Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/gMvBBD4G6iw1SZfoF-nDJoDKb30.roa
File:                     gMvBBD4G6iw1SZfoF-nDJoDKb30.roa (raw, json)
Hash identifier:          qcs+H2e7XFsxtI65DyV2+S1EYI1pJOr4Pf6/pmeeBR0=
Subject key identifier:   80:CB:C1:04:3E:06:EA:2C:35:49:97:E8:17:E9:C3:26:80:CA:6F:7D
Certificate issuer:       /CN=3bd9a177bb5dfb6eabe4cad79def8f8b005df656
Certificate serial:       019A1AC757C8F74073F451810F00909A6FD6
Authority key identifier: 3B:D9:A1:77:BB:5D:FB:6E:AB:E4:CA:D7:9D:EF:8F:8B:00:5D:F6:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9mhd7td-26r5MrXne-PiwBd9lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/gMvBBD4G6iw1SZfoF-nDJoDKb30.roa
Signing time:             Sat 25 Oct 2025 09:51:03 +0000
ROA not before:           Sat 25 Oct 2025 09:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213257
IP address blocks:        213.190.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/O9mhd7td-26r5MrXne-PiwBd9lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/O9mhd7td-26r5MrXne-PiwBd9lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9mhd7td-26r5MrXne-PiwBd9lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 21:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1a:c7:57:c8:f7:40:73:f4:51:81:0f:00:90:9a:6f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd9a177bb5dfb6eabe4cad79def8f8b005df656
        Validity
            Not Before: Oct 25 09:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80cbc1043e06ea2c354997e817e9c32680ca6f7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b7:bd:e4:15:97:eb:47:af:b4:58:c1:3a:32:
                    7e:ae:0d:3c:e8:a9:3c:99:13:92:f5:7f:e5:3b:e4:
                    05:0b:ef:2c:15:c8:31:c9:92:33:42:2a:36:db:ca:
                    de:d1:f1:28:20:dd:79:41:c8:bb:59:e1:a8:45:af:
                    2a:4b:0a:50:3d:93:16:3f:f6:77:78:38:b3:4b:eb:
                    8c:a9:99:c8:cb:65:8b:03:ac:b5:48:89:0b:27:70:
                    02:92:06:d1:a1:3b:f5:05:cc:b5:34:bc:63:ea:0f:
                    29:05:48:55:0e:80:b9:e1:6d:df:6c:a2:55:45:41:
                    09:44:e2:f5:1a:39:ef:ed:ba:35:fc:ae:2b:1e:c6:
                    c3:d6:e0:53:5f:bb:fc:5d:66:ee:55:14:c2:2c:68:
                    c2:53:5d:dd:ed:6e:ef:72:c0:b0:d6:1e:4c:2f:ca:
                    2e:de:18:c2:b6:05:54:34:6c:6c:c3:43:82:82:3f:
                    6e:c8:b5:93:38:c6:04:07:7d:b5:6e:50:ff:14:c0:
                    1b:13:37:cd:6e:ed:9b:0a:4e:60:a0:eb:52:4e:43:
                    4b:24:07:92:a1:9b:d9:46:8f:ca:30:7c:2b:44:c8:
                    87:d0:b5:5e:07:64:f6:ce:b3:d1:4f:99:4f:85:db:
                    37:06:ac:e1:23:f3:96:1c:ca:41:ef:1f:0c:a9:7f:
                    59:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:CB:C1:04:3E:06:EA:2C:35:49:97:E8:17:E9:C3:26:80:CA:6F:7D
            X509v3 Authority Key Identifier:
