Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/g827ucs3EThsAfzbTT2FMhBdWaY.roa
File:                     g827ucs3EThsAfzbTT2FMhBdWaY.roa (raw, json)
Hash identifier:          PzIDENEz83QkajYAOtSf7pvZj1/xEbuYaZgcwQILtJk=
Subject key identifier:   83:CD:BB:B9:CB:37:11:38:6C:01:FC:DB:4D:3D:85:32:10:5D:59:A6
Certificate issuer:       /CN=f10b734df4fa6aee12ea990657b035a162b4a9e6
Certificate serial:       01978CF6A32B8C893104D9588718210F9B47
Authority key identifier: F1:0B:73:4D:F4:FA:6A:EE:12:EA:99:06:57:B0:35:A1:62:B4:A9:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8QtzTfT6au4S6pkGV7A1oWK0qeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/g827ucs3EThsAfzbTT2FMhBdWaY.roa
Signing time:             Fri 20 Jun 2025 10:51:03 +0000
ROA not before:           Fri 20 Jun 2025 10:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209925
IP address blocks:        185.116.232.0/24 maxlen: 32
                          2a14:fa80::/32 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/8QtzTfT6au4S6pkGV7A1oWK0qeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/8QtzTfT6au4S6pkGV7A1oWK0qeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8QtzTfT6au4S6pkGV7A1oWK0qeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:f6:a3:2b:8c:89:31:04:d9:58:87:18:21:0f:9b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f10b734df4fa6aee12ea990657b035a162b4a9e6
        Validity
            Not Before: Jun 20 10:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83cdbbb9cb3711386c01fcdb4d3d8532105d59a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:6b:bb:02:6d:36:67:55:ba:3a:61:59:b2:be:
                    47:a4:d0:75:59:d2:ec:d6:f8:b5:50:04:37:d1:02:
                    3d:80:65:04:c4:ea:63:bf:47:a9:13:50:be:61:fe:
                    c9:d6:6c:94:63:ec:e0:3c:80:fc:7c:c0:73:3a:2b:
                    a6:4f:6e:0d:55:81:e9:03:38:75:a4:d1:3b:3d:5e:
                    80:a6:d2:5e:61:f2:08:b5:bf:2a:b9:dd:a7:0f:94:
                    ca:89:cf:82:e0:2e:ad:0b:73:01:23:21:1a:fb:62:
                    fb:c4:3b:d4:e6:09:57:eb:4a:c8:f3:33:d6:fa:95:
                    df:c7:c7:a5:2d:34:ae:39:c9:13:0d:85:2e:6b:d6:
                    ca:da:a1:41:de:8f:e0:87:55:f1:d2:91:20:85:17:
                    14:8b:e3:f0:d5:0e:2f:bd:aa:b8:4e:6e:0a:30:58:
                    e7:94:94:be:c7:0f:f6:ab:a8:24:10:f6:63:0f:95:
                    34:f6:4c:97:de:40:54:5c:c4:4a:d1:74:8f:44:82:
                    10:fd:ab:13:92:88:0e:cc:3b:2f:bc:c9:75:32:3a:
                    07:cd:eb:6b:fa:f7:cc:e3:27:75:c7:f7:72:01:2b:
                    26:83:5f:b0:18:0e:0a:88:36:a2:a1:59:9a:bb:e5:
                    5f:d5:67:91:88:a6:1f:d4:9a:6d:f4:e0:67:43:1c:
                    63:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:CD:BB:B9:CB:37:11:38:6C:01:FC:DB:4D:3D:85:32:10:5D:59:A6
            X509v3 Authority Key Identifier:
