Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/27ca7f-66b4-4bb1-9f5f-f5ba4fe2bf54/1/GgU4V3exF_KMsbXxFhlxd1M5pl8.roa
File:                     GgU4V3exF_KMsbXxFhlxd1M5pl8.roa (raw, json)
Hash identifier:          l8v1ZDd4kP5GR80G/4+UL0QS/Pev1eqpTKkPGhrjSW4=
Subject key identifier:   1A:05:38:57:77:B1:17:F2:8C:B1:B5:F1:16:19:71:77:53:39:A6:5F
Certificate issuer:       /CN=a1695d5558241e04a872dc1346898f2cea70dfe7
Certificate serial:       0197C9E25401C11E262CA4B424BF373FBD7B
Authority key identifier: A1:69:5D:55:58:24:1E:04:A8:72:DC:13:46:89:8F:2C:EA:70:DF:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oWldVVgkHgSoctwTRomPLOpw3-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/27ca7f-66b4-4bb1-9f5f-f5ba4fe2bf54/1/GgU4V3exF_KMsbXxFhlxd1M5pl8.roa
Signing time:             Wed 02 Jul 2025 06:45:42 +0000
ROA not before:           Wed 02 Jul 2025 06:45:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202269
IP address blocks:        95.128.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/27ca7f-66b4-4bb1-9f5f-f5ba4fe2bf54/1/oWldVVgkHgSoctwTRomPLOpw3-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/27ca7f-66b4-4bb1-9f5f-f5ba4fe2bf54/1/oWldVVgkHgSoctwTRomPLOpw3-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oWldVVgkHgSoctwTRomPLOpw3-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c9:e2:54:01:c1:1e:26:2c:a4:b4:24:bf:37:3f:bd:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1695d5558241e04a872dc1346898f2cea70dfe7
        Validity
            Not Before: Jul  2 06:45:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a05385777b117f28cb1b5f1161971775339a65f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:19:ac:9c:70:71:19:7d:e4:e2:43:21:26:ab:
                    81:f9:73:ee:74:2b:a7:18:78:fc:11:bf:4d:46:bc:
                    45:35:b8:4a:1d:e4:23:fc:a7:69:a9:d9:7c:05:11:
                    3b:00:44:a0:d2:e0:df:70:78:c6:da:19:60:74:9e:
                    a0:6e:b5:19:27:ab:7b:8b:1e:74:b5:ae:b7:ab:b9:
                    97:ff:a1:e9:5a:a2:98:1a:73:23:2f:0d:06:15:83:
                    1c:3b:bf:57:c9:c2:2f:e6:63:82:7c:1c:cf:30:a9:
                    ce:41:6a:b8:2a:17:f1:9a:e0:de:53:27:18:f1:ca:
                    1d:dc:7d:aa:a1:51:e8:6e:95:c9:f9:27:2f:24:89:
                    f7:8c:f1:6e:73:48:f9:00:8e:87:83:95:2a:cd:27:
                    4d:aa:5d:aa:47:fe:5f:b1:f8:6d:06:7d:65:61:d3:
                    5c:7d:ab:be:c2:92:7c:f2:13:c6:d5:06:d3:91:b1:
                    8e:2a:c4:cc:7a:57:c5:cf:29:45:e9:93:69:83:f5:
                    1f:32:cb:c9:87:05:21:70:41:a2:3c:9f:76:bc:76:
                    6e:11:d3:81:70:d0:66:6c:e6:e5:71:38:05:bc:d2:
                    c8:03:80:d7:37:40:e2:91:ea:b4:80:15:df:a8:38:
                    86:45:bd:a6:3a:43:af:96:cc:27:b6:2e:18:72:26:
                    fb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:05:38:57:77:B1:17:F2:8C:B1:B5:F1:16:19:71:77:53:39:A6:5F
            X509v3 Authority Key Identifier:
