Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/GKEiCiXD51YV54o_AXW0cf5rHVo.roa
File:                     GKEiCiXD51YV54o_AXW0cf5rHVo.roa (raw, json)
Hash identifier:          /4UzjNRUyHHeTjZCH+5v/WfPwcjPfXkUUwUC0eRZ12c=
Subject key identifier:   18:A1:22:0A:25:C3:E7:56:15:E7:8A:3F:01:75:B4:71:FE:6B:1D:5A
Certificate issuer:       /CN=b025bac132e479a28df33573dd1096a9b7b78d32
Certificate serial:       0196D9CD92CCD565466FFBFE06AFBC941456
Authority key identifier: B0:25:BA:C1:32:E4:79:A2:8D:F3:35:73:DD:10:96:A9:B7:B7:8D:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCW6wTLkeaKN8zVz3RCWqbe3jTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/GKEiCiXD51YV54o_AXW0cf5rHVo.roa
Signing time:             Fri 16 May 2025 15:54:10 +0000
ROA not before:           Fri 16 May 2025 15:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214169
IP address blocks:        185.132.68.0/22 maxlen: 22
                          185.214.0.0/22 maxlen: 22
                          2a0b:91c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/sCW6wTLkeaKN8zVz3RCWqbe3jTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/sCW6wTLkeaKN8zVz3RCWqbe3jTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCW6wTLkeaKN8zVz3RCWqbe3jTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d9:cd:92:cc:d5:65:46:6f:fb:fe:06:af:bc:94:14:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b025bac132e479a28df33573dd1096a9b7b78d32
        Validity
            Not Before: May 16 15:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18a1220a25c3e75615e78a3f0175b471fe6b1d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b2:d5:3b:05:b5:bc:fa:41:b6:b1:40:f2:b8:
                    da:d6:b1:0a:8f:ca:62:21:45:65:f6:35:45:1e:d6:
                    e4:1f:9f:5c:21:e0:be:ed:fe:78:94:9e:09:ea:b7:
                    15:83:b8:e9:0b:5d:c4:3d:9c:86:de:5c:7b:c6:d3:
                    b8:bd:8a:d0:bb:d9:45:e8:c0:06:36:9d:bb:55:24:
                    b0:bc:d2:a5:12:02:06:4c:f5:16:b0:47:f2:e3:b9:
                    6f:1f:60:04:83:5a:1d:3a:1f:e3:66:2d:d3:08:ab:
                    15:66:4e:04:70:d8:c0:f4:0f:86:48:51:b9:b4:73:
                    fa:ba:85:42:4e:28:fa:f9:22:59:f9:c1:ab:f5:83:
                    63:58:b6:67:8c:4a:5b:06:d9:45:9f:d6:0b:01:65:
                    16:18:93:6c:ff:19:1e:3f:02:54:02:c9:64:6c:5c:
                    82:27:78:a1:a9:4b:3d:c3:8a:b6:16:cd:57:e3:e1:
                    6f:63:9e:5c:7f:80:c3:96:5e:c8:5c:92:30:bc:4c:
                    be:a3:94:7f:97:ba:63:8e:57:b9:16:1b:39:15:3d:
                    5d:d4:09:7e:eb:be:c4:a9:15:8b:90:8b:48:99:63:
                    7e:dc:17:3e:16:72:42:b0:60:fe:c9:46:8e:b2:f0:
                    87:33:01:fa:91:57:8a:54:be:68:dc:f5:a6:79:18:
                    09:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:A1:22:0A:25:C3:E7:56:15:E7:8A:3F:01:75:B4:71:FE:6B:1D:5A
            X509v3 Authority Key Identifier:
