Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/GPri3rPqCyDOzJyLIRZmIlO98dA.roa
File:                     GPri3rPqCyDOzJyLIRZmIlO98dA.roa (raw, json)
Hash identifier:          8J9twx4PGh9KmIY43y/HdZnrk9w4Vvsd/mbazbNyL2s=
Subject key identifier:   18:FA:E2:DE:B3:EA:0B:20:CE:CC:9C:8B:21:16:66:22:53:BD:F1:D0
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B368C69D5A23D72051740523AFDC69
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/GPri3rPqCyDOzJyLIRZmIlO98dA.roa
Signing time:             Mon 14 Jul 2025 16:10:09 +0000
ROA not before:           Mon 14 Jul 2025 16:10:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51921
IP address blocks:        185.58.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b3:68:c6:9d:5a:23:d7:20:51:74:05:23:af:dc:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:10:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18fae2deb3ea0b20cecc9c8b2116662253bdf1d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:51:0d:42:cd:81:d5:e0:a7:4c:09:91:4e:93:
                    4c:9e:43:e9:9e:01:90:c2:ed:93:30:52:ca:9e:1a:
                    c0:f4:8d:32:19:fc:e0:16:13:1e:d2:d7:2d:9b:10:
                    ff:c0:05:6f:90:bd:b5:99:a6:0b:5f:a4:ce:f8:95:
                    3c:91:77:d1:e8:8b:f2:db:50:df:26:0b:98:8e:b6:
                    5e:d0:fd:d1:dc:a2:c9:09:d0:d9:6b:4b:5c:1e:9b:
                    8d:9c:46:4d:a2:c5:7e:62:0f:38:dc:f0:7f:fb:c4:
                    06:ad:cf:d7:16:3d:fb:8e:62:db:27:7c:4b:84:b0:
                    5b:64:40:68:59:cb:73:8d:ba:77:98:cd:a8:d2:ba:
                    ae:e5:bf:bd:83:88:b4:e1:3a:5f:46:15:92:81:41:
                    a7:99:d5:15:31:1e:4a:bc:0f:1d:55:87:4b:c7:fc:
                    71:78:78:57:9f:12:50:d7:61:51:53:4b:fd:8f:e7:
                    b5:c1:b1:02:e8:20:02:da:a9:30:0a:c9:1f:3c:85:
                    c1:4a:8b:d4:ec:98:11:c3:48:d7:6a:d2:75:e9:12:
                    66:f2:1a:2f:bd:af:df:89:65:60:e4:06:6f:02:56:
                    28:aa:bd:54:28:64:f9:60:30:d7:71:cf:27:54:af:
                    b7:03:9e:9d:4e:18:11:9e:00:b4:0a:69:95:2b:9f:
                    42:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:FA:E2:DE:B3:EA:0B:20:CE:CC:9C:8B:21:16:66:22:53:BD:F1:D0
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/GPri3rPqCyDOzJyLIRZmIlO98dA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:fa:cc:30:6a:4a:9d:00:f5:aa:3c:11:2e:62:5c:bd:68:86:
         3b:83:0c:3e:7a:84:28:61:68:a0:56:af:de:d4:67:b1:22:9a:
         b9:e2:73:3f:1b:61:21:d0:16:a9:92:d2:fa:49:ff:b1:93:66:
         57:30:7a:af:d0:e2:c7:57:06:90:dc:f0:f0:70:4d:91:80:46:
         e8:30:79:96:93:17:9a:b4:43:50:4f:57:ea:13:5d:b1:7a:88:
         85:ab:55:8f:69:c1:d9:08:da:59:c7:5b:a2:97:b7:0d:e2:6d:
         58:48:26:4d:8d:70:74:55:db:4d:67:9a:9d:92:18:1c:10:6d:
         2d:1e:58:1f:84:60:33:96:53:44:30:d0:cc:54:fa:27:2a:24:
         2b:56:78:f2:5c:c8:37:2c:8d:01:06:73:7a:d4:f1:97:b1:1b:
         4b:d5:a0:d9:6e:d1:cc:b0:c9:8e:b6:8a:68:0a:f5:e5:8e:2a:
         c2:8b:c4:a9:2d:79:c7:27:55:5b:55:10:8a:0b:bf:e4:e7:7d:
         0d:f4:de:39:c2:aa:36:5f:a4:a6:af:ec:38:16:dc:1f:ea:00:
         2e:2e:3b:3c:3e:d6:0a:52:45:6f:ab:a1:70:42:b9:75:1f:c7:
         8b:2c:2b:c9:9e:cd:5a:4e:bb:9e:25:62:25:c3:91:79:07:2b:
         8f:aa:50:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJs2jGnVoj1yBRdAUjr9xpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGZhZTJkZWIzZWEwYjIwY2VjYzljOGIyMTE2NjYyMjUzYmRmMWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFENQs2B1eCnTAmRTpNMnkPpngGQ
wu2TMFLKnhrA9I0yGfzgFhMe0tctmxD/wAVvkL21maYLX6TO+JU8kXfR6Ivy21Df
JguYjrZe0P3R3KLJCdDZa0tcHpuNnEZNosV+Yg843PB/+8QGrc/XFj37jmLbJ3xL
hLBbZEBoWctzjbp3mM2o0rqu5b+9g4i04TpfRhWSgUGnmdUVMR5KvA8dVYdLx/xx
eHhXnxJQ12FRU0v9j+e1wbEC6CAC2qkwCskfPIXBSovU7JgRw0jXatJ16RJm8hov
va/fiWVg5AZvAlYoqr1UKGT5YDDXcc8nVK+3A56dThgRngC0CmmVK59CkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBj64t6z6gsgzsyciyEWZiJTvfHQMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvR1ByaTNyUHFDeURPekp5TElSWm1JbE85OGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTrNMA0G
CSqGSIb3DQEBCwUAA4IBAQDH+swwakqdAPWqPBEuYly9aIY7gww+eoQoYWigVq/e
1GexIpq54nM/G2Eh0BapktL6Sf+xk2ZXMHqv0OLHVwaQ3PDwcE2RgEboMHmWkxea
tENQT1fqE12xeoiFq1WPacHZCNpZx1uil7cN4m1YSCZNjXB0VdtNZ5qdkhgcEG0t
HlgfhGAzllNEMNDMVPonKiQrVnjyXMg3LI0BBnN61PGXsRtL1aDZbtHMsMmOtopo
CvXljirCi8SpLXnHJ1VbVRCKC7/k530N9N45wqo2X6Smr+w4Ftwf6gAuLjs8PtYK
UkVvq6FwQrl1H8eLLCvJns1aTrueJWIlw5F5ByuPqlB2
-----END CERTIFICATE-----