Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/c5811d-1da0-4c32-9c4c-d82a90e34c2d/1/gkb0OVkofThjTrdcJybRSMlpfp4.roa
File:                     gkb0OVkofThjTrdcJybRSMlpfp4.roa (raw, json)
Hash identifier:          8sfSnNGdVPbyvFgpkPwpD+JifulUktiC43vJOSovkj4=
Subject key identifier:   82:46:F4:39:59:28:7D:38:63:4E:B7:5C:27:26:D1:48:C9:69:7E:9E
Certificate issuer:       /CN=bafed139df0fad6fde0d82869144104d204b92b5
Certificate serial:       0198DB862EAA449C9B073E5B515F812A3B1F
Authority key identifier: BA:FE:D1:39:DF:0F:AD:6F:DE:0D:82:86:91:44:10:4D:20:4B:92:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uv7ROd8PrW_eDYKGkUQQTSBLkrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/c5811d-1da0-4c32-9c4c-d82a90e34c2d/1/gkb0OVkofThjTrdcJybRSMlpfp4.roa
Signing time:             Sun 24 Aug 2025 10:01:00 +0000
ROA not before:           Sun 24 Aug 2025 10:01:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205927
IP address blocks:        2a0a:68c0:200::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/c5811d-1da0-4c32-9c4c-d82a90e34c2d/1/uv7ROd8PrW_eDYKGkUQQTSBLkrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/c5811d-1da0-4c32-9c4c-d82a90e34c2d/1/uv7ROd8PrW_eDYKGkUQQTSBLkrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uv7ROd8PrW_eDYKGkUQQTSBLkrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 04:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:db:86:2e:aa:44:9c:9b:07:3e:5b:51:5f:81:2a:3b:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bafed139df0fad6fde0d82869144104d204b92b5
        Validity
            Not Before: Aug 24 10:01:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8246f43959287d38634eb75c2726d148c9697e9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7b:97:0d:18:8e:f4:0c:0a:97:89:9b:f0:79:
                    bb:7c:44:60:4d:38:ca:33:20:4d:86:81:0c:cd:f4:
                    5c:5a:1f:fa:7a:ac:e3:a5:81:bb:d9:24:d4:a2:fa:
                    c7:78:fc:49:e2:f3:92:f2:da:66:51:97:6b:8a:cc:
                    1f:43:09:c9:49:4c:7a:1b:35:84:80:88:13:3f:3d:
                    ee:cc:ee:b5:86:ff:dd:79:0f:ba:10:39:59:f1:24:
                    ad:d3:2f:b5:04:ae:e6:45:ad:03:62:eb:20:65:ef:
                    5e:47:1f:02:f6:04:9f:3b:0b:b6:56:f2:2b:d0:cd:
                    eb:1f:7f:cf:09:1c:1e:bb:38:f3:5f:b8:ac:d9:ec:
                    44:37:dd:dc:4b:1d:c3:38:92:77:2b:7e:ec:8a:db:
                    84:85:62:00:06:25:8d:42:c1:8a:9e:20:6a:db:cc:
                    ce:24:34:ca:ac:e1:3b:9d:e2:16:53:b3:6c:1a:59:
                    88:9d:87:0e:0c:24:9b:7e:d7:03:85:8f:0d:0f:5d:
                    48:8c:53:6d:91:5b:4f:68:61:dd:3a:df:95:ab:97:
                    92:14:30:e8:df:aa:39:1d:0b:27:cd:cc:9e:78:41:
                    85:d8:88:49:d1:99:1e:92:02:9f:97:cb:b6:04:8d:
                    01:56:25:0b:72:3b:c5:f2:af:99:82:6b:7f:39:b7:
                    69:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:46:F4:39:59:28:7D:38:63:4E:B7:5C:27:26:D1:48:C9:69:7E:9E
            X509v3 Authority Key Identifier:
