Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/gdS2bZo30C1vjQzMhNicYmw8if8.roa
File:                     gdS2bZo30C1vjQzMhNicYmw8if8.roa (raw, json)
Hash identifier:          hK+iy4o2d98WvuZxJldUDrEV/LHzdfY98au9roTa9mo=
Subject key identifier:   81:D4:B6:6D:9A:37:D0:2D:6F:8D:0C:CC:84:D8:9C:62:6C:3C:89:FF
Certificate issuer:       /CN=68f43b5bbcc4962806ea9322ec292e9b66ddccc5
Certificate serial:       019A5D3B48A55885247E4383B7D4CC4E627B
Authority key identifier: 68:F4:3B:5B:BC:C4:96:28:06:EA:93:22:EC:29:2E:9B:66:DD:CC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aPQ7W7zEligG6pMi7Ckum2bdzMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/gdS2bZo30C1vjQzMhNicYmw8if8.roa
Signing time:             Fri 07 Nov 2025 07:32:37 +0000
ROA not before:           Fri 07 Nov 2025 07:32:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213312
IP address blocks:        104.204.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/aPQ7W7zEligG6pMi7Ckum2bdzMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/aPQ7W7zEligG6pMi7Ckum2bdzMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aPQ7W7zEligG6pMi7Ckum2bdzMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5d:3b:48:a5:58:85:24:7e:43:83:b7:d4:cc:4e:62:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68f43b5bbcc4962806ea9322ec292e9b66ddccc5
        Validity
            Not Before: Nov  7 07:32:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81d4b66d9a37d02d6f8d0ccc84d89c626c3c89ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:47:c0:48:af:5a:72:ac:9e:d4:3d:4b:56:bc:
                    1d:9f:72:3a:b4:a8:25:a2:cc:5b:1a:da:a5:17:45:
                    2a:53:62:88:02:59:87:35:b4:39:23:c5:f7:aa:ad:
                    8d:f9:05:ac:cf:e5:9e:c7:b1:55:41:99:75:62:e3:
                    de:b8:4e:c5:19:f6:df:86:e7:fa:b4:7b:a9:bf:4c:
                    0b:63:e6:dc:a1:6d:11:3e:ee:3b:b6:56:90:21:21:
                    52:8e:34:fd:ec:1f:67:18:32:25:08:b1:46:ea:ef:
                    35:80:f1:c9:bf:09:e9:db:e2:c1:7f:13:42:23:9d:
                    41:eb:96:73:aa:db:f6:9d:a9:ab:ca:86:20:19:a4:
                    9c:64:c3:96:41:4e:3e:6a:67:77:67:45:2b:f5:9d:
                    60:b7:4b:43:13:b6:d1:0b:91:ac:51:58:61:01:a1:
                    ef:99:bd:36:60:59:a4:03:fe:c5:18:8e:25:59:e7:
                    48:4c:02:b4:31:0f:d1:f1:65:60:1d:64:1a:c7:ef:
                    5b:d6:ce:b0:cf:a4:d7:15:b1:cf:42:b9:df:92:b9:
                    e4:d3:d4:24:97:37:cb:34:4d:03:c0:56:b6:b8:c0:
                    dc:89:69:de:50:57:5f:13:68:9e:2a:20:c6:ea:8c:
                    df:c0:01:7b:76:3f:73:f6:9c:9a:48:9f:db:6c:40:
                    66:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D4:B6:6D:9A:37:D0:2D:6F:8D:0C:CC:84:D8:9C:62:6C:3C:89:FF
            X509v3 Authority Key Identifier:
