Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/gIUxN2GBsUoK8BYbrzLOZ4zooEs.roa
File:                     gIUxN2GBsUoK8BYbrzLOZ4zooEs.roa (raw, json)
Hash identifier:          NGAW89R8AdDYifyIj10//HgW4r1O80XD0St/aLijhJg=
Subject key identifier:   80:85:31:37:61:81:B1:4A:0A:F0:16:1B:AF:32:CE:67:8C:E8:A0:4B
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       01982CDFDF78E98A59DB0CEC071A92C607EF
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/gIUxN2GBsUoK8BYbrzLOZ4zooEs.roa
Signing time:             Mon 21 Jul 2025 12:05:25 +0000
ROA not before:           Mon 21 Jul 2025 12:05:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21700
IP address blocks:        194.195.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:df:df:78:e9:8a:59:db:0c:ec:07:1a:92:c6:07:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jul 21 12:05:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=808531376181b14a0af0161baf32ce678ce8a04b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fe:70:b3:56:df:29:3c:16:fb:74:f6:98:7d:
                    3e:cc:0a:b1:aa:39:58:25:4b:e6:10:a0:80:35:a4:
                    1c:4a:dd:11:c8:1c:7e:41:ae:6a:0d:04:05:f0:06:
                    7c:6d:12:94:17:bb:c0:f5:ce:4f:39:eb:3e:b3:ed:
                    40:6f:40:8a:6f:e5:13:90:2c:bd:7a:e2:ff:5a:bd:
                    1e:59:10:66:99:dd:96:b3:d2:a0:03:15:fa:84:89:
                    28:5e:c3:84:57:b6:fc:ad:93:92:8e:10:8e:0c:f0:
                    9e:18:d9:e2:7f:4e:02:ff:a4:18:89:a3:b4:e8:37:
                    c6:73:1b:11:c8:1e:67:52:1a:49:d5:dd:aa:f1:9f:
                    04:b5:92:70:20:d8:c0:36:33:6c:0f:e7:5e:aa:7b:
                    3c:62:11:13:bd:cf:b2:50:63:9c:8f:04:97:47:9b:
                    c4:3c:3e:49:d2:27:8f:6d:9d:64:f6:d3:09:c2:9a:
                    90:e6:09:e2:91:97:85:6c:62:6d:18:f3:1c:95:ac:
                    4f:de:ba:ab:39:ae:af:55:56:b3:69:54:d9:9f:87:
                    9e:e2:09:a9:28:4f:3e:8d:d1:b4:25:72:7d:98:3b:
                    f2:dc:e4:77:b9:e8:c4:1b:25:53:bb:62:73:cc:e5:
                    c2:e2:3e:ca:4f:fe:55:8e:10:01:c6:2b:d7:bb:31:
                    6c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:85:31:37:61:81:B1:4A:0A:F0:16:1B:AF:32:CE:67:8C:E8:A0:4B
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/gIUxN2GBsUoK8BYbrzLOZ4zooEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b3:74:7b:24:1c:8e:aa:5c:ec:34:ad:67:a6:50:4d:01:41:7b:
         b5:e6:fc:e4:ca:c8:bb:99:85:a7:54:d0:96:91:ec:7c:6a:c7:
         c1:1e:5d:32:e1:03:2c:9f:24:0c:cb:2b:ce:42:ab:b4:b7:cc:
         5b:8c:b4:1a:1a:e9:82:e7:17:5a:17:9e:8c:20:fd:53:4a:91:
         71:90:ed:20:50:ed:1a:58:f4:cc:27:99:48:11:54:85:40:6b:
         89:fa:4c:21:65:5d:06:56:02:6d:11:50:34:37:3b:25:4f:6c:
         d7:c3:7c:0a:eb:a5:21:54:38:44:ea:1a:fe:d5:82:a3:6a:be:
         c8:53:b7:d3:42:77:d6:71:68:44:b9:6c:8f:9f:98:db:5b:c2:
         98:23:74:c1:8a:2a:8b:03:a6:d2:3e:b8:47:09:37:5e:b2:c4:
         ef:a7:70:5c:fa:60:c1:bd:ca:f5:da:69:1a:ec:f6:a3:60:4f:
         cb:17:0a:2d:ce:33:b0:32:9a:75:31:aa:b2:24:91:e1:9f:89:
         66:be:86:9c:16:4d:d5:d9:9f:e6:ea:17:95:dd:32:a0:f6:58:
         ea:94:8d:c2:54:64:06:ed:fd:47:44:d7:47:e4:e3:84:b3:ac:
         ee:08:f2:6f:78:06:f0:19:b4:84:11:6d:ff:b4:0c:d5:ba:ad:
         07:8f:30:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgs39946YpZ2wzsBxqSxgfvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjUwNzIxMTIwNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDg1MzEzNzYxODFiMTRhMGFmMDE2MWJhZjMyY2U2NzhjZThhMDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/5ws1bfKTwW+3T2mH0+zAqxqjlY
JUvmEKCANaQcSt0RyBx+Qa5qDQQF8AZ8bRKUF7vA9c5POes+s+1Ab0CKb+UTkCy9
euL/Wr0eWRBmmd2Ws9KgAxX6hIkoXsOEV7b8rZOSjhCODPCeGNnif04C/6QYiaO0
6DfGcxsRyB5nUhpJ1d2q8Z8EtZJwINjANjNsD+deqns8YhETvc+yUGOcjwSXR5vE
PD5J0iePbZ1k9tMJwpqQ5gnikZeFbGJtGPMclaxP3rqrOa6vVVazaVTZn4ee4gmp
KE8+jdG0JXJ9mDvy3OR3uejEGyVTu2JzzOXC4j7KT/5VjhABxivXuzFsFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICFMTdhgbFKCvAWG68yzmeM6KBLMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvZ0lVeE4yR0JzVW9LOEJZYnJ6TE9aNHpvb0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwsMwMA0G
CSqGSIb3DQEBCwUAA4IBAQCzdHskHI6qXOw0rWemUE0BQXu15vzkysi7mYWnVNCW
kex8asfBHl0y4QMsnyQMyyvOQqu0t8xbjLQaGumC5xdaF56MIP1TSpFxkO0gUO0a
WPTMJ5lIEVSFQGuJ+kwhZV0GVgJtEVA0NzslT2zXw3wK66UhVDhE6hr+1YKjar7I
U7fTQnfWcWhEuWyPn5jbW8KYI3TBiiqLA6bSPrhHCTdessTvp3Bc+mDBvcr12mka
7PajYE/LFwotzjOwMpp1MaqyJJHhn4lmvoacFk3V2Z/m6heV3TKg9ljqlI3CVGQG
7f1HRNdH5OOEs6zuCPJveAbwGbSEEW3/tAzVuq0HjzBN
-----END CERTIFICATE-----