Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/Gky3WM6DOJSU_16giRDWJ41eEKA.roa
File:                     Gky3WM6DOJSU_16giRDWJ41eEKA.roa (raw, json)
Hash identifier:          TnCpd95H/6J2xeSLtHFEVqsbxWmaOkgox5gtfxtQD9c=
Subject key identifier:   1A:4C:B7:58:CE:83:38:94:94:FF:5E:A0:89:10:D6:27:8D:5E:10:A0
Certificate issuer:       /CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Certificate serial:       0198E2547EB7402F6A3842BB241022F47A36
Authority key identifier: 96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/Gky3WM6DOJSU_16giRDWJ41eEKA.roa
Signing time:             Mon 25 Aug 2025 17:44:05 +0000
ROA not before:           Mon 25 Aug 2025 17:44:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213373
IP address blocks:        85.203.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e2:54:7e:b7:40:2f:6a:38:42:bb:24:10:22:f4:7a:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
        Validity
            Not Before: Aug 25 17:44:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a4cb758ce83389494ff5ea08910d6278d5e10a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:75:71:e3:97:07:5b:ca:54:ed:0a:9f:0e:21:
                    39:34:99:f2:a7:dd:4f:10:ef:3d:7c:77:5b:64:68:
                    a6:a0:16:f4:69:2f:bf:8c:e5:e2:e1:4a:6a:df:eb:
                    80:bf:f7:28:94:c9:f4:fa:7b:63:30:1a:d7:0d:5e:
                    8c:62:38:fc:77:72:58:4b:76:90:20:bb:14:15:74:
                    b0:a0:0e:27:29:ba:e1:c6:23:b6:2c:38:41:4d:ad:
                    61:ea:35:bf:4f:3f:f2:df:fe:16:b0:f8:d3:d3:49:
                    e4:ed:ed:44:f9:61:2c:8c:45:c6:e8:df:1f:11:10:
                    46:14:ca:7f:c1:fc:7a:c5:be:cc:cb:90:da:ab:3e:
                    b8:f2:7c:67:91:25:50:8a:ee:39:3e:b6:6e:d2:ed:
                    84:43:a6:1c:e0:fa:41:cd:70:69:d7:86:90:b1:3d:
                    a4:99:a7:4d:31:f1:0f:b0:71:97:52:15:ce:bb:18:
                    99:d4:fe:8f:81:f7:dc:5d:d6:cd:75:f0:19:27:4b:
                    83:8a:40:f0:d2:4e:d6:67:f0:b7:46:f0:c1:ce:af:
                    36:29:06:e7:87:eb:fc:86:29:f2:ed:f3:4e:6e:dc:
                    b3:a0:49:68:e7:2f:96:18:bc:19:3a:7f:c3:de:d5:
                    be:63:5b:d6:86:e7:16:5a:74:25:3b:57:cc:26:af:
                    38:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:4C:B7:58:CE:83:38:94:94:FF:5E:A0:89:10:D6:27:8D:5E:10:A0
            X509v3 Authority Key Identifier:
                keyid:96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/Gky3WM6DOJSU_16giRDWJ41eEKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:9c:80:47:cb:80:71:35:6f:0f:95:f1:c8:6c:af:d7:bb:f5:
         1f:19:c4:43:27:7f:72:e5:c5:be:fe:c8:52:1a:af:80:e1:12:
         2d:62:7d:48:10:95:d7:d2:38:f9:77:70:c5:5c:c8:a1:6a:1e:
         f6:5d:a0:9e:39:73:6d:53:d1:b7:f2:d1:31:4e:74:71:26:22:
         4b:7b:ab:17:16:fa:3a:a5:8e:cb:50:6b:c9:db:af:88:d1:b8:
         a0:7c:d0:8f:35:1e:d9:bc:8e:d2:ad:1c:d0:3b:f7:95:ca:bb:
         16:50:8a:c4:52:cd:0f:6a:da:4d:bf:99:78:e4:ef:d3:32:59:
         05:bc:ef:ac:3c:f3:5b:9b:38:0a:b3:02:66:e1:cc:9f:7e:2b:
         48:ce:bc:aa:02:2c:71:3b:c1:91:8b:9c:cb:ec:fa:f8:47:0c:
         c4:c4:7d:31:7e:8b:12:a3:bd:ea:0c:9e:3c:ac:0c:c0:e0:4a:
         06:84:bd:7e:92:b9:4e:b5:5e:e0:bc:f7:9c:41:50:80:19:32:
         1d:89:d1:33:06:de:70:d6:d6:35:08:44:da:3b:96:99:b2:60:
         61:22:c8:48:29:01:1f:e7:c3:05:c3:43:a6:c7:ef:f0:93:f4:
         32:ff:f4:6f:9d:43:d8:de:cc:c4:0a:4b:a3:fc:aa:ad:09:3e:
         22:cb:67:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjiVH63QC9qOEK7JBAi9Ho2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmJkNzZhNWNhYzI4M2VjZTBhMGY4ZWFiMmM5NzAyMTQw
MWZiODkwHhcNMjUwODI1MTc0NDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTRjYjc1OGNlODMzODk0OTRmZjVlYTA4OTEwZDYyNzhkNWUxMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9XVx45cHW8pU7QqfDiE5NJnyp91P
EO89fHdbZGimoBb0aS+/jOXi4Upq3+uAv/colMn0+ntjMBrXDV6MYjj8d3JYS3aQ
ILsUFXSwoA4nKbrhxiO2LDhBTa1h6jW/Tz/y3/4WsPjT00nk7e1E+WEsjEXG6N8f
ERBGFMp/wfx6xb7My5Daqz648nxnkSVQiu45PrZu0u2EQ6Yc4PpBzXBp14aQsT2k
madNMfEPsHGXUhXOuxiZ1P6PgffcXdbNdfAZJ0uDikDw0k7WZ/C3RvDBzq82KQbn
h+v8hiny7fNObtyzoElo5y+WGLwZOn/D3tW+Y1vWhucWWnQlO1fMJq84FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpMt1jOgziUlP9eoIkQ1ieNXhCgMB8GA1UdIwQY
MBaAFJYr12pcrCg+zgoPjqsslwIUAfuJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMt
NmFiMTExNTVmNmZiLzEvR2t5M1dNNkRPSlNVXzE2Z2lSRFdKNDFlRUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMtNmFiMTExNTVmNmZi
LzEvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsaMA0G
CSqGSIb3DQEBCwUAA4IBAQBpnIBHy4BxNW8PlfHIbK/Xu/UfGcRDJ39y5cW+/shS
Gq+A4RItYn1IEJXX0jj5d3DFXMihah72XaCeOXNtU9G38tExTnRxJiJLe6sXFvo6
pY7LUGvJ26+I0bigfNCPNR7ZvI7SrRzQO/eVyrsWUIrEUs0PatpNv5l45O/TMlkF
vO+sPPNbmzgKswJm4cyffitIzryqAixxO8GRi5zL7Pr4RwzExH0xfosSo73qDJ48
rAzA4EoGhL1+krlOtV7gvPecQVCAGTIdidEzBt5w1tY1CETaO5aZsmBhIshIKQEf
58MFw0Omx+/wk/Qy//RvnUPY3szECkuj/KqtCT4iy2dq
-----END CERTIFICATE-----