ba:a8:
                    23:fa:25:93:c3:fc:22:24:85:44:13:bc:54:a1:93:
                    74:a9:9f:d0:08:39:2f:98:43:d8:59:97:fe:9b:18:
                    b0:bb:45:9c:fe:09:0e:97:3c:eb:c9:20:e5:bb:b9:
                    c1:02:bf:0b:bf:ac:5e:ac:f8:70:a4:b8:af:96:4e:
                    81:df:59:3d:38:53:7a:94:4a:41:76:fb:60:98:10:
                    34:97:2a:e9:d7:c3:a6:06:0a:21:12:45:1d:ed:22:
                    b0:4d:8f:80:59:07:73:6d:ed:78:68:fe:87:ab:27:
                    72:a9:46:74:21:b5:30:5a:3b:cc:ab:94:e7:f2:4d:
                    68:11:5e:9b:0a:ec:3a:1a:be:02:82:72:ee:cb:3f:
                    74:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:8E:CA:3B:D5:DD:0F:F5:2B:B2:47:64:D6:7E:01:8F:E7:D6:E1:FB
            X509v3 Authority Key Identifier:
                keyid:50:01:51:E4:64:B2:97:91:37:6C:0C:57:BE:B4:0C:58:4E:F5:A1:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UAFR5GSyl5E3bAxXvrQMWE71oc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/bo7KO9XdD_Urskdk1n4Bj-fW4fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/UAFR5GSyl5E3bAxXvrQMWE71oc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.49.0-185.222.50.255
                IPv6:
                  2a0d:3680::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:36:68:7e:da:42:2a:b3:88:38:fa:2a:dc:f4:b1:7f:96:26:
         b3:e5:96:0d:49:9d:a9:a5:91:62:cc:db:57:11:67:1b:1d:29:
         1d:53:17:7c:4a:f7:4d:9b:1a:f2:e0:6a:c9:94:b3:9a:67:9a:
         df:94:63:17:61:4e:19:4a:e0:46:6b:ad:4e:75:f4:da:86:a8:
         90:e5:80:ff:4d:bb:f9:42:3a:94:97:a9:3f:4b:c2:bc:32:d6:
         0f:42:7b:52:63:ba:a2:ba:cf:54:2c:b1:59:a0:49:13:49:ff:
         4a:6f:dc:e9:ca:7b:62:2c:f4:bb:1d:d2:e1:b5:14:f3:8b:45:
         26:3e:64:f1:5c:60:77:4e:36:cc:ea:fa:a8:f1:9a:fd:fd:e9:
         55:cd:4d:df:8b:cb:35:c2:5a:ee:26:50:20:67:0f:8c:ea:53:
         c8:07:38:77:77:3a:5a:51:ea:38:3d:5b:34:45:4f:dd:9d:f9:
         3e:0f:8b:6f:cd:cb:dc:3b:01:ac:65:e5:23:14:9c:c4:35:06:
         57:f7:b2:46:b0:89:21:5b:87:81:61:ab:3a:ab:4f:c8:ce:ef:
         1f:1e:cf:1a:d8:a3:1c:07:b4:8f:39:8d:86:80:29:11:aa:38:
         6d:be:06:cf:8b:cf:2d:f9:84:78:b1:16:54:a7:14:31:e9:92:
         6e:26:54:f9
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZdrVFLakjaDoSXbvkf+Df+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMDE1MWU0NjRiMjk3OTEzNzZjMGM1N2JlYjQwYzU4NGVm
NWExY2YwHhcNMjUwNjEzMjIwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZThlY2EzYmQ1ZGQwZmY1MmJiMjQ3NjRkNjdlMDE4ZmU3ZDZlMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy23UodsVdSxvvfAXYQoMYVlf9S8
57EwPc7a2U7elsy3Uzb6AeLciMHKrsI0XQ7wP3nApnzCAZSVVhkzQBHxfoXIH0Wz
yyJZJQZwmdrJBJ21uM4S9y4DNgNNmVoSW9kQ8/ur/8c8aQ+EX3HSgaMLK5jYDKoa
uqgj+iWTw/wiJIVEE7xUoZN0qZ/QCDkvmEPYWZf+mxiwu0Wc/gkOlzzrySDlu7nB
Ar8Lv6xerPhwpLivlk6B31k9OFN6lEpBdvtgmBA0lyrp18OmBgohEkUd7SKwTY+A
WQdzbe14aP6HqydyqUZ0IbUwWjvMq5Tn8k1oEV6bCuw6Gr4CgnLuyz90xwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFG6OyjvV3Q/1K7JHZNZ+AY/n1uH7MB8GA1UdIwQY
MBaAFFABUeRkspeRN2wMV760DFhO9aHPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUFGUjVHU3lsNUUzYkF4WHZyUU1XRTcxb2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi80YTEyYzItOWJlZC00NWRkLTg2M2Mt
MGI5ZmI5N2U1MjlkLzEvYm83S085WGREX1Vyc2tkazFuNEJqLWZXNGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi80YTEyYzItOWJlZC00NWRkLTg2M2MtMGI5ZmI5N2U1Mjlk
LzEvVUFGUjVHU3lsNUUzYkF4WHZyUU1XRTcxb2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAC53jED
BAC53jIwDQQCAAIwBwMFAyoNNoAwDQYJKoZIhvcNAQELBQADggEBADc2aH7aQiqz
iDj6Ktz0sX+WJrPllg1JnamlkWLM21cRZxsdKR1TF3xK902bGvLgasmUs5pnmt+U
YxdhThlK4EZrrU519NqGqJDlgP9Nu/lCOpSXqT9Lwrwy1g9Ce1JjuqK6z1QssVmg
SRNJ/0pv3OnKe2Is9Lsd0uG1FPOLRSY+ZPFcYHdONszq+qjxmv396VXNTd+LyzXC
Wu4mUCBnD4zqU8gHOHd3OlpR6jg9WzRFT92d+T4Pi2/Ny9w7Aaxl5SMUnMQ1Blf3
skawiSFbh4FhqzqrT8jO7x8ezxrYoxwHtI85jYaAKRGqOG2+Bs+Lzy35hHixFlSn
FDHpkm4mVPk=
-----END CERTIFICATE-----