Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/gulovjLCfJby0hgY_Ntmvss7H-o.roa
File:                     gulovjLCfJby0hgY_Ntmvss7H-o.roa (raw, json)
Hash identifier:          to8EFGsQICT4XD0aGAZiv0ZTpkla4t921Rw6QgbUkqs=
Subject key identifier:   82:E9:68:BE:32:C2:7C:96:F2:D2:18:18:FC:DB:66:BE:CB:3B:1F:EA
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01982C31014870352161AD92E8B7DC3581E9
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/gulovjLCfJby0hgY_Ntmvss7H-o.roa
Signing time:             Mon 21 Jul 2025 08:54:25 +0000
ROA not before:           Mon 21 Jul 2025 08:54:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        87.229.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:31:01:48:70:35:21:61:ad:92:e8:b7:dc:35:81:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jul 21 08:54:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82e968be32c27c96f2d21818fcdb66becb3b1fea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1f:8e:b7:64:76:ff:c3:de:7a:4f:b3:6f:7f:
                    4a:7c:cf:4c:1f:d1:7f:32:59:9e:33:32:9d:57:9a:
                    85:a5:b5:df:5d:af:83:8d:90:f0:16:7c:89:57:2f:
                    ff:fe:04:26:ba:a5:f7:48:79:1d:88:ee:89:17:24:
                    b3:3d:da:96:73:78:f7:85:70:d1:31:2d:c5:37:2d:
                    af:9a:b3:7c:90:b9:55:37:b5:60:0d:f8:57:e1:3f:
                    d1:1c:18:9d:0b:8b:95:61:97:7a:cc:ba:8e:cb:37:
                    a0:fd:26:8b:37:1a:bc:d9:87:a3:0b:58:22:89:33:
                    4e:86:c0:03:a2:f1:80:59:3c:e4:66:ab:9a:3a:3f:
                    b3:02:1b:74:de:36:0b:15:1a:8f:e6:c8:5d:5e:45:
                    fa:46:e1:e8:01:f2:6e:95:71:25:9e:b8:3f:a7:bd:
                    cd:b4:cb:f7:fc:58:af:dc:b0:88:d1:8e:53:58:f4:
                    c9:08:c7:01:ee:f1:d0:7b:79:7f:8e:70:db:2c:dd:
                    a9:50:a9:4f:c2:a3:43:6c:60:90:0c:98:69:ff:e2:
                    28:7d:0f:a6:d9:dd:35:2d:83:c1:82:03:0c:c8:3e:
                    70:f7:04:10:93:3f:7d:3a:93:b0:d6:b3:58:81:1b:
                    9b:44:7e:d2:35:6c:a0:83:fb:e1:e2:ea:f2:fc:9b:
                    27:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E9:68:BE:32:C2:7C:96:F2:D2:18:18:FC:DB:66:BE:CB:3B:1F:EA
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/gulovjLCfJby0hgY_Ntmvss7H-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:96:91:fc:e8:b1:2e:cb:ed:cc:e7:64:5f:00:7f:fa:a9:c5:
         5a:e0:17:b2:75:6f:fa:2d:4f:13:57:9f:d1:c9:d3:b5:dd:21:
         47:7f:3d:40:d3:2c:bf:d4:d0:32:75:9c:ba:73:e5:22:7b:a4:
         46:7b:f9:56:3c:02:9f:92:fb:a9:34:fd:3b:0c:f5:f0:aa:67:
         32:ed:3a:e5:e8:25:ac:ef:ad:e1:64:98:49:70:a6:ef:9d:d5:
         3e:b5:1f:f0:a6:ce:41:d5:11:7c:bb:1f:7f:f8:f3:c3:b0:9d:
         fe:43:b9:7f:a8:58:3b:24:a2:85:1b:fb:f6:f3:34:ea:40:a6:
         e1:35:21:96:78:58:71:4d:c8:db:29:c1:29:ab:93:e2:e9:69:
         a2:fc:a1:b3:6a:3c:1a:ab:eb:39:85:59:0d:51:6a:10:3a:c3:
         88:38:2f:d1:bf:3b:f6:5e:aa:ef:01:cc:19:ad:cb:5e:69:4e:
         fb:da:e0:71:90:bc:7e:20:ff:35:a0:92:fa:e9:25:f8:01:8b:
         f8:e4:c3:8c:8f:45:c8:d8:42:a8:a8:0d:2c:57:bd:80:4c:ae:
         05:32:03:d6:aa:ce:89:e1:f2:92:42:e5:47:28:d0:b1:4f:83:
         81:a6:7f:6a:67:04:16:17:da:64:57:c3:13:43:8a:a7:89:88:
         2d:c5:a2:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgsMQFIcDUhYa2S6LfcNYHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNzIxMDg1NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU5NjhiZTMyYzI3Yzk2ZjJkMjE4MThmY2RiNjZiZWNiM2IxZmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsB+Ot2R2/8Peek+zb39KfM9MH9F/
MlmeMzKdV5qFpbXfXa+DjZDwFnyJVy///gQmuqX3SHkdiO6JFySzPdqWc3j3hXDR
MS3FNy2vmrN8kLlVN7VgDfhX4T/RHBidC4uVYZd6zLqOyzeg/SaLNxq82YejC1gi
iTNOhsADovGAWTzkZquaOj+zAht03jYLFRqP5shdXkX6RuHoAfJulXElnrg/p73N
tMv3/Fiv3LCI0Y5TWPTJCMcB7vHQe3l/jnDbLN2pUKlPwqNDbGCQDJhp/+IofQ+m
2d01LYPBggMMyD5w9wQQkz99OpOw1rNYgRubRH7SNWygg/vh4ury/JsnpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILpaL4ywnyW8tIYGPzbZr7LOx/qMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvZ3Vsb3ZqTENmSmJ5MGhnWV9OdG12c3M3SC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+VPMA0G
CSqGSIb3DQEBCwUAA4IBAQBllpH86LEuy+3M52RfAH/6qcVa4BeydW/6LU8TV5/R
ydO13SFHfz1A0yy/1NAydZy6c+Uie6RGe/lWPAKfkvupNP07DPXwqmcy7Trl6CWs
763hZJhJcKbvndU+tR/wps5B1RF8ux9/+PPDsJ3+Q7l/qFg7JKKFG/v28zTqQKbh
NSGWeFhxTcjbKcEpq5Pi6Wmi/KGzajwaq+s5hVkNUWoQOsOIOC/Rvzv2XqrvAcwZ
rcteaU772uBxkLx+IP81oJL66SX4AYv45MOMj0XI2EKoqA0sV72ATK4FMgPWqs6J
4fKSQuVHKNCxT4OBpn9qZwQWF9pkV8MTQ4qniYgtxaJT
-----END CERTIFICATE-----