Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/GqC3ZO1y9oc4vznv7EbpMYcfENc.roa
File:                     GqC3ZO1y9oc4vznv7EbpMYcfENc.roa (raw, json)
Hash identifier:          Q4sGgT5nLBJ6T1APzes4amjNpmeLdQJEi2Te5mDw21c=
Subject key identifier:   1A:A0:B7:64:ED:72:F6:87:38:BF:39:EF:EC:46:E9:31:87:1F:10:D7
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       0199397CF94A580897C24E964BB96B493E24
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/GqC3ZO1y9oc4vznv7EbpMYcfENc.roa
Signing time:             Thu 11 Sep 2025 15:55:15 +0000
ROA not before:           Thu 11 Sep 2025 15:55:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        159.197.128.0/18 maxlen: 24
                          159.197.224.0/19 maxlen: 24
                          161.8.160.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:39:7c:f9:4a:58:08:97:c2:4e:96:4b:b9:6b:49:3e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Sep 11 15:55:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1aa0b764ed72f68738bf39efec46e931871f10d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:53:16:07:9f:05:8d:4c:9a:5a:3c:43:86:1d:
                    30:b2:e8:39:2b:be:43:7b:1a:9c:2d:d4:30:19:7b:
                    8b:6f:9d:ed:89:1c:fd:72:38:46:8a:c1:81:be:3a:
                    1e:5a:cb:7f:c3:8c:57:2c:47:16:11:20:3f:f7:df:
                    83:00:ae:52:50:9d:79:ff:14:dd:26:e9:13:29:f9:
                    86:27:52:35:d1:ff:46:8b:9c:58:f7:be:d9:53:35:
                    04:15:ce:0e:53:dc:38:d8:b9:1b:75:e9:58:44:df:
                    84:17:b5:ca:d2:4c:90:63:4b:20:50:62:05:d4:d5:
                    e5:f2:81:92:18:7c:a6:18:5a:66:95:15:6c:bc:aa:
                    38:60:49:6b:d8:cb:f8:73:41:c5:c3:b4:01:ce:1c:
                    40:68:43:61:7f:4e:8c:36:51:eb:21:11:26:5c:3e:
                    52:3b:27:bb:00:b5:f5:18:ce:a6:f1:7b:2c:6d:31:
                    e0:4f:4d:04:f9:73:c1:2e:4b:b7:fd:b4:ec:91:16:
                    07:8c:41:4d:3f:ff:a8:c5:4b:16:76:0b:d2:ad:60:
                    fa:65:79:a1:ab:49:1f:97:69:35:dc:49:00:86:d3:
                    d6:ff:18:da:5b:1c:60:00:e6:76:db:45:bd:72:3e:
                    8d:83:b9:a2:52:be:df:be:91:e9:87:7c:e3:67:55:
                    66:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A0:B7:64:ED:72:F6:87:38:BF:39:EF:EC:46:E9:31:87:1F:10:D7
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/GqC3ZO1y9oc4vznv7EbpMYcfENc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.197.128.0/18
                  159.197.224.0/19
                  161.8.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         47:b7:fb:a6:c7:41:f8:34:fe:b5:54:ae:88:45:83:19:1f:e5:
         79:4b:ed:b9:cb:e0:a1:a1:1e:14:2d:61:d2:69:bb:ac:14:0d:
         d1:54:d0:45:a2:85:69:4c:30:f7:fd:0d:0d:68:4a:d6:a2:42:
         f1:17:65:a8:84:3a:fa:d4:b4:32:f9:1f:67:3e:13:e5:09:6b:
         f4:ab:ea:33:02:cd:99:87:74:e9:1b:1f:94:36:39:e3:88:b1:
         c3:63:c6:73:50:be:fc:bf:83:45:7e:93:15:24:8f:d3:cb:8d:
         7f:5d:a0:f3:b9:fa:b6:ec:39:d3:59:15:6e:11:b2:5f:e5:55:
         6e:0c:0a:a5:d1:46:9d:0d:59:cf:ae:70:79:2f:e4:06:ac:22:
         4f:b9:5f:1e:32:d9:d4:b7:1a:31:69:5d:e0:9c:55:f7:86:9a:
         31:be:de:0e:05:82:29:33:96:9b:b8:56:07:cd:64:e4:cb:85:
         94:98:cc:67:63:94:26:75:58:62:c4:ee:94:f0:8f:27:9c:71:
         df:3b:2e:62:ad:e3:49:34:b4:39:ce:c8:2c:70:f3:d4:e1:44:
         41:71:c3:59:a6:6c:d7:65:31:e0:b4:24:d9:af:59:26:5b:64:
         84:5d:0b:af:43:14:9e:b8:bd:b2:25:82:c7:2c:5b:60:29:d4:
         1d:88:53:02
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZk5fPlKWAiXwk6WS7lrST4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjUwOTExMTU1NTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWEwYjc2NGVkNzJmNjg3MzhiZjM5ZWZlYzQ2ZTkzMTg3MWYxMGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVMWB58FjUyaWjxDhh0wsug5K75D
exqcLdQwGXuLb53tiRz9cjhGisGBvjoeWst/w4xXLEcWESA/99+DAK5SUJ15/xTd
JukTKfmGJ1I10f9Gi5xY977ZUzUEFc4OU9w42LkbdelYRN+EF7XK0kyQY0sgUGIF
1NXl8oGSGHymGFpmlRVsvKo4YElr2Mv4c0HFw7QBzhxAaENhf06MNlHrIREmXD5S
Oye7ALX1GM6m8XssbTHgT00E+XPBLku3/bTskRYHjEFNP/+oxUsWdgvSrWD6ZXmh
q0kfl2k13EkAhtPW/xjaWxxgAOZ220W9cj6Ng7miUr7fvpHph3zjZ1VmAQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBqgt2TtcvaHOL857+xG6TGHHxDXMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvR3FDM1pPMXk5b2M0dnpudjdFYnBNWWNmRU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGn8WAAwQF
n8XgAwQFoQigMA0GCSqGSIb3DQEBCwUAA4IBAQBHt/umx0H4NP61VK6IRYMZH+V5
S+25y+ChoR4ULWHSabusFA3RVNBFooVpTDD3/Q0NaErWokLxF2WohDr61LQy+R9n
PhPlCWv0q+ozAs2Zh3TpGx+UNjnjiLHDY8ZzUL78v4NFfpMVJI/Ty41/XaDzufq2
7DnTWRVuEbJf5VVuDAql0UadDVnPrnB5L+QGrCJPuV8eMtnUtxoxaV3gnFX3hpox
vt4OBYIpM5abuFYHzWTky4WUmMxnY5QmdVhixO6U8I8nnHHfOy5ireNJNLQ5zsgs
cPPU4URBccNZpmzXZTHgtCTZr1kmW2SEXQuvQxSeuL2yJYLHLFtgKdQdiFMC
-----END CERTIFICATE-----