Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/gAIi2RzKXjXCtYGsVRw03pRZYeU.roa
File:                     gAIi2RzKXjXCtYGsVRw03pRZYeU.roa (raw, json)
Hash identifier:          PvQsJF0P/z+mLUrW2+GtvSyLdhymARBFgfCdxNsU3JE=
Subject key identifier:   80:02:22:D9:1C:CA:5E:35:C2:B5:81:AC:55:1C:34:DE:94:59:61:E5
Certificate issuer:       /CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
Certificate serial:       019850D35960CC9049D6FF515539F1BF1472
Authority key identifier: F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/gAIi2RzKXjXCtYGsVRw03pRZYeU.roa
Signing time:             Mon 28 Jul 2025 11:38:04 +0000
ROA not before:           Mon 28 Jul 2025 11:38:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215929
IP address blocks:        62.164.177.0/24 maxlen: 24
                          193.24.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:d3:59:60:cc:90:49:d6:ff:51:55:39:f1:bf:14:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
        Validity
            Not Before: Jul 28 11:38:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=800222d91cca5e35c2b581ac551c34de945961e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7d:32:74:8d:a3:58:ae:81:fe:c3:a6:50:d9:
                    3f:51:b7:70:62:5d:06:46:0b:8c:41:09:02:bf:27:
                    69:7a:78:3e:c7:c9:a5:4d:9b:02:69:6e:05:ba:1a:
                    40:a4:c8:49:73:40:44:6a:dc:05:e4:d7:91:b4:f4:
                    fb:98:6c:c4:39:40:85:72:cd:95:03:9e:e7:59:ba:
                    8a:f1:7c:0c:8e:b9:77:f8:b7:20:90:01:f1:4b:e9:
                    6b:bc:28:e5:69:3e:aa:f3:a0:e4:44:9d:0c:87:8f:
                    08:d7:fc:6a:b3:fb:f0:92:0b:04:a9:0b:ca:22:74:
                    e9:ea:ef:28:a4:ec:fe:71:50:c3:8d:ce:36:1f:f5:
                    67:d3:01:14:1a:d2:fc:ce:bf:f9:9e:dc:2c:6e:e1:
                    19:a4:c2:8f:7b:f9:df:44:51:0a:ba:73:c0:7e:dc:
                    13:ce:19:e1:b1:6b:27:f0:77:e0:09:6a:a8:48:89:
                    b7:96:8f:68:f5:46:56:83:87:29:0a:ba:e9:f6:12:
                    1e:dc:ae:4b:4e:b8:32:61:60:45:83:70:31:5a:d4:
                    a0:c0:c1:e9:5b:87:92:7b:e8:80:5e:15:fc:b0:15:
                    b0:8c:a2:f7:4c:a0:56:23:4e:55:f5:35:40:45:86:
                    05:54:b1:c5:f3:11:44:98:fa:38:b3:aa:46:f6:66:
                    94:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:02:22:D9:1C:CA:5E:35:C2:B5:81:AC:55:1C:34:DE:94:59:61:E5
            X509v3 Authority Key Identifier:
                keyid:F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/gAIi2RzKXjXCtYGsVRw03pRZYeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.177.0/24
                  193.24.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:1c:99:c9:ca:83:75:9a:f0:7b:da:df:d8:b1:a0:5f:0f:48:
         d3:bb:66:6a:ec:99:e4:19:47:6c:ac:06:33:b7:7f:d5:82:8f:
         ef:bd:4c:6b:b2:76:78:e0:d4:c1:ba:29:a5:b0:15:c1:84:8b:
         14:c0:f7:f3:3e:32:4c:5b:1a:1a:f1:7b:2e:d2:51:20:26:56:
         1d:a9:c3:3c:5a:8a:af:6e:db:fa:ab:0e:b8:b5:b0:a9:f3:73:
         7c:b3:9e:a0:91:dd:56:d5:8a:bf:d4:1a:29:36:6a:50:90:b5:
         5e:26:b1:1f:c4:36:11:48:80:eb:83:8a:69:8b:9c:93:fb:28:
         f0:eb:f6:73:c9:86:35:dd:51:bc:15:48:f4:ff:07:b8:16:1c:
         a6:c0:a9:d5:aa:e3:2e:2d:bd:e5:cd:b5:91:85:69:2f:9c:fa:
         8b:ad:62:3c:61:41:e0:32:c4:38:bf:e9:8e:83:50:3e:7e:81:
         27:65:fc:ce:10:3d:65:9f:68:a9:e8:14:4c:d7:03:ae:26:1d:
         57:7a:23:23:26:3d:8f:71:44:b4:a4:9f:84:b5:88:f1:7a:86:
         c8:14:69:10:f1:60:30:c4:d8:1e:b8:28:da:08:84:6c:fe:d8:
         f9:95:37:1a:16:17:ae:78:e5:34:4a:eb:87:27:e6:75:26:d6:
         06:77:65:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhQ01lgzJBJ1v9RVTnxvxRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDlhOTI4MmM5ZDI1NDdjNTY2NjM0ZjNiYWNjY2JjZjI1
ODg4MjcwHhcNMjUwNzI4MTEzODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDAyMjJkOTFjY2E1ZTM1YzJiNTgxYWM1NTFjMzRkZTk0NTk2MWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtH0ydI2jWK6B/sOmUNk/UbdwYl0G
RguMQQkCvydpeng+x8mlTZsCaW4FuhpApMhJc0BEatwF5NeRtPT7mGzEOUCFcs2V
A57nWbqK8XwMjrl3+LcgkAHxS+lrvCjlaT6q86DkRJ0Mh48I1/xqs/vwkgsEqQvK
InTp6u8opOz+cVDDjc42H/Vn0wEUGtL8zr/5ntwsbuEZpMKPe/nfRFEKunPAftwT
zhnhsWsn8HfgCWqoSIm3lo9o9UZWg4cpCrrp9hIe3K5LTrgyYWBFg3AxWtSgwMHp
W4eSe+iAXhX8sBWwjKL3TKBWI05V9TVARYYFVLHF8xFEmPo4s6pG9maUSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIACItkcyl41wrWBrFUcNN6UWWHlMB8GA1UdIwQY
MBaAFPXZqSgsnSVHxWZjTzuszLzyWIgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjct
OGNmNDFjYWZkY2UyLzEvZ0FJaTJSektYalhDdFlHc1ZSdzAzcFJaWWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjctOGNmNDFjYWZkY2Uy
LzEvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPqSxAwQA
wRjTMA0GCSqGSIb3DQEBCwUAA4IBAQADHJnJyoN1mvB72t/YsaBfD0jTu2Zq7Jnk
GUdsrAYzt3/Vgo/vvUxrsnZ44NTBuimlsBXBhIsUwPfzPjJMWxoa8Xsu0lEgJlYd
qcM8Woqvbtv6qw64tbCp83N8s56gkd1W1Yq/1BopNmpQkLVeJrEfxDYRSIDrg4pp
i5yT+yjw6/ZzyYY13VG8FUj0/we4FhymwKnVquMuLb3lzbWRhWkvnPqLrWI8YUHg
MsQ4v+mOg1A+foEnZfzOED1ln2ip6BRM1wOuJh1XeiMjJj2PcUS0pJ+EtYjxeobI
FGkQ8WAwxNgeuCjaCIRs/tj5lTcaFheueOU0SuuHJ+Z1JtYGd2U7
-----END CERTIFICATE-----