Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/GhEQXJQOBNOKNy_YpfRMVkLZ8XY.roa
File:                     GhEQXJQOBNOKNy_YpfRMVkLZ8XY.roa (raw, json)
Hash identifier:          Wbxiz4Bnm4YeIda0ZMSDZ1Cxi9mTwgQ2CvCgxVev0RE=
Subject key identifier:   1A:11:10:5C:94:0E:04:D3:8A:37:2F:D8:A5:F4:4C:56:42:D9:F1:76
Certificate issuer:       /CN=bfa5f0e76547575957bc92c6dddd084d3ea7f863
Certificate serial:       01999A01F27B1458EEF21F521FF69AEAA18B
Authority key identifier: BF:A5:F0:E7:65:47:57:59:57:BC:92:C6:DD:DD:08:4D:3E:A7:F8:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v6Xw52VHV1lXvJLG3d0ITT6n-GM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/GhEQXJQOBNOKNy_YpfRMVkLZ8XY.roa
Signing time:             Tue 30 Sep 2025 09:44:02 +0000
ROA not before:           Tue 30 Sep 2025 09:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216265
IP address blocks:        91.239.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/v6Xw52VHV1lXvJLG3d0ITT6n-GM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/v6Xw52VHV1lXvJLG3d0ITT6n-GM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v6Xw52VHV1lXvJLG3d0ITT6n-GM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Oct 2025 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:01:f2:7b:14:58:ee:f2:1f:52:1f:f6:9a:ea:a1:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfa5f0e76547575957bc92c6dddd084d3ea7f863
        Validity
            Not Before: Sep 30 09:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a11105c940e04d38a372fd8a5f44c5642d9f176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:72:d9:c0:9c:53:85:01:7d:51:b3:aa:a3:72:
                    54:d8:01:80:22:11:6f:df:77:f3:46:44:02:83:85:
                    20:d4:84:70:e4:0f:bc:97:38:e9:2e:04:2f:ff:35:
                    98:ca:a3:ce:b4:4e:ee:70:72:1c:e8:75:64:ac:52:
                    e6:ed:ea:8a:0b:58:0b:ed:b2:05:14:61:0e:93:e9:
                    a3:f0:93:a1:54:70:14:d0:1e:d8:8a:5f:d1:27:30:
                    f3:42:a0:69:4b:b3:04:e3:ab:f0:9a:10:a3:56:e3:
                    1a:f9:1a:d6:b6:1a:38:30:7e:ae:ad:6f:61:58:63:
                    55:10:93:8d:bd:38:17:74:fb:51:28:2e:db:f9:2e:
                    2e:6e:0e:3c:49:8d:a3:be:d6:92:fe:43:dc:49:a1:
                    00:19:cb:57:c1:9b:aa:7b:84:c4:40:68:f4:fe:0f:
                    36:81:c8:7d:4c:80:f2:dc:a1:b7:41:0f:81:11:b1:
                    95:f3:ae:bf:87:e4:26:e3:30:ff:44:0c:f0:3c:81:
                    4b:d9:92:87:dd:28:0e:04:96:8e:3d:e1:6f:8e:aa:
                    92:d0:8e:5c:cc:75:87:70:56:ad:9f:b3:10:6a:42:
                    d6:32:9a:a5:58:b3:94:a0:98:b7:85:8b:22:49:99:
                    58:f6:ec:43:71:17:a9:90:ce:56:49:f3:71:23:8e:
                    93:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:11:10:5C:94:0E:04:D3:8A:37:2F:D8:A5:F4:4C:56:42:D9:F1:76
            X509v3 Authority Key Identifier:
