Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/G-5B6YeJ2OAL5vWCYn9oGob6FBk.roa
File:                     G-5B6YeJ2OAL5vWCYn9oGob6FBk.roa (raw, json)
Hash identifier:          wzpNaRep9vHFkuM4ho/JF0i7it8caDtKDv8qyIaqtG8=
Subject key identifier:   1B:EE:41:E9:87:89:D8:E0:0B:E6:F5:82:62:7F:68:1A:86:FA:14:19
Certificate issuer:       /CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
Certificate serial:       0197AD6667084C21192638B2FAE00E31B87A
Authority key identifier: 14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/G-5B6YeJ2OAL5vWCYn9oGob6FBk.roa
Signing time:             Thu 26 Jun 2025 18:00:58 +0000
ROA not before:           Thu 26 Jun 2025 18:00:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3170
IP address blocks:        37.0.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 12:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ad:66:67:08:4c:21:19:26:38:b2:fa:e0:0e:31:b8:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
        Validity
            Not Before: Jun 26 18:00:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bee41e98789d8e00be6f582627f681a86fa1419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fc:25:52:d6:8e:28:da:d5:2b:fb:3e:98:79:
                    00:e0:61:a7:1e:66:22:39:88:18:a2:57:3c:ac:25:
                    60:80:f3:49:cf:f0:fb:d9:41:94:e2:11:a1:c1:d0:
                    8b:f0:bd:5a:65:e3:38:21:bb:d3:b7:a2:64:bc:4c:
                    18:ce:e8:8e:b5:3b:b8:0a:16:f1:a9:44:91:9c:45:
                    99:f8:1f:9d:04:96:6c:f4:62:bd:f8:46:8b:f1:44:
                    f0:bc:d9:c5:14:c0:12:cd:87:79:55:e2:81:d9:60:
                    21:25:95:a6:9b:69:3e:fa:bd:18:72:88:d8:b1:f2:
                    85:55:64:57:59:8a:3b:aa:06:99:b9:17:79:14:60:
                    9b:af:37:d8:40:ab:46:10:f6:70:d4:b2:6e:08:1c:
                    31:81:ff:a3:7d:81:09:ff:3f:a1:2a:26:0d:64:7d:
                    56:60:0e:d0:f5:b8:b4:90:3f:e1:96:89:b9:52:1e:
                    e6:a9:4e:55:27:98:15:7a:fb:ad:c2:7a:bd:13:1e:
                    9a:ee:cf:64:0a:0f:5f:b8:c2:96:7e:e8:4d:2a:ed:
                    88:35:17:ac:38:b4:a0:8b:39:98:17:81:31:9f:32:
                    6b:e1:83:f9:a0:45:0d:0c:fb:a1:80:e8:23:ee:8e:
                    50:aa:1a:d2:d3:45:91:90:bc:72:d0:29:41:b2:18:
                    37:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:EE:41:E9:87:89:D8:E0:0B:E6:F5:82:62:7F:68:1A:86:FA:14:19
            X509v3 Authority Key Identifier:
                keyid:14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/G-5B6YeJ2OAL5vWCYn9oGob6FBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.0.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:f8:3e:5e:6d:74:fb:5f:68:55:72:be:2a:4f:53:68:a5:33:
         a0:c7:97:52:46:09:96:e2:ef:aa:50:53:46:c5:2d:ec:57:68:
         8a:67:ad:9c:8b:6f:52:a8:d6:69:d2:11:25:43:de:d2:72:60:
         2f:5b:ae:1b:87:2e:9a:14:ed:60:bf:63:e6:b9:6e:88:72:11:
         c9:ac:0b:87:b0:d3:65:d4:47:84:21:fd:86:62:06:44:e9:b6:
         62:0a:53:5e:25:8e:67:91:e0:38:58:88:d1:93:80:39:47:b3:
         2c:3e:c2:4c:f0:ff:86:85:07:f9:e1:08:d7:9c:95:10:81:9a:
         e3:fa:c5:57:3a:2e:1e:74:dd:bd:25:d8:fc:f9:4a:66:85:a1:
         89:d3:b9:32:3d:70:ad:0e:ba:47:bd:db:e2:ea:ef:be:1c:67:
         10:68:71:f7:1f:cb:ca:10:95:02:bc:34:b4:ed:69:3d:b1:e1:
         15:8e:b4:c8:2f:1b:53:c4:31:e9:9a:57:dc:17:7d:ea:ea:46:
         3c:66:8d:a4:37:93:ad:5b:21:a3:65:4e:9d:bc:16:38:65:8c:
         f9:19:64:84:82:3e:2e:99:10:75:dc:66:55:ae:94:30:ef:28:
         32:76:c8:04:82:e9:8f:33:e4:c1:32:37:3d:e3:94:71:02:46:
         63:8e:3e:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZetZmcITCEZJjiy+uAOMbh6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YmVlMGViZDA2YjRiODEyZjllMTM3MTZlMjVmMWMzYzNk
MTRjYzYwHhcNMjUwNjI2MTgwMDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmVlNDFlOTg3ODlkOGUwMGJlNmY1ODI2MjdmNjgxYTg2ZmExNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfwlUtaOKNrVK/s+mHkA4GGnHmYi
OYgYolc8rCVggPNJz/D72UGU4hGhwdCL8L1aZeM4IbvTt6JkvEwYzuiOtTu4Chbx
qUSRnEWZ+B+dBJZs9GK9+EaL8UTwvNnFFMASzYd5VeKB2WAhJZWmm2k++r0YcojY
sfKFVWRXWYo7qgaZuRd5FGCbrzfYQKtGEPZw1LJuCBwxgf+jfYEJ/z+hKiYNZH1W
YA7Q9bi0kD/hlom5Uh7mqU5VJ5gVevutwnq9Ex6a7s9kCg9fuMKWfuhNKu2INRes
OLSgizmYF4ExnzJr4YP5oEUNDPuhgOgj7o5QqhrS00WRkLxy0ClBshg3dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvuQemHidjgC+b1gmJ/aBqG+hQZMB8GA1UdIwQY
MBaAFBS+4OvQa0uBL54TcW4l8cPD0UzGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUt
ZDFiYjZiNGRkNzAxLzEvRy01QjZZZUoyT0FMNXZXQ1luOW9Hb2I2RkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUtZDFiYjZiNGRkNzAx
LzEvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJQAIMA0G
CSqGSIb3DQEBCwUAA4IBAQAs+D5ebXT7X2hVcr4qT1NopTOgx5dSRgmW4u+qUFNG
xS3sV2iKZ62ci29SqNZp0hElQ97ScmAvW64bhy6aFO1gv2PmuW6IchHJrAuHsNNl
1EeEIf2GYgZE6bZiClNeJY5nkeA4WIjRk4A5R7MsPsJM8P+GhQf54QjXnJUQgZrj
+sVXOi4edN29Jdj8+UpmhaGJ07kyPXCtDrpHvdvi6u++HGcQaHH3H8vKEJUCvDS0
7Wk9seEVjrTILxtTxDHpmlfcF33q6kY8Zo2kN5OtWyGjZU6dvBY4ZYz5GWSEgj4u
mRB13GZVrpQw7ygydsgEgumPM+TBMjc945RxAkZjjj7G
-----END CERTIFICATE-----