Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/gcGX0RK_gzGDW3EhLuEc_DmOeRw.roa
File:                     gcGX0RK_gzGDW3EhLuEc_DmOeRw.roa (raw, json)
Hash identifier:          eZFbzavcThmBCXfK06842GFdBQ3cFnn53xBoz77IdHs=
Subject key identifier:   81:C1:97:D1:12:BF:83:31:83:5B:71:21:2E:E1:1C:FC:39:8E:79:1C
Certificate issuer:       /CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
Certificate serial:       0197CBA3DA0FFE41F24721A37722C28E0F46
Authority key identifier: F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/gcGX0RK_gzGDW3EhLuEc_DmOeRw.roa
Signing time:             Wed 02 Jul 2025 14:56:42 +0000
ROA not before:           Wed 02 Jul 2025 14:56:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16097
IP address blocks:        86.56.96.0/19 maxlen: 24
                          2001:4c51::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:07:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cb:a3:da:0f:fe:41:f2:47:21:a3:77:22:c2:8e:0f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
        Validity
            Not Before: Jul  2 14:56:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81c197d112bf8331835b71212ee11cfc398e791c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1b:76:ea:2f:78:d5:58:b1:96:02:5f:30:fe:
                    cb:25:02:af:c8:d7:c1:cc:e4:fd:35:fd:9b:b4:91:
                    b6:45:55:4e:63:98:92:58:d4:a4:71:bf:66:96:6f:
                    ef:c3:d4:8c:d4:aa:c2:cd:59:38:68:ad:ad:0a:9a:
                    fd:a1:81:af:5b:24:6d:8e:f4:a4:b9:a9:97:dd:b0:
                    96:b7:f1:e2:f3:6e:05:c4:b9:c6:3b:aa:b2:08:9c:
                    cb:3d:0b:01:f0:4f:bf:68:b0:b9:12:13:48:48:be:
                    18:80:b0:aa:c3:17:51:bd:1c:c8:0b:dc:5b:75:1e:
                    3a:a6:d2:bb:97:5a:1c:e0:c1:ad:60:44:a6:30:92:
                    8e:33:49:16:e6:f3:68:5d:12:ba:59:2f:69:f9:c0:
                    a0:38:5b:7f:88:bf:99:bf:c0:f0:0e:67:81:7b:f7:
                    05:d8:b1:2b:8b:88:46:4c:47:e3:c9:af:8c:b8:ac:
                    f3:a4:cc:2c:5b:92:94:41:3b:ea:35:fe:35:e0:ed:
                    7f:7b:19:58:89:ab:65:a8:97:60:a4:54:ce:b6:5b:
                    a8:1b:e9:6a:c0:df:f1:2e:b6:db:df:08:06:cd:99:
                    5c:ee:32:fc:c7:9b:ad:b8:63:3e:7f:eb:9f:34:ff:
                    1a:98:96:b2:e1:09:5f:6e:98:7d:47:40:41:ce:23:
                    09:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:C1:97:D1:12:BF:83:31:83:5B:71:21:2E:E1:1C:FC:39:8E:79:1C
            X509v3 Authority Key Identifier:
                keyid:F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/gcGX0RK_gzGDW3EhLuEc_DmOeRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.56.96.0/19
                IPv6:
                  2001:4c51::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:5a:2c:00:ed:6f:88:15:31:36:ae:f5:0a:98:7a:36:fc:db:
         38:b2:f4:85:cb:b4:77:a3:05:6c:46:e4:13:f2:24:b7:f5:bf:
         6c:1d:63:77:b1:f8:bf:cd:5d:65:1a:79:f0:39:54:c9:f6:e3:
         8c:4d:d6:03:10:77:7b:80:9e:f3:45:f4:b1:43:e8:d9:6c:77:
         de:48:eb:0f:77:8e:c4:1f:32:a7:91:93:4e:ff:ca:03:32:1a:
         cb:04:ef:04:bd:8a:32:0d:c6:e3:38:d9:83:bd:95:c6:c8:d4:
         20:e3:c1:61:61:f5:ce:e2:63:2a:c1:73:1b:e2:53:de:d0:7c:
         3d:37:3e:b0:b3:d2:98:8b:1d:15:92:44:08:49:3c:e4:f1:ef:
         d3:7f:2f:0f:16:78:98:a7:b3:21:96:44:b6:a0:ef:3e:42:0c:
         72:16:12:92:5c:df:5d:11:df:1b:e0:6d:79:b8:ca:bd:45:09:
         6f:14:91:5b:44:fd:fc:12:b8:d6:1f:6d:d2:78:f3:2c:78:f9:
         0c:c1:e1:da:0e:bd:d5:db:fa:bb:e6:aa:3b:15:3d:3d:0f:4b:
         22:be:54:1f:0d:90:6f:0e:d9:b4:a0:23:e2:cc:27:e9:d6:83:
         de:09:f8:cd:30:ba:f4:46:7b:01:7f:3d:51:5a:ef:fc:2a:50:
         e5:16:08:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfLo9oP/kHyRyGjdyLCjg9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2OWE1M2RkODYzNTJkMzQ0MGYyMjJiZGY5MDdjZjA5
YzJkYmEwHhcNMjUwNzAyMTQ1NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWMxOTdkMTEyYmY4MzMxODM1YjcxMjEyZWUxMWNmYzM5OGU3OTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkht26i941VixlgJfMP7LJQKvyNfB
zOT9Nf2btJG2RVVOY5iSWNSkcb9mlm/vw9SM1KrCzVk4aK2tCpr9oYGvWyRtjvSk
uamX3bCWt/Hi824FxLnGO6qyCJzLPQsB8E+/aLC5EhNISL4YgLCqwxdRvRzIC9xb
dR46ptK7l1oc4MGtYESmMJKOM0kW5vNoXRK6WS9p+cCgOFt/iL+Zv8DwDmeBe/cF
2LEri4hGTEfjya+MuKzzpMwsW5KUQTvqNf414O1/exlYiatlqJdgpFTOtluoG+lq
wN/xLrbb3wgGzZlc7jL8x5utuGM+f+ufNP8amJay4Qlfbph9R0BBziMJawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIHBl9ESv4Mxg1txIS7hHPw5jnkcMB8GA1UdIwQY
MBaAFPS3aaU92GNS00QPIivfkHzwnC26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMt
ZDdjMzZjMjdjMDg3LzEvZ2NHWDBSS19nekdEVzNFaEx1RWNfRG1PZVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMtZDdjMzZjMjdjMDg3
LzEvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFVjhgMA0E
AgACMAcDBQAgAUxRMA0GCSqGSIb3DQEBCwUAA4IBAQAXWiwA7W+IFTE2rvUKmHo2
/Ns4svSFy7R3owVsRuQT8iS39b9sHWN3sfi/zV1lGnnwOVTJ9uOMTdYDEHd7gJ7z
RfSxQ+jZbHfeSOsPd47EHzKnkZNO/8oDMhrLBO8EvYoyDcbjONmDvZXGyNQg48Fh
YfXO4mMqwXMb4lPe0Hw9Nz6ws9KYix0VkkQISTzk8e/Tfy8PFniYp7MhlkS2oO8+
QgxyFhKSXN9dEd8b4G15uMq9RQlvFJFbRP38ErjWH23SePMsePkMweHaDr3V2/q7
5qo7FT09D0sivlQfDZBvDtm0oCPizCfp1oPeCfjNMLr0RnsBfz1RWu/8KlDlFgig
-----END CERTIFICATE-----