Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/Gypkdj0YzV09CUhQDEVD4WJ_3nw.roa
File:                     Gypkdj0YzV09CUhQDEVD4WJ_3nw.roa (raw, json)
Hash identifier:          AwtHAAe72tz+YoxvqIrgrMyqdDlF1Hw0fL2VOURSDhg=
Subject key identifier:   1B:2A:64:76:3D:18:CD:5D:3D:09:48:50:0C:45:43:E1:62:7F:DE:7C
Certificate issuer:       /CN=3a839936aeeff288678e772633020fa259bd9cf2
Certificate serial:       0198E21ACDDB8901F8AC1FE08B75208D27CA
Authority key identifier: 3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/Gypkdj0YzV09CUhQDEVD4WJ_3nw.roa
Signing time:             Mon 25 Aug 2025 16:41:04 +0000
ROA not before:           Mon 25 Aug 2025 16:41:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47753
IP address blocks:        146.19.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e2:1a:cd:db:89:01:f8:ac:1f:e0:8b:75:20:8d:27:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a839936aeeff288678e772633020fa259bd9cf2
        Validity
            Not Before: Aug 25 16:41:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b2a64763d18cd5d3d0948500c4543e1627fde7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cb:6a:d4:12:5a:81:f2:42:75:e0:16:c9:2f:
                    2a:ac:c8:6b:c4:bf:c1:df:f3:ce:74:85:2d:c1:b1:
                    e5:f2:d3:39:2f:c7:ab:4c:52:01:1f:1a:34:fc:51:
                    c5:6a:be:7c:62:7b:00:cd:62:74:f5:73:84:99:4d:
                    42:7f:86:ec:b9:03:ff:42:a1:33:b7:32:3b:53:6c:
                    3d:28:85:94:48:7c:ce:e6:a3:fd:84:df:21:80:78:
                    2f:f4:11:96:f9:00:0c:90:4f:5e:ac:a8:d9:00:a2:
                    97:6d:c9:7e:f5:53:bc:8b:77:2f:1d:d9:3f:40:07:
                    ba:4d:90:9d:c0:c3:04:50:10:ad:6e:da:78:2a:ec:
                    5e:84:f7:c1:1a:6c:34:2f:0f:c0:81:2c:96:15:0f:
                    91:4d:17:33:f2:8a:e5:1d:84:d3:ff:44:91:2e:63:
                    ff:ee:13:7b:6f:9f:f5:fe:71:7e:55:94:40:36:32:
                    d6:06:14:d4:2b:ae:78:c4:76:18:0f:f9:60:0c:4e:
                    f2:b2:97:2c:b4:b0:9c:e6:5a:e7:c7:38:f9:41:33:
                    ef:5a:b4:c4:c1:e4:ab:f8:d3:61:08:1e:09:d9:27:
                    dd:23:83:f7:3f:55:c7:ec:af:e9:05:2f:e6:f3:63:
                    43:f3:94:f5:03:92:b5:14:80:bd:f6:e4:35:08:cf:
                    cc:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:2A:64:76:3D:18:CD:5D:3D:09:48:50:0C:45:43:E1:62:7F:DE:7C
            X509v3 Authority Key Identifier:
                keyid:3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/Gypkdj0YzV09CUhQDEVD4WJ_3nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:cf:55:00:cd:6a:59:07:e8:b3:a5:a4:9e:0c:8b:96:50:77:
         08:80:6d:38:87:79:99:f7:00:08:b7:c0:d1:3e:e5:06:7b:1a:
         75:85:30:71:e9:94:bb:07:cd:62:17:92:bc:e1:32:79:98:54:
         c6:47:9d:2a:2d:e4:9e:97:f2:12:79:f5:26:c8:bb:73:0b:5d:
         f6:f1:0b:88:92:cc:76:31:d9:21:d6:37:49:c6:f1:f2:34:c2:
         56:63:73:c2:07:ad:5a:c2:78:b6:5b:a8:de:75:c9:0c:90:32:
         23:21:ea:b6:50:bb:91:f0:31:6f:3f:60:91:9b:e7:ee:4c:a3:
         89:15:5a:c2:3f:42:10:eb:68:32:2c:e0:1b:09:7d:e1:32:25:
         f1:7e:d9:8e:30:aa:4c:1d:13:b6:06:1b:ac:de:8e:c6:54:b0:
         6c:82:2f:46:d7:db:9d:23:e2:ab:b8:0d:a3:28:74:2d:6c:2f:
         12:df:c2:66:80:69:61:86:1d:42:9f:ef:c0:47:ce:d7:38:66:
         58:3f:0e:e6:64:6a:57:65:a5:d1:cd:08:b3:fb:2a:c2:76:f5:
         64:54:08:8e:36:fb:2b:04:7d:66:10:a6:66:fc:f5:e2:c9:93:
         ab:ce:e6:0a:5a:71:58:b3:76:1e:78:36:e7:1b:c3:f3:62:3a:
         a2:f4:10:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjiGs3biQH4rB/gi3UgjSfKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhODM5OTM2YWVlZmYyODg2NzhlNzcyNjMzMDIwZmEyNTli
ZDljZjIwHhcNMjUwODI1MTY0MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjJhNjQ3NjNkMThjZDVkM2QwOTQ4NTAwYzQ1NDNlMTYyN2ZkZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoctq1BJagfJCdeAWyS8qrMhrxL/B
3/POdIUtwbHl8tM5L8erTFIBHxo0/FHFar58YnsAzWJ09XOEmU1Cf4bsuQP/QqEz
tzI7U2w9KIWUSHzO5qP9hN8hgHgv9BGW+QAMkE9erKjZAKKXbcl+9VO8i3cvHdk/
QAe6TZCdwMMEUBCtbtp4KuxehPfBGmw0Lw/AgSyWFQ+RTRcz8orlHYTT/0SRLmP/
7hN7b5/1/nF+VZRANjLWBhTUK654xHYYD/lgDE7yspcstLCc5lrnxzj5QTPvWrTE
weSr+NNhCB4J2SfdI4P3P1XH7K/pBS/m82ND85T1A5K1FIC99uQ1CM/MmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsqZHY9GM1dPQlIUAxFQ+Fif958MB8GA1UdIwQY
MBaAFDqDmTau7/KIZ453JjMCD6JZvZzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQt
ODM1ZjRlMzcyODNjLzEvR3lwa2RqMFl6VjA5Q1VoUURFVkQ0V0pfM253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQtODM1ZjRlMzcyODNj
LzEvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPSMA0G
CSqGSIb3DQEBCwUAA4IBAQBIz1UAzWpZB+izpaSeDIuWUHcIgG04h3mZ9wAIt8DR
PuUGexp1hTBx6ZS7B81iF5K84TJ5mFTGR50qLeSel/ISefUmyLtzC1328QuIksx2
Mdkh1jdJxvHyNMJWY3PCB61awni2W6jedckMkDIjIeq2ULuR8DFvP2CRm+fuTKOJ
FVrCP0IQ62gyLOAbCX3hMiXxftmOMKpMHRO2Bhus3o7GVLBsgi9G19udI+KruA2j
KHQtbC8S38JmgGlhhh1Cn+/AR87XOGZYPw7mZGpXZaXRzQiz+yrCdvVkVAiONvsr
BH1mEKZm/PXiyZOrzuYKWnFYs3YeeDbnG8PzYjqi9BBW
-----END CERTIFICATE-----