                keyid:A1:69:5D:55:58:24:1E:04:A8:72:DC:13:46:89:8F:2C:EA:70:DF:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWldVVgkHgSoctwTRomPLOpw3-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/27ca7f-66b4-4bb1-9f5f-f5ba4fe2bf54/1/GgU4V3exF_KMsbXxFhlxd1M5pl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/27ca7f-66b4-4bb1-9f5f-f5ba4fe2bf54/1/oWldVVgkHgSoctwTRomPLOpw3-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:20:bb:a7:9b:08:05:54:c4:d6:4b:f6:db:47:d7:b9:cd:96:
         a4:a0:9f:e7:3b:1a:4a:71:f5:c9:40:27:9d:66:67:9a:08:99:
         41:fd:df:d9:6f:fa:b3:d2:71:a8:c6:c9:ba:a9:93:42:2d:b0:
         02:a3:eb:14:c8:40:07:33:f9:f4:a6:54:92:de:05:84:53:21:
         ef:d2:9c:ef:38:f1:40:a9:f6:6f:25:c4:94:28:db:2d:d0:cf:
         07:51:1b:94:2f:37:5c:8d:c3:ca:e9:6c:7f:9b:41:52:90:33:
         f2:b0:c0:e9:8d:d8:d6:0a:4c:3a:22:c9:5f:8c:4e:86:f0:2b:
         95:7c:2c:79:05:7a:13:05:aa:dd:4e:78:92:05:71:37:44:c6:
         c8:74:f5:e7:ad:68:a8:70:60:00:81:e7:57:18:51:5e:38:72:
         2f:1f:5c:c3:0a:48:df:3e:1a:71:c5:72:3e:05:e5:fe:5b:91:
         37:55:ff:ff:1b:54:bf:e6:11:fd:e6:ae:49:42:4e:5b:c1:18:
         c2:4e:4e:9a:18:66:24:f8:ae:b0:3e:25:9f:56:6e:17:63:15:
         a0:b4:b0:7e:ae:fd:2f:52:23:b2:fe:52:7d:48:ae:47:82:9d:
         4a:96:e5:5b:c5:53:4b:4b:dd:cb:d5:5c:4f:96:1b:30:d4:d6:
         77:bf:28:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfJ4lQBwR4mLKS0JL83P717MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNjk1ZDU1NTgyNDFlMDRhODcyZGMxMzQ2ODk4ZjJjZWE3
MGRmZTcwHhcNMjUwNzAyMDY0NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTA1Mzg1Nzc3YjExN2YyOGNiMWI1ZjExNjE5NzE3NzUzMzlhNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBmsnHBxGX3k4kMhJquB+XPudCun
GHj8Eb9NRrxFNbhKHeQj/Kdpqdl8BRE7AESg0uDfcHjG2hlgdJ6gbrUZJ6t7ix50
ta63q7mX/6HpWqKYGnMjLw0GFYMcO79XycIv5mOCfBzPMKnOQWq4KhfxmuDeUycY
8cod3H2qoVHobpXJ+ScvJIn3jPFuc0j5AI6Hg5UqzSdNql2qR/5fsfhtBn1lYdNc
fau+wpJ88hPG1QbTkbGOKsTMelfFzylF6ZNpg/UfMsvJhwUhcEGiPJ92vHZuEdOB
cNBmbOblcTgFvNLIA4DXN0Dikeq0gBXfqDiGRb2mOkOvlswnti4Ycib7JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoFOFd3sRfyjLG18RYZcXdTOaZfMB8GA1UdIwQY
MBaAFKFpXVVYJB4EqHLcE0aJjyzqcN/nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dsZFZWZ2tIZ1NvY3R3VFJvbVBMT3B3My1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8yN2NhN2YtNjZiNC00YmIxLTlmNWYt
ZjViYTRmZTJiZjU0LzEvR2dVNFYzZXhGX0tNc2JYeEZobHhkMU01cGw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8yN2NhN2YtNjZiNC00YmIxLTlmNWYtZjViYTRmZTJiZjU0
LzEvb1dsZFZWZ2tIZ1NvY3R3VFJvbVBMT3B3My1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DFMA0G
CSqGSIb3DQEBCwUAA4IBAQCdILunmwgFVMTWS/bbR9e5zZakoJ/nOxpKcfXJQCed
ZmeaCJlB/d/Zb/qz0nGoxsm6qZNCLbACo+sUyEAHM/n0plSS3gWEUyHv0pzvOPFA
qfZvJcSUKNst0M8HURuULzdcjcPK6Wx/m0FSkDPysMDpjdjWCkw6IslfjE6G8CuV
fCx5BXoTBardTniSBXE3RMbIdPXnrWiocGAAgedXGFFeOHIvH1zDCkjfPhpxxXI+
BeX+W5E3Vf//G1S/5hH95q5JQk5bwRjCTk6aGGYk+K6wPiWfVm4XYxWgtLB+rv0v
UiOy/lJ9SK5Hgp1KluVbxVNLS93L1VxPlhsw1NZ3vyhH
-----END CERTIFICATE-----