Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/GMWgFQwd8nrIkV51lAwKwBtEBhI.roa
File:                     GMWgFQwd8nrIkV51lAwKwBtEBhI.roa (raw, json)
Hash identifier:          +zDKOCeZ+E87qba/A9Qx+V3SrLOM1wpx9qfe7qe53g8=
Subject key identifier:   18:C5:A0:15:0C:1D:F2:7A:C8:91:5E:75:94:0C:0A:C0:1B:44:06:12
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0198FC3D0DD17668A29BCBFF830E76A3F6D6
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/GMWgFQwd8nrIkV51lAwKwBtEBhI.roa
Signing time:             Sat 30 Aug 2025 18:28:36 +0000
ROA not before:           Sat 30 Aug 2025 18:28:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208905
IP address blocks:        213.137.92.0/24 maxlen: 24
                          213.137.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 19:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fc:3d:0d:d1:76:68:a2:9b:cb:ff:83:0e:76:a3:f6:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Aug 30 18:28:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18c5a0150c1df27ac8915e75940c0ac01b440612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:21:af:2f:0a:a0:6f:d1:06:e1:66:45:42:6b:
                    36:18:84:89:6d:32:f4:94:ca:32:e6:d0:c0:9f:49:
                    c3:0a:66:4b:c1:1b:da:b5:c6:3c:90:51:d7:b4:58:
                    2f:a3:41:15:f6:9b:3f:63:6c:d1:a3:85:11:7e:be:
                    9f:c6:75:5b:75:60:d2:29:41:9b:37:33:d4:c2:93:
                    2d:1c:42:e4:c5:26:d1:e5:47:bd:a9:e8:df:4c:45:
                    53:d7:a6:b1:ff:86:4a:01:c2:7f:e0:f4:c9:01:59:
                    3c:a6:f2:ce:ca:c8:4f:c0:84:17:99:a3:c8:03:80:
                    79:ba:70:12:da:67:40:b5:7b:c1:ce:9c:1f:f5:c0:
                    1d:c4:19:e5:59:36:9d:db:16:d4:6a:cc:33:d4:0a:
                    3c:42:d2:46:00:95:39:ef:ae:20:f8:3a:8f:4e:cb:
                    6a:a5:f3:d6:cf:12:54:35:b3:05:16:dc:a4:35:8a:
                    e0:bb:17:6f:2a:37:a1:86:0b:d7:48:9a:86:1d:6e:
                    e4:72:4e:93:c9:b5:68:a7:c5:a9:71:69:d0:71:c1:
                    a1:7b:12:ed:fc:fb:c8:02:32:a2:58:62:19:18:75:
                    88:0c:b8:32:2f:6b:33:a7:1f:40:2c:59:e2:80:4a:
                    69:47:f4:3c:f2:7e:92:53:7a:33:dc:28:69:69:40:
                    50:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:C5:A0:15:0C:1D:F2:7A:C8:91:5E:75:94:0C:0A:C0:1B:44:06:12
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/GMWgFQwd8nrIkV51lAwKwBtEBhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.92.0/24
                  213.137.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:dc:ab:0f:ee:c0:56:1c:b4:55:aa:3a:d6:6e:f4:9c:97:bc:
         52:84:6d:ef:cc:3e:a6:f2:8e:f4:40:ea:36:ee:dd:2b:1b:73:
         73:22:ac:dd:57:1f:45:14:97:eb:7a:47:d5:0e:8d:05:65:25:
         77:a8:52:37:72:24:03:4d:6e:83:d0:88:fc:1a:22:f8:f7:d8:
         06:08:e2:91:be:1d:2a:a3:b6:3c:36:06:fe:a4:13:24:26:a9:
         8c:d6:a2:ab:9c:73:cc:72:e9:53:69:8b:54:b6:5d:b2:e2:20:
         1e:36:5b:5c:26:6d:98:76:07:ae:1f:bc:fc:f5:06:86:b8:53:
         86:8c:95:80:e4:5c:2b:2c:8e:56:14:6f:be:52:70:9b:7e:27:
         c9:4e:99:24:c8:80:ca:1c:09:fd:fd:d4:dd:f1:1e:a6:95:37:
         3e:f9:13:7a:ce:65:91:83:71:15:19:c9:2f:b3:b0:f0:ea:81:
         39:d6:26:a5:2d:44:47:f9:26:18:c0:34:41:95:57:4c:32:16:
         27:f5:65:3d:67:97:a4:e2:58:d3:5e:9f:0e:3f:99:41:20:39:
         3b:ee:74:22:37:4d:39:00:7c:50:1e:99:1a:bc:65:e3:01:03:
         a2:18:bb:44:ff:22:40:b0:ed:95:10:8d:a5:d3:61:12:bc:30:
         ff:19:a8:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZj8PQ3Rdmiim8v/gw52o/bWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUwODMwMTgyODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGM1YTAxNTBjMWRmMjdhYzg5MTVlNzU5NDBjMGFjMDFiNDQwNjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SGvLwqgb9EG4WZFQms2GISJbTL0
lMoy5tDAn0nDCmZLwRvatcY8kFHXtFgvo0EV9ps/Y2zRo4URfr6fxnVbdWDSKUGb
NzPUwpMtHELkxSbR5Ue9qejfTEVT16ax/4ZKAcJ/4PTJAVk8pvLOyshPwIQXmaPI
A4B5unAS2mdAtXvBzpwf9cAdxBnlWTad2xbUaswz1Ao8QtJGAJU5764g+DqPTstq
pfPWzxJUNbMFFtykNYrguxdvKjehhgvXSJqGHW7kck6TybVop8WpcWnQccGhexLt
/PvIAjKiWGIZGHWIDLgyL2szpx9ALFnigEppR/Q88n6SU3oz3ChpaUBQSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBjFoBUMHfJ6yJFedZQMCsAbRAYSMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvR01XZ0ZRd2Q4bnJJa1Y1MWxBd0t3QnRFQmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1YlcAwQA
1YlfMA0GCSqGSIb3DQEBCwUAA4IBAQBy3KsP7sBWHLRVqjrWbvScl7xShG3vzD6m
8o70QOo27t0rG3NzIqzdVx9FFJfrekfVDo0FZSV3qFI3ciQDTW6D0Ij8GiL499gG
COKRvh0qo7Y8Ngb+pBMkJqmM1qKrnHPMculTaYtUtl2y4iAeNltcJm2YdgeuH7z8
9QaGuFOGjJWA5FwrLI5WFG++UnCbfifJTpkkyIDKHAn9/dTd8R6mlTc++RN6zmWR
g3EVGckvs7Dw6oE51ialLURH+SYYwDRBlVdMMhYn9WU9Z5ek4ljTXp8OP5lBIDk7
7nQiN005AHxQHpkavGXjAQOiGLtE/yJAsO2VEI2l02ESvDD/Gah8
-----END CERTIFICATE-----