Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/gke9BdDbXXpTpUVbz61tFK8Ltm8.roa
File:                     gke9BdDbXXpTpUVbz61tFK8Ltm8.roa (raw, json)
Hash identifier:          Y8sMPcYCJQoktPdu1Oun8egw9U/WNPwFUrra8uvbkc0=
Subject key identifier:   82:47:BD:05:D0:DB:5D:7A:53:A5:45:5B:CF:AD:6D:14:AF:0B:B6:6F
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       0196FCD22EE2467D63993A783DBCDFAA11EF
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/gke9BdDbXXpTpUVbz61tFK8Ltm8.roa
Signing time:             Fri 23 May 2025 11:05:55 +0000
ROA not before:           Fri 23 May 2025 11:05:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198154
IP address blocks:        195.254.165.0/24 maxlen: 24
                          2a05:9080::/48 maxlen: 48
                          2a05:9080:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 05:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fc:d2:2e:e2:46:7d:63:99:3a:78:3d:bc:df:aa:11:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: May 23 11:05:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8247bd05d0db5d7a53a5455bcfad6d14af0bb66f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e5:99:73:37:cb:6e:64:c4:20:c9:12:17:da:
                    1c:ed:bf:0b:08:bb:5f:7c:69:d7:57:c7:47:8a:a3:
                    67:93:47:c8:df:12:a0:40:41:62:61:c5:09:43:92:
                    d7:54:de:2e:3c:da:24:99:7e:54:77:d9:45:4c:46:
                    d2:06:2a:b4:86:70:0d:01:4b:7d:1c:a7:d2:18:7d:
                    90:9b:46:47:28:c6:60:73:02:47:77:89:61:70:4f:
                    03:ee:4a:e2:ce:74:98:84:1b:c5:b8:03:b9:4d:d5:
                    a1:c5:96:31:c4:d0:21:2e:79:cb:47:9b:e7:c1:12:
                    cb:e7:bb:e9:bd:76:69:09:e0:f5:9f:b2:73:d8:33:
                    e7:6a:2e:6a:fd:d7:ef:a5:c9:47:7e:4e:90:cb:f9:
                    d7:f4:d2:83:79:2f:73:17:08:6d:96:ca:23:93:60:
                    9f:9d:6b:9b:08:02:a8:0f:51:a9:f3:8d:93:8a:27:
                    89:66:ad:67:31:1f:47:a9:09:1c:e8:47:3f:05:b8:
                    f4:c0:29:cd:cc:24:e5:ef:cb:e4:b7:6f:59:84:93:
                    fd:05:12:f4:8c:a2:05:bd:3c:81:88:51:a7:73:f4:
                    26:92:e9:c0:30:16:5b:34:fd:96:e3:0d:db:96:57:
                    73:a6:93:62:d5:65:e9:80:f0:c6:bc:40:cc:91:07:
                    77:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:47:BD:05:D0:DB:5D:7A:53:A5:45:5B:CF:AD:6D:14:AF:0B:B6:6F
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/gke9BdDbXXpTpUVbz61tFK8Ltm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.165.0/24
                IPv6:
                  2a05:9080::/48
                  2a05:9080:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:8f:10:f2:ca:7b:48:fb:43:30:c3:78:3c:03:8f:80:7f:82:
         cf:b1:6f:33:ff:82:32:5c:e1:a9:7d:94:e7:13:ed:47:21:18:
         3c:ce:62:07:a8:13:0a:29:2b:9d:55:d2:75:57:f9:6f:94:b4:
         a2:f0:fb:6f:96:d4:df:a0:4a:eb:6c:1b:34:f1:01:0c:a2:fa:
         0d:6e:52:0c:70:19:de:cb:27:32:06:81:26:75:d6:ca:3b:88:
         13:4e:44:92:89:cd:9e:0f:ce:51:f3:77:06:cd:a4:ae:d7:d9:
         ce:fd:80:3a:2f:80:c6:66:d5:a9:67:db:7d:63:64:c4:50:26:
         e9:5a:4d:8c:38:2e:a0:ec:2e:ec:fe:0e:6c:b0:5e:02:68:fd:
         80:03:78:8c:2b:5a:f5:15:25:58:36:4a:23:36:9f:bd:f2:35:
         6e:48:62:e5:cb:bc:cd:69:57:03:ce:ff:b4:16:50:69:28:e3:
         ac:6b:cc:9b:a2:b1:7f:4a:b1:5e:74:35:f5:65:b4:39:70:4e:
         38:a9:46:7b:fd:fe:f6:eb:17:f9:8c:27:c4:8a:89:7c:6e:07:
         5c:34:27:21:63:14:7c:9e:6d:e9:73:da:8b:59:4c:2f:0b:cd:
         20:53:67:75:a7:40:c5:df:a6:0c:f9:3f:be:c3:d4:0a:a9:fb:
         6e:0c:07:d0
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZb80i7iRn1jmTp4PbzfqhHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwNTIzMTEwNTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjQ3YmQwNWQwZGI1ZDdhNTNhNTQ1NWJjZmFkNmQxNGFmMGJiNjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeWZczfLbmTEIMkSF9oc7b8LCLtf
fGnXV8dHiqNnk0fI3xKgQEFiYcUJQ5LXVN4uPNokmX5Ud9lFTEbSBiq0hnANAUt9
HKfSGH2Qm0ZHKMZgcwJHd4lhcE8D7kriznSYhBvFuAO5TdWhxZYxxNAhLnnLR5vn
wRLL57vpvXZpCeD1n7Jz2DPnai5q/dfvpclHfk6Qy/nX9NKDeS9zFwhtlsojk2Cf
nWubCAKoD1Gp842TiieJZq1nMR9HqQkc6Ec/Bbj0wCnNzCTl78vkt29ZhJP9BRL0
jKIFvTyBiFGnc/QmkunAMBZbNP2W4w3blldzppNi1WXpgPDGvEDMkQd3nwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIJHvQXQ2116U6VFW8+tbRSvC7ZvMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvZ2tlOUJkRGJYWHBUcFVWYno2MXRGSzhMdG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAw/6lMBgE
AgACMBIDBwAqBZCAAAADBwAqBZCAAAQwDQYJKoZIhvcNAQELBQADggEBAEiPEPLK
e0j7QzDDeDwDj4B/gs+xbzP/gjJc4al9lOcT7UchGDzOYgeoEwopK51V0nVX+W+U
tKLw+2+W1N+gSutsGzTxAQyi+g1uUgxwGd7LJzIGgSZ11so7iBNORJKJzZ4PzlHz
dwbNpK7X2c79gDovgMZm1aln231jZMRQJulaTYw4LqDsLuz+DmywXgJo/YADeIwr
WvUVJVg2SiM2n73yNW5IYuXLvM1pVwPO/7QWUGko46xrzJuisX9KsV50NfVltDlw
TjipRnv9/vbrF/mMJ8SKiXxuB1w0JyFjFHyebelz2otZTC8LzSBTZ3WnQMXfpgz5
P77D1Aqp+24MB9A=
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:44:17 2025 by rpki-client