Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/kGaBuIbzjjchvl0PDnLRqqqAW6g.roa
File:                     kGaBuIbzjjchvl0PDnLRqqqAW6g.roa (raw, json)
Hash identifier:          6l8MBFMv4P35VqqRVKr+uHFXvVcjRNjAhlEnc+kqooI=
Subject key identifier:   90:66:81:B8:86:F3:8E:37:21:BE:5D:0F:0E:72:D1:AA:AA:80:5B:A8
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019986D9772D922B86603CB6B092BF27D109
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/kGaBuIbzjjchvl0PDnLRqqqAW6g.roa
Signing time:             Fri 26 Sep 2025 16:27:02 +0000
ROA not before:           Fri 26 Sep 2025 16:27:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        62.112.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Oct 2025 19:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:86:d9:77:2d:92:2b:86:60:3c:b6:b0:92:bf:27:d1:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Sep 26 16:27:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=906681b886f38e3721be5d0f0e72d1aaaa805ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:22:d2:09:2b:4d:90:14:64:cd:d7:97:e3:22:
                    6e:59:81:56:27:fb:e8:b4:7d:9e:2f:98:d7:d7:4b:
                    19:fe:8c:3b:35:10:0c:b0:35:24:3d:a8:ea:ec:1c:
                    3f:dd:16:68:8a:27:e2:ba:9a:62:19:c8:9b:31:31:
                    3b:5c:f0:0e:45:3e:82:25:f3:27:e0:9d:93:fd:2a:
                    93:26:22:75:8f:a5:b6:b5:c5:3f:14:09:ee:f1:80:
                    2a:73:f1:c9:cf:da:2d:99:41:26:b9:a9:b4:25:dd:
                    d7:96:6d:15:aa:d7:a4:9d:a5:03:7f:c9:90:9e:65:
                    88:29:38:f4:71:15:26:ff:2f:f6:c8:f1:62:8b:87:
                    54:b2:9c:d5:18:76:b7:31:cb:32:ee:28:4c:52:35:
                    be:db:a0:b1:b7:97:34:3d:16:17:57:4c:c8:e5:57:
                    2a:58:49:b2:b4:d3:a6:7c:4e:18:d7:dd:e6:9e:ba:
                    1c:67:a1:28:78:46:47:87:74:4b:1f:b5:62:ea:f5:
                    8b:7a:99:81:94:18:7d:60:28:17:d4:79:be:92:26:
                    99:5f:5f:bf:42:9b:16:a4:0c:08:1d:25:17:0b:ca:
                    aa:5e:41:30:e1:c4:be:98:8c:31:26:92:1d:9e:57:
                    80:55:ab:1f:01:7f:22:4e:e9:31:6a:48:14:b0:15:
                    b2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:66:81:B8:86:F3:8E:37:21:BE:5D:0F:0E:72:D1:AA:AA:80:5B:A8
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/kGaBuIbzjjchvl0PDnLRqqqAW6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:65:e5:37:ea:ad:2f:b4:7a:39:2d:e9:a7:cd:a9:13:10:c1:
         d0:5f:62:bc:da:81:39:f5:55:a9:eb:b4:ec:2a:47:19:97:d0:
         c5:dc:c4:88:d0:30:de:51:0d:f8:17:9d:52:01:f0:6a:28:b0:
         88:f3:28:bb:d7:fe:e5:79:25:a1:3f:67:dc:61:c4:04:90:ce:
         ce:24:5b:16:f1:4e:34:fc:00:29:10:be:29:17:81:ef:19:6b:
         df:8c:0a:9a:aa:8a:f8:cf:5b:b5:ec:c8:df:7a:17:8f:7c:9c:
         4a:c4:94:41:95:62:69:39:10:27:64:f8:6d:f5:79:1e:9b:11:
         78:f6:1f:2e:8b:9b:8e:e4:09:88:a8:0e:51:52:32:7f:e5:11:
         08:93:f4:89:d1:d0:33:ec:4c:cd:70:a2:3f:20:b5:e4:4f:c3:
         eb:3e:a7:4f:6a:ee:1d:1d:7e:3e:10:e2:23:5e:4f:84:a2:40:
         72:3b:0f:92:25:2b:56:a9:05:4c:1e:c1:74:c5:b9:49:77:74:
         8c:2e:3e:f2:c5:e7:01:f7:65:99:f5:06:5f:c6:fb:a2:1d:58:
         3d:68:01:4d:05:35:3d:c8:0c:ee:bb:73:6e:ac:6a:1d:9c:ff:
         55:02:92:ca:63:dc:81:13:28:b7:e1:50:b4:5f:68:dc:e4:54:
         ce:e5:89:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmG2XctkiuGYDy2sJK/J9EJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwOTI2MTYyNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDY2ODFiODg2ZjM4ZTM3MjFiZTVkMGYwZTcyZDFhYWFhODA1YmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCLSCStNkBRkzdeX4yJuWYFWJ/vo
tH2eL5jX10sZ/ow7NRAMsDUkPajq7Bw/3RZoiifiuppiGcibMTE7XPAORT6CJfMn
4J2T/SqTJiJ1j6W2tcU/FAnu8YAqc/HJz9otmUEmuam0Jd3Xlm0VqteknaUDf8mQ
nmWIKTj0cRUm/y/2yPFii4dUspzVGHa3Mcsy7ihMUjW+26Cxt5c0PRYXV0zI5Vcq
WEmytNOmfE4Y193mnrocZ6EoeEZHh3RLH7Vi6vWLepmBlBh9YCgX1Hm+kiaZX1+/
QpsWpAwIHSUXC8qqXkEw4cS+mIwxJpIdnleAVasfAX8iTukxakgUsBWy9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBmgbiG8443Ib5dDw5y0aqqgFuoMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEva0dhQnVJYnpqamNodmwwUERuTFJxcXFBVzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnAeMA0G
CSqGSIb3DQEBCwUAA4IBAQCbZeU36q0vtHo5LemnzakTEMHQX2K82oE59VWp67Ts
KkcZl9DF3MSI0DDeUQ34F51SAfBqKLCI8yi71/7leSWhP2fcYcQEkM7OJFsW8U40
/AApEL4pF4HvGWvfjAqaqor4z1u17MjfehePfJxKxJRBlWJpORAnZPht9XkemxF4
9h8ui5uO5AmIqA5RUjJ/5REIk/SJ0dAz7EzNcKI/ILXkT8PrPqdPau4dHX4+EOIj
Xk+EokByOw+SJStWqQVMHsF0xblJd3SMLj7yxecB92WZ9QZfxvuiHVg9aAFNBTU9
yAzuu3NurGodnP9VApLKY9yBEyi34VC0X2jc5FTO5Ykf
-----END CERTIFICATE-----