Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/gnBvArntN2HrbY0zir9l0T15JUI.roa
File:                     gnBvArntN2HrbY0zir9l0T15JUI.roa (raw, json)
Hash identifier:          SBEwwS/CpjU5vFqJhn8hayL3vuRT3ym6p0wVHaHgmP0=
Subject key identifier:   82:70:6F:02:B9:ED:37:61:EB:6D:8D:33:8A:BF:65:D1:3D:79:25:42
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019A0260B366E00E228CB8AEEC67C3D2BA45
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/gnBvArntN2HrbY0zir9l0T15JUI.roa
Signing time:             Mon 20 Oct 2025 16:08:03 +0000
ROA not before:           Mon 20 Oct 2025 16:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        185.176.93.0/24 maxlen: 24
                          185.176.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 14:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:02:60:b3:66:e0:0e:22:8c:b8:ae:ec:67:c3:d2:ba:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Oct 20 16:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82706f02b9ed3761eb6d8d338abf65d13d792542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c8:25:6c:e3:15:c8:96:ac:6f:b4:ca:27:78:
                    38:5e:09:8a:a9:41:8d:0d:06:ba:6a:aa:fa:b7:c1:
                    50:c3:b4:f8:48:74:43:6c:1d:7b:e5:9a:4a:4a:62:
                    7c:e5:b5:ea:f3:d3:a5:3f:0e:e9:d8:f7:78:51:75:
                    19:11:9f:a3:d7:8c:61:04:c4:c2:23:b5:23:98:02:
                    5a:6e:3f:07:9e:7a:1f:7f:b3:e6:5c:92:25:b5:ed:
                    6c:4e:b3:0d:35:6b:ca:ec:70:e5:27:d5:bd:17:04:
                    c9:1c:e1:4d:d9:fa:55:9e:9f:8f:f4:52:a1:1a:79:
                    9d:73:60:6b:c2:d6:1f:09:a3:a5:e4:9e:f3:38:2a:
                    52:e2:36:17:33:3c:b5:10:e4:c6:20:73:04:23:7b:
                    24:3a:8b:48:94:0d:c4:f3:41:37:53:7a:55:4f:44:
                    c7:f0:46:35:a8:a0:69:d5:21:78:cc:ae:05:65:6b:
                    e4:cc:d3:e2:1c:ce:48:09:3f:4d:b9:5d:0d:ec:fe:
                    f8:90:71:cd:ee:4f:d8:63:ab:32:30:9c:2a:55:b4:
                    2e:47:45:43:92:06:c4:1b:71:52:5b:fc:d3:21:90:
                    04:ba:0a:da:41:e1:aa:18:9b:fa:ca:94:67:8e:86:
                    77:96:2b:96:92:b2:d8:1a:55:09:85:33:be:dc:06:
                    9f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:70:6F:02:B9:ED:37:61:EB:6D:8D:33:8A:BF:65:D1:3D:79:25:42
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/gnBvArntN2HrbY0zir9l0T15JUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.93.0/24
                  185.176.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:f3:d8:13:1d:2f:53:3e:3c:5f:53:3e:88:7c:5d:d7:fb:5f:
         8e:99:52:80:81:0f:fb:e8:2f:d8:a1:93:24:01:ba:48:bc:c2:
         f7:60:f3:3a:48:4d:1f:38:cd:d4:91:d0:d0:63:91:45:b9:c0:
         9e:7d:c4:9a:a0:38:6b:55:c3:cd:a7:c9:9c:40:eb:e6:d1:f1:
         80:f0:3f:ee:0a:5d:72:31:d4:4c:e0:a5:cd:0e:d6:85:8e:c4:
         27:21:08:5c:ae:f6:5c:72:7b:27:b8:14:2d:8b:7f:e5:8d:1b:
         54:76:1c:04:ad:18:d7:79:7b:b7:33:ec:b5:53:95:a0:bc:4d:
         76:e7:0c:21:d9:42:95:1a:08:1c:4c:4a:b9:76:a5:2a:d1:2e:
         d0:b4:f9:04:c8:1b:11:bd:9b:47:46:ca:15:4a:e3:b9:49:49:
         5d:53:92:17:2f:a3:f7:5c:52:dc:07:3f:2d:f3:a6:90:02:69:
         c4:42:b8:b0:49:6f:ee:f0:a9:cd:1f:00:fb:e7:6f:2f:eb:81:
         1d:e7:60:4a:83:58:3d:61:e5:54:b1:b4:74:86:b4:55:df:55:
         d2:ae:07:d9:7e:4d:09:93:48:6a:a3:39:a7:c7:fe:f8:55:f0:
         7f:5c:af:7b:1b:76:9a:45:79:c6:6d:c1:05:04:6f:e3:56:94:
         f9:14:5f:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoCYLNm4A4ijLiu7GfD0rpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMDIwMTYwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjcwNmYwMmI5ZWQzNzYxZWI2ZDhkMzM4YWJmNjVkMTNkNzkyNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycglbOMVyJasb7TKJ3g4XgmKqUGN
DQa6aqr6t8FQw7T4SHRDbB175ZpKSmJ85bXq89OlPw7p2Pd4UXUZEZ+j14xhBMTC
I7UjmAJabj8Hnnoff7PmXJIlte1sTrMNNWvK7HDlJ9W9FwTJHOFN2fpVnp+P9FKh
Gnmdc2BrwtYfCaOl5J7zOCpS4jYXMzy1EOTGIHMEI3skOotIlA3E80E3U3pVT0TH
8EY1qKBp1SF4zK4FZWvkzNPiHM5ICT9NuV0N7P74kHHN7k/YY6syMJwqVbQuR0VD
kgbEG3FSW/zTIZAEugraQeGqGJv6ypRnjoZ3liuWkrLYGlUJhTO+3AafrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIJwbwK57Tdh622NM4q/ZdE9eSVCMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZ25CdkFybnROMkhyYlkwemlyOWwwVDE1SlVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubBdAwQA
ubBfMA0GCSqGSIb3DQEBCwUAA4IBAQBx89gTHS9TPjxfUz6IfF3X+1+OmVKAgQ/7
6C/YoZMkAbpIvML3YPM6SE0fOM3UkdDQY5FFucCefcSaoDhrVcPNp8mcQOvm0fGA
8D/uCl1yMdRM4KXNDtaFjsQnIQhcrvZccnsnuBQti3/ljRtUdhwErRjXeXu3M+y1
U5WgvE125wwh2UKVGggcTEq5dqUq0S7QtPkEyBsRvZtHRsoVSuO5SUldU5IXL6P3
XFLcBz8t86aQAmnEQriwSW/u8KnNHwD7528v64Ed52BKg1g9YeVUsbR0hrRV31XS
rgfZfk0Jk0hqozmnx/74VfB/XK97G3aaRXnGbcEFBG/jVpT5FF8x
-----END CERTIFICATE-----