Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/gs8xSDnEf5s-t6tRm1MXSkj8uJo.roa
File:                     gs8xSDnEf5s-t6tRm1MXSkj8uJo.roa (raw, json)
Hash identifier:          04Lr7IgwBqz8hk2OcpuxvWUwYYvADfjHLZqerwnsaPQ=
Subject key identifier:   82:CF:31:48:39:C4:7F:9B:3E:B7:AB:51:9B:53:17:4A:48:FC:B8:9A
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0198F16E562178127032628BF18FEA1FA3E1
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/gs8xSDnEf5s-t6tRm1MXSkj8uJo.roa
Signing time:             Thu 28 Aug 2025 16:06:36 +0000
ROA not before:           Thu 28 Aug 2025 16:06:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61084
IP address blocks:        194.62.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f1:6e:56:21:78:12:70:32:62:8b:f1:8f:ea:1f:a3:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Aug 28 16:06:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82cf314839c47f9b3eb7ab519b53174a48fcb89a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4f:58:88:5b:79:04:45:be:2a:97:53:0f:85:
                    b7:5a:d1:e6:25:78:53:f6:aa:e0:ca:cf:32:fe:fe:
                    9f:d1:49:65:c4:8f:7e:6f:35:a9:61:88:3c:57:92:
                    5b:6c:15:e1:c7:e0:02:ae:e8:33:d3:2c:c0:0f:1a:
                    b5:6b:fa:97:8f:89:01:27:d7:c3:80:20:17:6f:05:
                    68:a0:64:d5:3f:df:32:7c:88:21:ea:86:fb:fa:1a:
                    d8:0c:10:23:ad:21:41:bb:7b:e9:1e:7f:57:cc:0a:
                    eb:ad:f8:1e:87:73:4a:3c:f7:77:a1:57:7f:a4:cb:
                    62:18:9b:77:43:f3:be:9b:aa:d9:75:f2:4c:71:dc:
                    dd:72:01:b0:1d:07:d8:5b:2d:8c:7e:26:d5:b0:25:
                    09:12:c5:01:8d:3b:3e:62:23:8f:a6:22:53:fd:2b:
                    30:ed:e6:9e:64:43:ca:1c:76:7c:ba:c5:be:f1:3a:
                    b3:82:2d:fb:3f:89:06:a9:60:e2:cd:ba:dc:df:b2:
                    21:fd:07:04:3b:ee:74:4e:d4:13:a5:a0:6a:d1:0b:
                    cd:f8:e8:c2:df:5b:6c:5f:b5:c2:77:d4:c8:fa:83:
                    4a:95:1d:3b:13:a6:a4:fc:b2:db:61:c0:36:df:b7:
                    11:8b:fe:84:b4:07:78:55:86:94:fd:46:e1:17:b1:
                    03:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:CF:31:48:39:C4:7F:9B:3E:B7:AB:51:9B:53:17:4A:48:FC:B8:9A
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/gs8xSDnEf5s-t6tRm1MXSkj8uJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:f8:6c:5a:2c:3b:c4:fe:94:8c:93:4d:23:60:ec:f2:20:fc:
         a3:e4:49:bf:80:64:6f:b7:d4:a5:aa:93:4a:be:a2:28:7f:45:
         eb:22:5e:66:59:1e:2e:7c:1a:61:86:7f:db:44:c6:a6:d6:0c:
         e6:9e:24:ac:5d:02:a3:b3:8f:12:97:e6:4f:67:24:c6:61:77:
         6f:73:4c:eb:c7:b9:ed:69:40:66:34:21:32:09:e7:9e:60:12:
         df:c3:b7:64:54:c0:d6:3a:a3:c1:26:98:18:99:de:14:fb:b0:
         9a:36:c9:44:7e:b4:8f:4d:64:7d:f8:5d:52:05:f8:0e:43:5f:
         18:8d:50:bf:ee:69:ed:57:f5:90:ce:b1:40:eb:f3:2f:af:65:
         b0:30:59:87:1d:ed:77:aa:6a:cb:ce:a3:f8:ad:3f:fd:4f:55:
         5e:8c:26:5b:67:41:95:68:f8:af:1e:f2:04:0a:47:43:9d:5b:
         24:b0:a8:44:46:50:ce:2d:a5:18:b2:dd:ea:58:05:9c:7c:f3:
         2d:38:b6:f8:03:34:21:5c:b6:50:30:2f:26:1b:0a:ee:b8:e6:
         fc:d1:97:12:92:85:75:81:e4:58:7b:8f:87:82:e2:b0:c7:6a:
         e7:d4:90:cc:06:08:e7:38:c3:4d:22:0e:eb:7f:bd:0f:cf:c4:
         06:74:cb:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjxblYheBJwMmKL8Y/qH6PhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwODI4MTYwNjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmNmMzE0ODM5YzQ3ZjliM2ViN2FiNTE5YjUzMTc0YTQ4ZmNiODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE9YiFt5BEW+KpdTD4W3WtHmJXhT
9qrgys8y/v6f0UllxI9+bzWpYYg8V5JbbBXhx+ACrugz0yzADxq1a/qXj4kBJ9fD
gCAXbwVooGTVP98yfIgh6ob7+hrYDBAjrSFBu3vpHn9XzArrrfgeh3NKPPd3oVd/
pMtiGJt3Q/O+m6rZdfJMcdzdcgGwHQfYWy2MfibVsCUJEsUBjTs+YiOPpiJT/Ssw
7eaeZEPKHHZ8usW+8Tqzgi37P4kGqWDizbrc37Ih/QcEO+50TtQTpaBq0QvN+OjC
31tsX7XCd9TI+oNKlR07E6ak/LLbYcA237cRi/6EtAd4VYaU/UbhF7EDWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILPMUg5xH+bPrerUZtTF0pI/LiaMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZ3M4eFNEbkVmNXMtdDZ0Um0xTVhTa2o4dUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj43MA0G
CSqGSIb3DQEBCwUAA4IBAQAP+GxaLDvE/pSMk00jYOzyIPyj5Em/gGRvt9SlqpNK
vqIof0XrIl5mWR4ufBphhn/bRMam1gzmniSsXQKjs48Sl+ZPZyTGYXdvc0zrx7nt
aUBmNCEyCeeeYBLfw7dkVMDWOqPBJpgYmd4U+7CaNslEfrSPTWR9+F1SBfgOQ18Y
jVC/7mntV/WQzrFA6/Mvr2WwMFmHHe13qmrLzqP4rT/9T1VejCZbZ0GVaPivHvIE
CkdDnVsksKhERlDOLaUYst3qWAWcfPMtOLb4AzQhXLZQMC8mGwruuOb80ZcSkoV1
geRYe4+HguKwx2rn1JDMBgjnOMNNIg7rf70Pz8QGdMv+
-----END CERTIFICATE-----