                keyid:BA:FE:D1:39:DF:0F:AD:6F:DE:0D:82:86:91:44:10:4D:20:4B:92:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uv7ROd8PrW_eDYKGkUQQTSBLkrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c5811d-1da0-4c32-9c4c-d82a90e34c2d/1/gkb0OVkofThjTrdcJybRSMlpfp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c5811d-1da0-4c32-9c4c-d82a90e34c2d/1/uv7ROd8PrW_eDYKGkUQQTSBLkrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:68c0:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:99:30:d0:43:b4:c1:26:ce:0e:81:48:a5:2b:d3:c7:2d:81:
         5a:4a:01:c5:5d:f3:9e:68:1f:4e:93:4b:47:81:1e:dc:b6:23:
         ef:df:8f:20:40:70:b2:da:31:e7:29:24:90:38:4b:62:0d:03:
         cd:56:2d:b9:b6:df:b5:58:2c:b1:e1:46:97:9b:6e:a8:ed:f1:
         79:91:3a:0a:e6:fe:32:03:bd:c9:b9:93:e1:19:b9:44:44:d3:
         42:6b:ab:88:9f:98:64:2e:9b:84:b1:bc:ec:a2:8e:ac:21:da:
         a2:e4:d7:ea:2f:bb:23:cc:f0:92:8a:88:71:cb:f3:2f:c0:89:
         f0:9f:4f:11:2c:fd:b0:1b:7f:8b:c0:79:e9:66:ae:3b:21:7b:
         37:41:7b:4f:0f:b1:cb:e9:98:68:5f:82:88:68:40:c7:5f:51:
         8b:9a:18:21:58:e9:df:fb:90:29:66:5f:be:19:68:31:82:9a:
         67:74:15:e0:23:9a:44:1a:28:83:1f:be:06:f5:b9:6f:67:87:
         b5:bc:e7:0d:2f:5f:03:4b:5d:2e:a3:54:cb:ce:e3:bb:e4:e4:
         67:f7:2d:b7:57:33:38:8a:3f:d3:40:d0:ba:6b:88:0d:8f:d9:
         c0:a3:bb:15:da:25:48:68:e8:01:8b:51:44:1a:6e:bd:e6:2b:
         9c:54:91:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjbhi6qRJybBz5bUV+BKjsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhZmVkMTM5ZGYwZmFkNmZkZTBkODI4NjkxNDQxMDRkMjA0
YjkyYjUwHhcNMjUwODI0MTAwMTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjQ2ZjQzOTU5Mjg3ZDM4NjM0ZWI3NWMyNzI2ZDE0OGM5Njk3ZTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnuXDRiO9AwKl4mb8Hm7fERgTTjK
MyBNhoEMzfRcWh/6eqzjpYG72STUovrHePxJ4vOS8tpmUZdriswfQwnJSUx6GzWE
gIgTPz3uzO61hv/deQ+6EDlZ8SSt0y+1BK7mRa0DYusgZe9eRx8C9gSfOwu2VvIr
0M3rH3/PCRweuzjzX7is2exEN93cSx3DOJJ3K37situEhWIABiWNQsGKniBq28zO
JDTKrOE7neIWU7NsGlmInYcODCSbftcDhY8ND11IjFNtkVtPaGHdOt+Vq5eSFDDo
36o5HQsnzcyeeEGF2IhJ0ZkekgKfl8u2BI0BViULcjvF8q+Zgmt/ObdpxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIJG9DlZKH04Y063XCcm0UjJaX6eMB8GA1UdIwQY
MBaAFLr+0TnfD61v3g2ChpFEEE0gS5K1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXY3Uk9kOFByV19lRFlLR2tVUVFUU0JMa3JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9jNTgxMWQtMWRhMC00YzMyLTljNGMt
ZDgyYTkwZTM0YzJkLzEvZ2tiME9Wa29mVGhqVHJkY0p5YlJTTWxwZnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9jNTgxMWQtMWRhMC00YzMyLTljNGMtZDgyYTkwZTM0YzJk
LzEvdXY3Uk9kOFByV19lRFlLR2tVUVFUU0JMa3JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgpowAIA
MA0GCSqGSIb3DQEBCwUAA4IBAQAvmTDQQ7TBJs4OgUilK9PHLYFaSgHFXfOeaB9O
k0tHgR7ctiPv348gQHCy2jHnKSSQOEtiDQPNVi25tt+1WCyx4UaXm26o7fF5kToK
5v4yA73JuZPhGblERNNCa6uIn5hkLpuEsbzsoo6sIdqi5NfqL7sjzPCSiohxy/Mv
wInwn08RLP2wG3+LwHnpZq47IXs3QXtPD7HL6ZhoX4KIaEDHX1GLmhghWOnf+5Ap
Zl++GWgxgppndBXgI5pEGiiDH74G9blvZ4e1vOcNL18DS10uo1TLzuO75ORn9y23
VzM4ij/TQNC6a4gNj9nAo7sV2iVIaOgBi1FEGm695iucVJFX
-----END CERTIFICATE-----