Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/gvPQ1buZOOV3g-KOPTV-IGXyfZQ.roa
File:                     gvPQ1buZOOV3g-KOPTV-IGXyfZQ.roa (raw, json)
Hash identifier:          ky4dJJO59R27oJhhtVDGC/53OumEgsx5hY4cQRzqpnY=
Subject key identifier:   82:F3:D0:D5:BB:99:38:E5:77:83:E2:8E:3D:35:7E:20:65:F2:7D:94
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       0198D8DB40404D6AA494005F2F80C847C429
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/gvPQ1buZOOV3g-KOPTV-IGXyfZQ.roa
Signing time:             Sat 23 Aug 2025 21:35:04 +0000
ROA not before:           Sat 23 Aug 2025 21:35:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        5.102.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 21:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d8:db:40:40:4d:6a:a4:94:00:5f:2f:80:c8:47:c4:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Aug 23 21:35:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82f3d0d5bb9938e57783e28e3d357e2065f27d94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:55:91:52:52:45:71:63:72:d4:94:6b:8a:ab:
                    df:a0:c4:0d:48:e5:25:a8:9f:0c:04:f2:07:30:04:
                    73:03:22:69:13:e5:09:f0:59:02:02:eb:ec:f8:da:
                    7e:29:7e:e0:41:14:a6:50:9c:22:b9:da:5c:60:87:
                    57:c2:85:44:cd:fb:46:b8:27:d6:9f:50:67:4f:7b:
                    61:80:a9:93:10:2d:e0:79:ed:42:6a:b7:87:7b:97:
                    67:94:ad:95:e1:c8:4d:01:70:64:9c:c0:bf:b3:f5:
                    bc:c8:31:15:8b:5b:33:7b:f7:ce:f5:39:96:35:b6:
                    6a:48:c3:18:e3:71:e9:90:43:04:03:09:3c:f8:05:
                    e8:ca:4f:83:34:b9:bf:22:c6:59:78:f4:62:e0:01:
                    95:9b:8b:75:f1:85:36:98:8d:c0:61:5d:7c:65:43:
                    6d:15:b7:14:7b:6d:27:63:ba:2c:a9:c0:40:48:a7:
                    7f:d6:00:a8:c4:bc:f3:eb:e9:8a:e0:61:d6:36:aa:
                    9d:e1:34:6b:5f:b5:ab:d5:05:0b:99:3c:0f:1e:5f:
                    ce:af:ca:ed:eb:a0:35:dd:2f:e9:4b:5f:ef:70:34:
                    82:1c:bb:82:69:61:f7:f1:73:47:eb:19:29:6b:dc:
                    3d:44:a4:5f:e1:32:36:85:25:66:67:c8:3c:85:3f:
                    c6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:F3:D0:D5:BB:99:38:E5:77:83:E2:8E:3D:35:7E:20:65:F2:7D:94
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/gvPQ1buZOOV3g-KOPTV-IGXyfZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:58:c5:ee:dd:05:00:43:81:c0:12:ad:f7:4b:43:4f:0f:f2:
         0b:77:dc:4a:1d:8d:ba:a1:08:d2:a1:54:e2:77:8c:f5:11:66:
         66:7d:ec:96:c4:3a:50:a2:37:c5:cf:2a:4b:94:c1:32:96:b3:
         99:66:95:00:1f:27:ef:4a:a0:16:93:6f:ea:af:55:91:a4:ff:
         66:25:dd:2d:66:eb:e6:79:9a:ea:81:4e:9e:9c:3f:e9:a2:a6:
         63:3e:58:16:39:56:30:1c:87:43:2b:ea:4c:6e:f1:7d:2c:bd:
         b7:02:78:fa:1d:cb:93:d6:ba:20:71:8b:6f:ae:c1:cc:4a:3f:
         ed:a8:1d:94:91:0a:f6:53:d5:1e:e8:86:74:0e:4a:37:57:23:
         25:89:31:a4:23:99:52:a4:30:1f:b2:af:bc:56:77:51:fa:20:
         7d:a5:78:76:fc:40:bc:6b:06:b5:a3:15:e3:3c:31:44:73:7e:
         1f:39:05:7e:29:92:33:6a:95:d5:4a:a6:14:45:0d:85:f3:2f:
         14:71:0e:b7:09:1e:90:03:c8:b7:9b:07:cd:4c:b3:b5:7e:d2:
         46:67:25:e6:99:79:63:60:2c:8a:a5:28:aa:75:d2:6e:29:eb:
         e3:e4:19:2d:29:6f:50:e0:0e:2d:d8:85:c2:42:2a:f6:4a:62:
         61:85:2e:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjY20BATWqklABfL4DIR8QpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjUwODIzMjEzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmYzZDBkNWJiOTkzOGU1Nzc4M2UyOGUzZDM1N2UyMDY1ZjI3ZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFWRUlJFcWNy1JRriqvfoMQNSOUl
qJ8MBPIHMARzAyJpE+UJ8FkCAuvs+Np+KX7gQRSmUJwiudpcYIdXwoVEzftGuCfW
n1BnT3thgKmTEC3gee1CareHe5dnlK2V4chNAXBknMC/s/W8yDEVi1sze/fO9TmW
NbZqSMMY43HpkEMEAwk8+AXoyk+DNLm/IsZZePRi4AGVm4t18YU2mI3AYV18ZUNt
FbcUe20nY7osqcBASKd/1gCoxLzz6+mK4GHWNqqd4TRrX7Wr1QULmTwPHl/Or8rt
66A13S/pS1/vcDSCHLuCaWH38XNH6xkpa9w9RKRf4TI2hSVmZ8g8hT/GCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILz0NW7mTjld4Pijj01fiBl8n2UMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvZ3ZQUTFidVpPT1YzZy1LT1BUVi1JR1h5ZlpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYmMA0G
CSqGSIb3DQEBCwUAA4IBAQAMWMXu3QUAQ4HAEq33S0NPD/ILd9xKHY26oQjSoVTi
d4z1EWZmfeyWxDpQojfFzypLlMEylrOZZpUAHyfvSqAWk2/qr1WRpP9mJd0tZuvm
eZrqgU6enD/poqZjPlgWOVYwHIdDK+pMbvF9LL23Anj6HcuT1rogcYtvrsHMSj/t
qB2UkQr2U9Ue6IZ0Dko3VyMliTGkI5lSpDAfsq+8VndR+iB9pXh2/EC8awa1oxXj
PDFEc34fOQV+KZIzapXVSqYURQ2F8y8UcQ63CR6QA8i3mwfNTLO1ftJGZyXmmXlj
YCyKpSiqddJuKevj5BktKW9Q4A4t2IXCQir2SmJhhS4y
-----END CERTIFICATE-----