Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/gchhAVJFDCU8blLfh1bBR6nV7eE.roa
File:                     gchhAVJFDCU8blLfh1bBR6nV7eE.roa (raw, json)
Hash identifier:          i4UDZqnLoafc9IhMJrDyMFSOYLmIkEVFeY6p5LZlGi4=
Subject key identifier:   81:C8:61:01:52:45:0C:25:3C:6E:52:DF:87:56:C1:47:A9:D5:ED:E1
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       0197FEAEAA07BEDCA3DEE43550812F4397BC
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/gchhAVJFDCU8blLfh1bBR6nV7eE.roa
Signing time:             Sat 12 Jul 2025 12:49:09 +0000
ROA not before:           Sat 12 Jul 2025 12:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        87.248.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:ae:aa:07:be:dc:a3:de:e4:35:50:81:2f:43:97:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Jul 12 12:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81c8610152450c253c6e52df8756c147a9d5ede1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:47:3b:be:6f:48:20:fa:e8:0e:3d:eb:34:18:
                    28:85:a3:40:6d:c7:1f:66:1d:1c:61:ae:8f:d7:af:
                    26:73:88:14:0b:5b:54:33:d4:76:91:be:81:3f:8c:
                    65:70:16:1b:21:f3:1d:f2:d5:4b:25:d1:90:62:f7:
                    81:49:b5:a2:80:93:9b:94:8b:a8:2a:29:72:3c:16:
                    0d:1b:df:03:52:b8:6a:f7:37:23:ca:54:46:00:eb:
                    de:6a:8a:70:96:f3:10:d0:36:67:58:72:dc:68:34:
                    94:83:fe:a6:d5:dc:eb:d0:d8:23:cb:94:60:11:84:
                    b2:93:ab:86:77:30:5c:fa:02:fc:9b:fa:21:b6:e8:
                    02:b1:bb:09:75:b3:55:bc:1d:34:5a:f0:7c:96:eb:
                    1d:8b:cc:b3:14:7d:e6:5d:63:58:96:b3:e9:90:f1:
                    ad:3e:60:fb:fa:c2:41:ee:0c:92:ad:f9:e3:38:f9:
                    f5:0b:cd:ef:0c:31:ed:37:35:99:15:2e:25:6c:de:
                    62:59:84:88:d8:b2:3d:61:62:42:e4:2e:3d:38:22:
                    b4:93:f1:c9:b2:eb:74:70:1a:23:62:2a:c4:5c:36:
                    d5:af:c3:ab:04:04:db:2c:35:40:fb:95:e7:68:c8:
                    85:d9:58:8c:a2:2d:1c:6c:6b:d0:17:d7:9c:15:d1:
                    ec:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:C8:61:01:52:45:0C:25:3C:6E:52:DF:87:56:C1:47:A9:D5:ED:E1
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/gchhAVJFDCU8blLfh1bBR6nV7eE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:de:f9:e2:e2:86:1f:d1:45:bd:2d:dd:fc:c9:df:9f:9d:9c:
         b5:24:af:14:ff:83:65:52:68:8a:44:f4:97:13:35:14:59:8a:
         a2:f9:08:ab:5c:9b:04:1a:ea:5c:f2:0c:30:9c:02:11:a2:82:
         b5:18:c3:44:d5:1f:d8:e6:4e:63:73:12:44:b9:ce:4f:1f:e2:
         33:75:9a:f4:1b:62:2f:0d:d4:3f:f0:cf:df:6a:49:a4:8c:10:
         08:37:aa:63:21:b7:f1:b9:b5:35:2a:b8:68:51:5e:8f:4d:b7:
         9a:99:7a:d5:38:a2:52:b2:19:02:9c:ac:99:34:f9:5c:de:65:
         d3:22:90:9f:b6:37:70:9c:9b:73:93:18:da:7a:34:5c:d2:bd:
         e3:56:27:32:be:9e:cc:93:46:a4:78:24:f2:6e:90:ce:8d:d6:
         0e:f6:7e:bc:f5:2a:7e:70:b5:8e:6c:26:ba:16:36:65:ab:bf:
         aa:81:90:34:dd:58:64:c9:4d:b0:08:cd:2c:98:97:a0:0e:53:
         c3:0d:34:74:4f:63:f2:cf:d2:58:68:ac:25:10:9b:f3:24:fd:
         19:bc:0a:26:41:1b:45:cb:a0:48:2c:63:f5:58:77:53:9c:bb:
         af:29:b8:88:39:b2:9a:8b:6a:29:16:26:4e:fd:6e:76:00:f8:
         bc:ca:aa:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf+rqoHvtyj3uQ1UIEvQ5e8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjUwNzEyMTI0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWM4NjEwMTUyNDUwYzI1M2M2ZTUyZGY4NzU2YzE0N2E5ZDVlZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEc7vm9IIProDj3rNBgohaNAbccf
Zh0cYa6P168mc4gUC1tUM9R2kb6BP4xlcBYbIfMd8tVLJdGQYveBSbWigJOblIuo
KilyPBYNG98DUrhq9zcjylRGAOveaopwlvMQ0DZnWHLcaDSUg/6m1dzr0Ngjy5Rg
EYSyk6uGdzBc+gL8m/ohtugCsbsJdbNVvB00WvB8lusdi8yzFH3mXWNYlrPpkPGt
PmD7+sJB7gySrfnjOPn1C83vDDHtNzWZFS4lbN5iWYSI2LI9YWJC5C49OCK0k/HJ
sut0cBojYirEXDbVr8OrBATbLDVA+5XnaMiF2ViMoi0cbGvQF9ecFdHsMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHIYQFSRQwlPG5S34dWwUep1e3hMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvZ2NoaEFWSkZEQ1U4YmxMZmgxYkJSNm5WN2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iPMA0G
CSqGSIb3DQEBCwUAA4IBAQAS3vni4oYf0UW9Ld38yd+fnZy1JK8U/4NlUmiKRPSX
EzUUWYqi+QirXJsEGupc8gwwnAIRooK1GMNE1R/Y5k5jcxJEuc5PH+IzdZr0G2Iv
DdQ/8M/fakmkjBAIN6pjIbfxubU1KrhoUV6PTbeamXrVOKJSshkCnKyZNPlc3mXT
IpCftjdwnJtzkxjaejRc0r3jVicyvp7Mk0akeCTybpDOjdYO9n689Sp+cLWObCa6
FjZlq7+qgZA03VhkyU2wCM0smJegDlPDDTR0T2Pyz9JYaKwlEJvzJP0ZvAomQRtF
y6BILGP1WHdTnLuvKbiIObKai2opFiZO/W52APi8yqrp
-----END CERTIFICATE-----