                keyid:F1:0B:73:4D:F4:FA:6A:EE:12:EA:99:06:57:B0:35:A1:62:B4:A9:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8QtzTfT6au4S6pkGV7A1oWK0qeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/g827ucs3EThsAfzbTT2FMhBdWaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/8QtzTfT6au4S6pkGV7A1oWK0qeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.232.0/24
                IPv6:
                  2a14:fa80::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:cb:ae:13:30:7d:59:1c:8d:b6:86:a3:ae:05:18:66:c6:44:
         8d:d8:02:e0:e9:91:70:cb:7b:9d:ed:f3:16:38:f9:5b:49:1b:
         56:d9:d2:9d:13:e3:1c:55:9c:31:32:b2:b0:9e:ef:8e:bf:2c:
         88:f4:0d:b7:f3:c9:51:24:11:f2:14:fd:40:39:74:4e:a4:bc:
         e0:58:8e:b9:1f:a6:62:26:a1:27:e7:f5:aa:a5:91:fb:91:56:
         72:4b:66:26:71:03:44:2d:2e:93:49:58:f2:b7:bf:3f:8c:bb:
         77:16:92:9a:74:3a:7f:e6:84:4f:bd:c5:ea:dc:a2:1c:27:86:
         78:cf:9a:79:b2:6b:ac:64:0d:90:b6:10:a7:a8:bc:bd:75:2c:
         4f:ed:8f:b8:0c:f4:d8:2f:fc:6a:71:c0:d1:ec:17:aa:d3:08:
         45:0f:de:fb:a1:dd:d6:bf:e3:8b:36:dc:ef:29:a7:ff:f3:2c:
         a5:5a:0c:14:d2:e6:23:6a:bc:6d:98:7c:c6:bb:84:68:07:c0:
         12:c6:10:54:a9:c5:f7:f0:9f:7b:8f:e7:e6:1a:9f:53:23:5f:
         61:ee:2a:e6:e5:8c:5f:f6:60:bd:b2:15:fc:3d:fc:0c:84:16:
         f4:ad:1a:60:6b:6f:1b:91:1e:2f:7c:03:b4:60:5f:29:c8:46:
         03:09:c7:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZeM9qMrjIkxBNlYhxghD5tHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMGI3MzRkZjRmYTZhZWUxMmVhOTkwNjU3YjAzNWExNjJi
NGE5ZTYwHhcNMjUwNjIwMTA1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2NkYmJiOWNiMzcxMTM4NmMwMWZjZGI0ZDNkODUzMjEwNWQ1OWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Gu7Am02Z1W6OmFZsr5HpNB1WdLs
1vi1UAQ30QI9gGUExOpjv0epE1C+Yf7J1myUY+zgPID8fMBzOiumT24NVYHpAzh1
pNE7PV6AptJeYfIItb8qud2nD5TKic+C4C6tC3MBIyEa+2L7xDvU5glX60rI8zPW
+pXfx8elLTSuOckTDYUua9bK2qFB3o/gh1Xx0pEghRcUi+Pw1Q4vvaq4Tm4KMFjn
lJS+xw/2q6gkEPZjD5U09kyX3kBUXMRK0XSPRIIQ/asTkogOzDsvvMl1MjoHzetr
+vfM4yd1x/dyASsmg1+wGA4KiDaioVmau+Vf1WeRiKYf1Jpt9OBnQxxjSwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIPNu7nLNxE4bAH82009hTIQXVmmMB8GA1UdIwQY
MBaAFPELc030+mruEuqZBlewNaFitKnmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFF0elRmVDZhdTRTNnBrR1Y3QTFvV0swcWVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMmJkOGUtMmViOC00NTE1LTk1NmIt
ZTE1MjUwMzkyODg3LzEvZzgyN3VjczNFVGhzQWZ6YlRUMkZNaEJkV2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMmJkOGUtMmViOC00NTE1LTk1NmItZTE1MjUwMzkyODg3
LzEvOFF0elRmVDZhdTRTNnBrR1Y3QTFvV0swcWVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXToMA0E
AgACMAcDBQAqFPqAMA0GCSqGSIb3DQEBCwUAA4IBAQCgy64TMH1ZHI22hqOuBRhm
xkSN2ALg6ZFwy3ud7fMWOPlbSRtW2dKdE+McVZwxMrKwnu+OvyyI9A2388lRJBHy
FP1AOXROpLzgWI65H6ZiJqEn5/WqpZH7kVZyS2YmcQNELS6TSVjyt78/jLt3FpKa
dDp/5oRPvcXq3KIcJ4Z4z5p5smusZA2QthCnqLy9dSxP7Y+4DPTYL/xqccDR7Beq
0whFD977od3Wv+OLNtzvKaf/8yylWgwU0uYjarxtmHzGu4RoB8ASxhBUqcX38J97
j+fmGp9TI19h7irm5Yxf9mC9shX8PfwMhBb0rRpga28bkR4vfAO0YF8pyEYDCcf5
-----END CERTIFICATE-----