                keyid:68:F4:3B:5B:BC:C4:96:28:06:EA:93:22:EC:29:2E:9B:66:DD:CC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aPQ7W7zEligG6pMi7Ckum2bdzMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/gdS2bZo30C1vjQzMhNicYmw8if8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/aPQ7W7zEligG6pMi7Ckum2bdzMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.204.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:f9:71:8b:1b:1e:db:58:41:f1:bd:0d:ad:66:d7:c4:2a:12:
         4a:d5:53:9c:6b:cd:1b:a5:d8:c5:e7:d2:07:6e:ab:82:23:3d:
         f2:5b:4b:27:07:bf:da:80:f0:dc:1f:7b:b8:ea:c3:72:e3:8b:
         4a:9b:8f:fa:b6:40:ac:a5:c4:d3:1d:68:5e:d1:34:6d:1c:16:
         b3:3e:38:81:4a:e4:5b:75:f8:7b:78:e4:be:6f:14:df:dd:a6:
         ae:98:a3:71:d1:96:6a:1d:45:c3:6e:bb:2d:d9:db:b2:2b:e6:
         7f:4a:de:71:30:01:06:7f:0b:fa:34:b3:49:bb:c2:d5:81:e3:
         68:3a:67:5b:b1:b7:8a:c3:69:ad:b9:94:be:a4:05:cb:f5:a2:
         13:cc:3c:87:75:8f:3d:ab:4b:c7:21:08:5f:67:53:36:7f:21:
         e9:0e:dd:9d:54:85:1c:df:6b:8d:2f:fe:ca:49:49:63:ac:bc:
         23:50:04:12:22:1f:86:e7:35:e9:13:e1:a2:3a:ee:63:81:85:
         02:1c:cc:02:3f:79:a9:78:14:f0:86:46:8e:89:18:df:2f:fe:
         4e:1a:69:a3:01:fa:2b:95:41:9c:de:4e:0c:cd:cd:cb:28:45:
         45:bd:3b:73:6a:da:3d:98:24:b2:95:bb:4e:ed:e4:35:7d:e1:
         ba:f6:5a:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpdO0ilWIUkfkODt9TMTmJ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZjQzYjViYmNjNDk2MjgwNmVhOTMyMmVjMjkyZTliNjZk
ZGNjYzUwHhcNMjUxMTA3MDczMjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQ0YjY2ZDlhMzdkMDJkNmY4ZDBjY2M4NGQ4OWM2MjZjM2M4OWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEfASK9acqye1D1LVrwdn3I6tKgl
osxbGtqlF0UqU2KIAlmHNbQ5I8X3qq2N+QWsz+Wex7FVQZl1YuPeuE7FGfbfhuf6
tHupv0wLY+bcoW0RPu47tlaQISFSjjT97B9nGDIlCLFG6u81gPHJvwnp2+LBfxNC
I51B65Zzqtv2namryoYgGaScZMOWQU4+amd3Z0Ur9Z1gt0tDE7bRC5GsUVhhAaHv
mb02YFmkA/7FGI4lWedITAK0MQ/R8WVgHWQax+9b1s6wz6TXFbHPQrnfkrnk09Qk
lzfLNE0DwFa2uMDciWneUFdfE2ieKiDG6ozfwAF7dj9z9pyaSJ/bbEBm9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHUtm2aN9Atb40MzITYnGJsPIn/MB8GA1UdIwQY
MBaAFGj0O1u8xJYoBuqTIuwpLptm3czFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVBRN1c3ekVsaWdHNnBNaTdDa3VtMmJkek1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8wNDZmZmUtMDVlYi00YzhjLTg1NDUt
MDI0ODNlNjQ4MmNiLzEvZ2RTMmJabzMwQzF2alF6TWhOaWNZbXc4aWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8wNDZmZmUtMDVlYi00YzhjLTg1NDUtMDI0ODNlNjQ4MmNi
LzEvYVBRN1c3ekVsaWdHNnBNaTdDa3VtMmJkek1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaMz1MA0G
CSqGSIb3DQEBCwUAA4IBAQC9+XGLGx7bWEHxvQ2tZtfEKhJK1VOca80bpdjF59IH
bquCIz3yW0snB7/agPDcH3u46sNy44tKm4/6tkCspcTTHWhe0TRtHBazPjiBSuRb
dfh7eOS+bxTf3aaumKNx0ZZqHUXDbrst2duyK+Z/St5xMAEGfwv6NLNJu8LVgeNo
OmdbsbeKw2mtuZS+pAXL9aITzDyHdY89q0vHIQhfZ1M2fyHpDt2dVIUc32uNL/7K
SUljrLwjUAQSIh+G5zXpE+GiOu5jgYUCHMwCP3mpeBTwhkaOiRjfL/5OGmmjAfor
lUGc3k4Mzc3LKEVFvTtzato9mCSylbtO7eQ1feG69lp7
-----END CERTIFICATE-----