Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GbxtRPQwfoQV6FvhVdB0jvr2vRA.roa
File:                     GbxtRPQwfoQV6FvhVdB0jvr2vRA.roa (raw, json)
Hash identifier:          sBV2MtYwt+QZhE+a75Mo+LifJiO4Kf/NRarvun19aJQ=
Subject key identifier:   19:BC:6D:44:F4:30:7E:84:15:E8:5B:E1:55:D0:74:8E:FA:F6:BD:10
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0198EC2C0540A9DA06B81459CA03C3A913B7
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GbxtRPQwfoQV6FvhVdB0jvr2vRA.roa
Signing time:             Wed 27 Aug 2025 15:36:04 +0000
ROA not before:           Wed 27 Aug 2025 15:36:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30900
IP address blocks:        77.47.213.0/24 maxlen: 24
                          195.178.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ec:2c:05:40:a9:da:06:b8:14:59:ca:03:c3:a9:13:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Aug 27 15:36:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19bc6d44f4307e8415e85be155d0748efaf6bd10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8c:73:04:b2:3d:ea:71:0f:9b:94:b1:53:56:
                    f0:b2:df:d9:d7:ac:cf:f7:35:db:a3:4b:f5:98:13:
                    22:c3:ec:06:58:3d:b4:cd:2f:e1:22:4e:1e:44:be:
                    7d:cc:6b:a6:49:39:25:f1:63:8c:30:b8:d8:54:a1:
                    82:1a:c2:d8:01:bb:51:89:02:76:dd:2f:3e:cb:d9:
                    e0:28:fb:c5:49:36:7f:30:a6:b9:df:d4:03:aa:76:
                    7d:4a:30:a1:09:60:e4:54:96:a7:11:73:0f:11:66:
                    3e:35:f5:d1:49:3a:52:33:f8:97:76:92:3f:b0:44:
                    f8:f0:e5:a9:c8:07:f2:71:fb:6e:92:66:31:4a:a0:
                    c7:73:bb:15:6e:df:f5:b9:c5:57:26:47:5c:a2:78:
                    a6:c3:5f:b7:59:18:fe:15:38:22:f9:74:cb:19:4b:
                    4f:d0:b0:a1:7d:62:8e:1e:89:b4:bf:16:98:da:3e:
                    0c:cc:68:c7:e5:ed:8a:57:c4:c5:0a:a4:8d:64:6b:
                    34:d7:a5:2c:f6:00:ea:74:dd:6c:17:d5:24:65:f4:
                    45:5f:f2:01:92:c2:65:df:ae:27:94:98:3d:40:09:
                    ea:e1:2c:31:9e:e9:44:29:bb:05:58:33:93:ae:18:
                    9b:6f:e1:d4:b2:67:32:9f:c2:64:a5:1c:8d:e4:54:
                    5f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:BC:6D:44:F4:30:7E:84:15:E8:5B:E1:55:D0:74:8E:FA:F6:BD:10
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GbxtRPQwfoQV6FvhVdB0jvr2vRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.213.0/24
                  195.178.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:7d:7a:0e:94:6b:69:ac:f5:ba:6f:e2:fb:1c:33:1f:91:80:
         bf:de:4e:1e:33:30:10:8b:92:e4:40:ea:bd:66:22:6e:6b:bd:
         8b:35:23:a9:c5:7a:c5:69:c3:6f:c1:1d:cc:5a:85:de:69:fc:
         13:d1:35:6f:f6:01:9f:3d:7e:a9:7a:bb:1e:5e:56:6a:97:8e:
         81:0c:63:0a:35:8c:29:f6:a7:d9:3d:51:82:9c:e9:67:22:55:
         5e:9d:50:75:dc:59:11:72:d7:43:ae:02:16:9d:11:62:9f:56:
         5e:bc:cf:79:d6:c0:45:6c:b1:d4:a9:dd:eb:58:e3:1a:6a:86:
         c1:04:79:15:1c:32:91:7f:ba:9e:9b:48:90:ea:35:00:b8:ef:
         38:5d:e6:08:08:2d:cd:d3:8f:ed:ad:f0:d9:42:8a:23:fb:ac:
         84:b6:a2:fd:c6:f0:19:ea:94:c2:70:6a:e1:9b:07:93:86:e5:
         63:91:4f:98:d6:46:ee:90:3b:74:71:76:24:5f:e7:5a:00:94:
         48:6e:f9:69:e7:63:3f:ee:ce:d9:9e:4d:2c:cb:f9:b5:0d:52:
         68:b4:ac:27:0b:fb:28:f1:e3:30:39:7a:c3:6c:2a:2c:fd:d6:
         3c:36:fb:b1:6e:a7:d8:3e:63:56:4a:8e:79:12:9d:f3:ec:92:
         34:fd:56:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjsLAVAqdoGuBRZygPDqRO3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwODI3MTUzNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWJjNmQ0NGY0MzA3ZTg0MTVlODViZTE1NWQwNzQ4ZWZhZjZiZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoxzBLI96nEPm5SxU1bwst/Z16zP
9zXbo0v1mBMiw+wGWD20zS/hIk4eRL59zGumSTkl8WOMMLjYVKGCGsLYAbtRiQJ2
3S8+y9ngKPvFSTZ/MKa539QDqnZ9SjChCWDkVJanEXMPEWY+NfXRSTpSM/iXdpI/
sET48OWpyAfycftukmYxSqDHc7sVbt/1ucVXJkdconimw1+3WRj+FTgi+XTLGUtP
0LChfWKOHom0vxaY2j4MzGjH5e2KV8TFCqSNZGs016Us9gDqdN1sF9UkZfRFX/IB
ksJl364nlJg9QAnq4SwxnulEKbsFWDOTrhibb+HUsmcyn8JkpRyN5FRfEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBm8bUT0MH6EFehb4VXQdI769r0QMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvR2J4dFJQUXdmb1FWNkZ2aFZkQjBqdnIydlJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATS/VAwQA
w7KXMA0GCSqGSIb3DQEBCwUAA4IBAQCxfXoOlGtprPW6b+L7HDMfkYC/3k4eMzAQ
i5LkQOq9ZiJua72LNSOpxXrFacNvwR3MWoXeafwT0TVv9gGfPX6perseXlZql46B
DGMKNYwp9qfZPVGCnOlnIlVenVB13FkRctdDrgIWnRFin1ZevM951sBFbLHUqd3r
WOMaaobBBHkVHDKRf7qem0iQ6jUAuO84XeYICC3N04/trfDZQooj+6yEtqL9xvAZ
6pTCcGrhmweThuVjkU+Y1kbukDt0cXYkX+daAJRIbvlp52M/7s7Znk0sy/m1DVJo
tKwnC/so8eMwOXrDbCos/dY8NvuxbqfYPmNWSo55Ep3z7JI0/VYG
-----END CERTIFICATE-----