                keyid:3B:D9:A1:77:BB:5D:FB:6E:AB:E4:CA:D7:9D:EF:8F:8B:00:5D:F6:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9mhd7td-26r5MrXne-PiwBd9lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/gMvBBD4G6iw1SZfoF-nDJoDKb30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/O9mhd7td-26r5MrXne-PiwBd9lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.190.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:4f:3c:84:40:99:d2:ab:90:76:94:26:7f:d0:1b:1d:2c:b8:
         f2:c2:28:22:90:c4:7f:84:25:d5:29:0a:49:fe:45:32:ad:0d:
         aa:8b:0a:be:cd:5f:db:7c:8d:06:64:3a:d1:00:36:40:d5:45:
         f5:13:df:cd:bc:4c:98:40:46:4a:af:88:11:56:4e:ed:08:db:
         6a:65:af:19:54:cd:37:94:8a:c3:9a:49:f1:7c:3e:d4:dd:26:
         42:ee:1f:6a:b4:57:20:09:74:aa:58:2a:91:dc:f6:4d:cb:95:
         90:c7:96:68:9e:c5:0f:29:da:ed:76:fc:73:f6:ed:ba:f3:d4:
         6f:cb:9e:d3:20:3a:ec:f3:74:1c:e2:ad:89:ea:17:51:68:ba:
         66:e9:2f:1c:31:ec:a4:97:2b:29:01:a9:ac:c7:92:09:ac:94:
         6c:d8:2e:9f:7d:6a:c9:30:1c:ee:64:b1:a5:49:2a:fd:03:28:
         f0:07:bd:cb:fb:a1:5b:be:b0:a1:80:29:95:a5:66:94:b5:cd:
         87:ff:08:da:28:44:5e:f2:bf:05:96:b6:ad:31:b6:b5:72:4c:
         ee:ee:eb:41:6d:04:ce:e9:96:1c:da:c9:6a:60:68:e7:6e:2d:
         22:cc:b8:08:65:ab:10:19:0e:e2:48:52:79:53:f7:d2:f5:1f:
         60:1b:12:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoax1fI90Bz9FGBDwCQmm/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDlhMTc3YmI1ZGZiNmVhYmU0Y2FkNzlkZWY4ZjhiMDA1
ZGY2NTYwHhcNMjUxMDI1MDk1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGNiYzEwNDNlMDZlYTJjMzU0OTk3ZTgxN2U5YzMyNjgwY2E2ZjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbe95BWX60evtFjBOjJ+rg086Kk8
mROS9X/lO+QFC+8sFcgxyZIzQio228re0fEoIN15Qci7WeGoRa8qSwpQPZMWP/Z3
eDizS+uMqZnIy2WLA6y1SIkLJ3ACkgbRoTv1Bcy1NLxj6g8pBUhVDoC54W3fbKJV
RUEJROL1Gjnv7bo1/K4rHsbD1uBTX7v8XWbuVRTCLGjCU13d7W7vcsCw1h5ML8ou
3hjCtgVUNGxsw0OCgj9uyLWTOMYEB321blD/FMAbEzfNbu2bCk5goOtSTkNLJAeS
oZvZRo/KMHwrRMiH0LVeB2T2zrPRT5lPhds3BqzhI/OWHMpB7x8MqX9Z1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDLwQQ+BuosNUmX6BfpwyaAym99MB8GA1UdIwQY
MBaAFDvZoXe7Xftuq+TK153vj4sAXfZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzltaGQ3dGQtMjZyNU1yWG5lLVBpd0JkOWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9jMGQ0NjctZjYyYS00MTljLWJlODUt
ZTM4MDMwYjY5ZDVhLzEvZ012QkJENEc2aXcxU1pmb0YtbkRKb0RLYjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9jMGQ0NjctZjYyYS00MTljLWJlODUtZTM4MDMwYjY5ZDVh
LzEvTzltaGQ3dGQtMjZyNU1yWG5lLVBpd0JkOWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b4PMA0G
CSqGSIb3DQEBCwUAA4IBAQCPTzyEQJnSq5B2lCZ/0BsdLLjywigikMR/hCXVKQpJ
/kUyrQ2qiwq+zV/bfI0GZDrRADZA1UX1E9/NvEyYQEZKr4gRVk7tCNtqZa8ZVM03
lIrDmknxfD7U3SZC7h9qtFcgCXSqWCqR3PZNy5WQx5ZonsUPKdrtdvxz9u2689Rv
y57TIDrs83Qc4q2J6hdRaLpm6S8cMeyklyspAamsx5IJrJRs2C6ffWrJMBzuZLGl
SSr9AyjwB73L+6FbvrChgCmVpWaUtc2H/wjaKERe8r8FlratMba1ckzu7utBbQTO
6ZYc2slqYGjnbi0izLgIZasQGQ7iSFJ5U/fS9R9gGxIE
-----END CERTIFICATE-----