                keyid:B0:25:BA:C1:32:E4:79:A2:8D:F3:35:73:DD:10:96:A9:B7:B7:8D:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCW6wTLkeaKN8zVz3RCWqbe3jTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/GKEiCiXD51YV54o_AXW0cf5rHVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/sCW6wTLkeaKN8zVz3RCWqbe3jTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.132.68.0/22
                  185.214.0.0/22
                IPv6:
                  2a0b:91c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:59:77:c0:fb:5b:81:65:e8:1f:68:83:7f:78:94:d9:4b:2b:
         02:dd:63:0d:8c:3c:74:b1:95:54:0f:ac:76:d4:ca:8d:f1:bd:
         a2:2c:8b:10:ec:99:79:65:60:2c:c5:ef:65:76:ba:d8:fe:7d:
         b5:99:bf:13:cb:fe:46:3d:36:a2:4f:f9:63:66:79:f8:e5:c4:
         fb:3c:82:f2:bc:d8:ad:c5:85:25:88:e8:b7:f6:53:c9:02:7a:
         81:2a:0b:f4:a1:63:dc:8b:c7:4c:b9:45:21:8a:58:90:dd:c4:
         d9:ec:e3:de:3d:a0:79:52:9d:03:d4:fe:a7:5b:1f:d7:5c:da:
         b6:f3:ee:0f:e3:33:b5:76:61:b8:1c:83:0f:bc:84:9f:e5:45:
         88:d5:1a:ac:f1:1d:fb:7b:ea:03:45:1f:48:e7:ab:7a:5c:7a:
         3e:a2:f0:43:6f:3a:c5:eb:36:5d:ca:4a:75:1f:64:3c:a3:51:
         21:f0:a8:46:46:6a:9a:9a:8c:52:29:82:98:78:a3:12:6e:46:
         cc:1c:ca:d3:86:e0:3e:94:db:cb:71:1c:03:c4:e6:b6:a0:9d:
         7e:4f:f1:0e:c7:be:f5:33:87:e4:e6:98:c4:73:d4:85:be:30:
         a0:61:0d:b3:dc:40:e8:90:ec:92:e7:a6:9b:7b:ae:d2:96:28:
         f4:e5:d1:5f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZbZzZLM1WVGb/v+Bq+8lBRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMjViYWMxMzJlNDc5YTI4ZGYzMzU3M2RkMTA5NmE5Yjdi
NzhkMzIwHhcNMjUwNTE2MTU1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGExMjIwYTI1YzNlNzU2MTVlNzhhM2YwMTc1YjQ3MWZlNmIxZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37LVOwW1vPpBtrFA8rja1rEKj8pi
IUVl9jVFHtbkH59cIeC+7f54lJ4J6rcVg7jpC13EPZyG3lx7xtO4vYrQu9lF6MAG
Np27VSSwvNKlEgIGTPUWsEfy47lvH2AEg1odOh/jZi3TCKsVZk4EcNjA9A+GSFG5
tHP6uoVCTij6+SJZ+cGr9YNjWLZnjEpbBtlFn9YLAWUWGJNs/xkePwJUAslkbFyC
J3ihqUs9w4q2Fs1X4+FvY55cf4DDll7IXJIwvEy+o5R/l7pjjle5Fhs5FT1d1Al+
677EqRWLkItImWN+3Bc+FnJCsGD+yUaOsvCHMwH6kVeKVL5o3PWmeRgJgwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBihIgolw+dWFeeKPwF1tHH+ax1aMB8GA1UdIwQY
MBaAFLAlusEy5HmijfM1c90Qlqm3t40yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NXNndUTGtlYUtOOHpWejNSQ1dxYmUzalRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kMmQ5ZjMtOGQ1Ni00ODFjLThiYzQt
N2M4ZjNmZWNkYjJjLzEvR0tFaUNpWEQ1MVlWNTRvX0FYVzBjZjVySFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kMmQ5ZjMtOGQ1Ni00ODFjLThiYzQtN2M4ZjNmZWNkYjJj
LzEvc0NXNndUTGtlYUtOOHpWejNSQ1dxYmUzalRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuYREAwQC
udYAMA0EAgACMAcDBQMqC5HAMA0GCSqGSIb3DQEBCwUAA4IBAQBqWXfA+1uBZegf
aIN/eJTZSysC3WMNjDx0sZVUD6x21MqN8b2iLIsQ7Jl5ZWAsxe9ldrrY/n21mb8T
y/5GPTaiT/ljZnn45cT7PILyvNitxYUliOi39lPJAnqBKgv0oWPci8dMuUUhiliQ
3cTZ7OPePaB5Up0D1P6nWx/XXNq28+4P4zO1dmG4HIMPvISf5UWI1Rqs8R37e+oD
RR9I56t6XHo+ovBDbzrF6zZdykp1H2Q8o1Eh8KhGRmqamoxSKYKYeKMSbkbMHMrT
huA+lNvLcRwDxOa2oJ1+T/EOx771M4fk5pjEc9SFvjCgYQ2z3EDokOyS56abe67S
lij05dFf
-----END CERTIFICATE-----