Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/GNo8SuMT2GwfH3L49VpeKsF2U8o.roa
File:                     GNo8SuMT2GwfH3L49VpeKsF2U8o.roa (raw, json)
Hash identifier:          YpnbBes0rBgXPFIZWVVbGktnNSeLGJx52Cl3MBMEVHw=
Subject key identifier:   18:DA:3C:4A:E3:13:D8:6C:1F:1F:72:F8:F5:5A:5E:2A:C1:76:53:CA
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019A0D82BD6D4178B7B2A50C3E4E8F72E494
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/GNo8SuMT2GwfH3L49VpeKsF2U8o.roa
Signing time:             Wed 22 Oct 2025 20:01:03 +0000
ROA not before:           Wed 22 Oct 2025 20:01:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215666
IP address blocks:        5.175.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 08:45:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0d:82:bd:6d:41:78:b7:b2:a5:0c:3e:4e:8f:72:e4:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct 22 20:01:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18da3c4ae313d86c1f1f72f8f55a5e2ac17653ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:41:ca:40:e6:c6:a8:73:36:6c:a9:71:72:5c:
                    5e:96:e3:a0:c0:0b:0e:7f:77:cd:9b:81:e0:e9:01:
                    b7:8e:c3:7c:e0:d6:65:09:0a:30:c8:9f:05:48:98:
                    0a:b0:c6:51:0d:99:8d:1a:e2:f7:5b:5b:11:cd:f0:
                    18:86:d4:ee:83:8b:9c:85:46:04:c6:1b:05:03:c9:
                    e2:aa:d4:f3:30:79:e0:70:4d:69:26:e8:92:67:c8:
                    54:25:a7:61:a6:d3:63:ea:6d:6e:ca:38:06:60:fa:
                    dd:71:28:29:a3:ad:e3:01:b6:44:2a:03:5f:7c:31:
                    a6:ab:69:8b:cf:7e:99:e8:38:a0:f5:20:1c:b1:52:
                    42:20:db:e7:ff:7e:a3:fc:db:98:6d:f3:ee:5a:3d:
                    3d:3a:ba:b8:92:a5:6e:72:cc:a2:ae:e5:74:5e:f6:
                    60:99:e4:2c:b1:03:c7:4e:ec:55:53:4c:dc:1b:00:
                    3d:04:4c:dd:39:cd:9a:9e:33:9c:f5:79:2f:9a:73:
                    de:63:91:6a:af:5a:49:34:c4:d0:ce:4e:30:6c:84:
                    74:3d:16:fe:6a:4a:1f:49:98:fb:7a:94:1e:39:76:
                    90:76:3f:ae:a3:66:ce:8a:94:76:be:8a:68:10:54:
                    47:76:dd:94:80:e3:73:73:8e:f2:6e:67:96:9b:7e:
                    7c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:DA:3C:4A:E3:13:D8:6C:1F:1F:72:F8:F5:5A:5E:2A:C1:76:53:CA
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/GNo8SuMT2GwfH3L49VpeKsF2U8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:8c:d4:67:85:d9:3f:ee:46:84:f1:d4:f9:26:b6:76:4f:54:
         d7:25:cd:2f:2b:c4:02:ea:32:34:0c:f3:29:c9:74:37:9b:b2:
         e6:3e:81:63:71:87:ab:b4:40:89:19:1c:92:a7:83:af:61:1c:
         3d:d0:d4:4c:09:7c:d5:4b:45:2f:d0:78:1f:95:0e:21:30:3c:
         f3:f2:6f:87:1d:5a:29:12:a2:aa:8f:d5:cc:14:b1:a2:56:3e:
         38:0e:ba:b0:bb:6a:c4:27:4b:db:a8:c0:b9:ca:bc:2a:b1:57:
         ef:a3:32:64:c7:c6:bd:02:6a:c1:b1:1f:21:c5:e4:35:4b:65:
         5a:e7:fc:56:db:94:06:46:9f:da:07:a4:59:72:38:5c:8a:45:
         3e:1b:69:3c:50:32:84:5a:c0:0e:ba:0b:ee:26:dc:c7:93:c1:
         fe:5e:ae:c7:dc:d7:88:25:ec:34:1d:29:e8:d7:d1:71:e9:2d:
         95:a6:47:d8:b5:00:0e:de:e2:3c:52:f1:d7:ed:28:dd:f3:4e:
         7d:91:41:73:6b:e5:7e:31:1a:39:5f:79:e3:64:c7:ef:00:a0:
         fb:c4:96:f0:41:80:df:2a:1a:a3:30:49:7c:5c:0a:13:49:ad:
         68:2e:02:d8:ec:0e:08:47:be:2f:8e:5f:c1:13:2b:ce:5f:ca:
         d5:65:f3:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoNgr1tQXi3sqUMPk6PcuSUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMDIyMjAwMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRhM2M0YWUzMTNkODZjMWYxZjcyZjhmNTVhNWUyYWMxNzY1M2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0HKQObGqHM2bKlxclxeluOgwAsO
f3fNm4Hg6QG3jsN84NZlCQowyJ8FSJgKsMZRDZmNGuL3W1sRzfAYhtTug4uchUYE
xhsFA8niqtTzMHngcE1pJuiSZ8hUJadhptNj6m1uyjgGYPrdcSgpo63jAbZEKgNf
fDGmq2mLz36Z6Dig9SAcsVJCINvn/36j/NuYbfPuWj09Orq4kqVucsyiruV0XvZg
meQssQPHTuxVU0zcGwA9BEzdOc2anjOc9XkvmnPeY5Fqr1pJNMTQzk4wbIR0PRb+
akofSZj7epQeOXaQdj+uo2bOipR2vopoEFRHdt2UgONzc47ybmeWm3589QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjaPErjE9hsHx9y+PVaXirBdlPKMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvR05vOFN1TVQyR3dmSDNMNDlWcGVLc0YyVThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/RMA0G
CSqGSIb3DQEBCwUAA4IBAQCAjNRnhdk/7kaE8dT5JrZ2T1TXJc0vK8QC6jI0DPMp
yXQ3m7LmPoFjcYertECJGRySp4OvYRw90NRMCXzVS0Uv0HgflQ4hMDzz8m+HHVop
EqKqj9XMFLGiVj44Drqwu2rEJ0vbqMC5yrwqsVfvozJkx8a9AmrBsR8hxeQ1S2Va
5/xW25QGRp/aB6RZcjhcikU+G2k8UDKEWsAOugvuJtzHk8H+Xq7H3NeIJew0HSno
19Fx6S2VpkfYtQAO3uI8UvHX7Sjd8059kUFza+V+MRo5X3njZMfvAKD7xJbwQYDf
KhqjMEl8XAoTSa1oLgLY7A4IR74vjl/BEyvOX8rVZfPC
-----END CERTIFICATE-----