                keyid:BF:A5:F0:E7:65:47:57:59:57:BC:92:C6:DD:DD:08:4D:3E:A7:F8:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v6Xw52VHV1lXvJLG3d0ITT6n-GM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/GhEQXJQOBNOKNy_YpfRMVkLZ8XY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/v6Xw52VHV1lXvJLG3d0ITT6n-GM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:d0:22:d2:cb:a5:03:7b:12:cb:40:94:f7:29:28:53:53:8f:
         3d:c4:19:2c:d6:55:b8:74:24:db:e7:b3:39:44:d1:e0:a6:6f:
         5d:61:7c:be:23:8d:18:54:80:9e:38:61:38:7f:4c:33:e2:b1:
         05:0a:f2:cf:9c:3b:76:65:aa:f7:6b:e6:0c:0b:25:01:8b:c2:
         f9:64:b7:29:69:fe:68:42:9e:c2:6c:a0:c1:90:7b:15:a6:08:
         c2:60:59:b2:65:8e:2e:a6:d2:a0:45:24:29:5a:1e:d0:e5:61:
         d1:aa:4f:6e:ed:78:62:71:a7:3e:e8:f9:54:48:4d:af:c6:a6:
         f5:25:e4:18:39:cd:3f:a2:ee:79:38:ac:9f:c6:ea:4d:78:d3:
         ed:6a:9d:42:c8:66:af:9d:2f:67:90:2e:ab:a1:c7:26:5c:5c:
         a2:42:25:4c:6b:32:2a:0a:f0:81:9a:1e:7e:e3:4b:d0:f3:ff:
         5b:a4:30:9d:5b:a7:b2:e8:20:9e:ed:af:39:b8:1a:b6:5c:11:
         4a:41:b8:5f:6c:81:ed:c2:51:47:04:e7:c8:fc:df:d3:db:f6:
         e4:70:ad:15:10:46:f7:78:cc:91:9c:47:63:2e:73:6c:1f:da:
         58:6c:88:60:c2:63:c2:5c:0d:fc:82:ee:7c:8b:0f:71:70:8b:
         03:e6:99:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmaAfJ7FFju8h9SH/aa6qGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYTVmMGU3NjU0NzU3NTk1N2JjOTJjNmRkZGQwODRkM2Vh
N2Y4NjMwHhcNMjUwOTMwMDk0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTExMTA1Yzk0MGUwNGQzOGEzNzJmZDhhNWY0NGM1NjQyZDlmMTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonLZwJxThQF9UbOqo3JU2AGAIhFv
33fzRkQCg4Ug1IRw5A+8lzjpLgQv/zWYyqPOtE7ucHIc6HVkrFLm7eqKC1gL7bIF
FGEOk+mj8JOhVHAU0B7Yil/RJzDzQqBpS7ME46vwmhCjVuMa+RrWtho4MH6urW9h
WGNVEJONvTgXdPtRKC7b+S4ubg48SY2jvtaS/kPcSaEAGctXwZuqe4TEQGj0/g82
gch9TIDy3KG3QQ+BEbGV866/h+Qm4zD/RAzwPIFL2ZKH3SgOBJaOPeFvjqqS0I5c
zHWHcFatn7MQakLWMpqlWLOUoJi3hYsiSZlY9uxDcRepkM5WSfNxI46TUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoREFyUDgTTijcv2KX0TFZC2fF2MB8GA1UdIwQY
MBaAFL+l8OdlR1dZV7ySxt3dCE0+p/hjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjZYdzUyVkhWMWxYdkpMRzNkMElUVDZuLUdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9iY2NjYjgtNmM3NC00ZDBhLTg5NWYt
MDFkMTlhNzRiZTIzLzEvR2hFUVhKUU9CTk9LTnlfWXBmUk1Wa0xaOFhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9iY2NjYjgtNmM3NC00ZDBhLTg5NWYtMDFkMTlhNzRiZTIz
LzEvdjZYdzUyVkhWMWxYdkpMRzNkMElUVDZuLUdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+83MA0G
CSqGSIb3DQEBCwUAA4IBAQAh0CLSy6UDexLLQJT3KShTU489xBks1lW4dCTb57M5
RNHgpm9dYXy+I40YVICeOGE4f0wz4rEFCvLPnDt2Zar3a+YMCyUBi8L5ZLcpaf5o
Qp7CbKDBkHsVpgjCYFmyZY4uptKgRSQpWh7Q5WHRqk9u7Xhicac+6PlUSE2vxqb1
JeQYOc0/ou55OKyfxupNeNPtap1CyGavnS9nkC6roccmXFyiQiVMazIqCvCBmh5+
40vQ8/9bpDCdW6ey6CCe7a85uBq2XBFKQbhfbIHtwlFHBOfI/N/T2/bkcK0VEEb3
eMyRnEdjLnNsH9pYbIhgwmPCXA38gu58iw9xcIsD5pkC
-----END CERTIFICATE-----