Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/gYBVJZmNIdcxDC5WTQDD4mEmor4.roa
File:                     gYBVJZmNIdcxDC5WTQDD4mEmor4.roa (raw, json)
Hash identifier:          NtE7acotOkAcT8a9lvGXKloeD7hCqcrLikIbjjvfM8c=
Subject key identifier:   81:80:55:25:99:8D:21:D7:31:0C:2E:56:4D:00:C3:E2:61:26:A2:BE
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0198EB387C62DD3E18DD14A3750E0B3A7286
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/gYBVJZmNIdcxDC5WTQDD4mEmor4.roa
Signing time:             Wed 27 Aug 2025 11:10:04 +0000
ROA not before:           Wed 27 Aug 2025 11:10:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213220
IP address blocks:        194.31.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:eb:38:7c:62:dd:3e:18:dd:14:a3:75:0e:0b:3a:72:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Aug 27 11:10:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81805525998d21d7310c2e564d00c3e26126a2be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fb:05:9c:be:4d:06:74:e3:4a:a1:a9:a8:31:
                    cf:07:96:25:22:00:4f:51:3e:d5:c7:63:f7:cc:1e:
                    30:80:33:e0:5d:a6:4d:29:74:a0:3c:7c:a6:1f:db:
                    84:c5:6d:30:05:f7:ec:0f:17:47:bc:cc:05:35:40:
                    97:29:32:75:10:4d:d4:5b:1b:ba:db:3d:02:57:73:
                    70:d6:d3:0b:5f:d6:f4:4d:b8:ba:a6:21:da:30:9d:
                    a9:35:6d:0e:a1:4f:0a:84:70:b2:ab:96:20:94:09:
                    1f:35:13:d0:7f:96:66:9d:37:c9:87:bc:ec:33:51:
                    73:5f:60:89:76:05:97:60:9f:f1:7a:bd:3c:41:5b:
                    56:65:eb:df:8c:97:ad:11:f4:5c:7a:58:e8:10:c6:
                    e6:37:4c:33:c0:2f:39:88:1d:ab:b3:26:a1:e1:e1:
                    cb:1b:d7:1b:0e:64:3e:80:93:e2:12:cf:98:f5:bc:
                    96:0d:a1:cf:32:f8:c8:45:81:ea:e0:e5:99:2c:00:
                    00:33:21:c3:d2:ba:f4:cc:db:ac:a0:98:e9:c2:23:
                    f7:53:d9:21:06:38:b7:d8:e4:79:44:69:fd:7c:69:
                    89:d1:63:ad:0c:95:7e:96:31:19:f4:e9:7b:15:d6:
                    6c:37:2f:9a:fa:3a:cd:78:e4:61:3d:cf:b4:d3:f9:
                    05:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:80:55:25:99:8D:21:D7:31:0C:2E:56:4D:00:C3:E2:61:26:A2:BE
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/gYBVJZmNIdcxDC5WTQDD4mEmor4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:15:87:eb:c6:fa:63:94:cc:63:f2:80:8f:04:7b:9d:e8:2b:
         a9:ee:59:e7:22:a3:6f:cf:bb:99:10:e2:fc:94:29:ed:40:c4:
         04:69:fc:4d:45:2b:10:89:77:db:88:aa:0e:a9:42:84:68:0b:
         8e:9e:4c:2d:87:e1:17:23:a9:4f:42:f1:b6:82:e9:ee:13:77:
         d2:c5:87:97:a0:57:b7:4f:e0:88:e1:62:c5:86:72:bf:5c:3f:
         1c:9f:66:2e:d3:d1:bb:f2:cb:9f:01:ee:9e:4f:b7:0c:05:80:
         d5:57:f9:e0:4f:7c:c2:fc:76:25:99:24:38:14:2b:20:2a:e0:
         13:36:1b:44:0d:f8:99:6c:6e:35:1b:ee:b3:1a:12:e9:e6:0e:
         7a:66:35:73:87:ac:73:97:4f:81:54:3c:3d:35:62:66:10:d0:
         98:71:45:e3:31:aa:b8:79:4d:28:d5:36:92:7b:73:63:8b:bf:
         5f:1b:7a:38:cf:11:df:51:69:07:a3:35:0e:34:97:ea:50:12:
         d8:bc:35:9f:7b:cb:10:80:f4:50:93:32:6e:c1:f7:ac:58:ea:
         bc:b1:91:0b:29:47:9b:98:a4:a2:d3:b3:6d:e9:89:85:67:be:
         6b:4f:f4:af:82:f8:ca:c4:b2:18:ae:8c:7e:d4:9e:de:57:38:
         c7:f5:4b:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjrOHxi3T4Y3RSjdQ4LOnKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwODI3MTExMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTgwNTUyNTk5OGQyMWQ3MzEwYzJlNTY0ZDAwYzNlMjYxMjZhMmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofsFnL5NBnTjSqGpqDHPB5YlIgBP
UT7Vx2P3zB4wgDPgXaZNKXSgPHymH9uExW0wBffsDxdHvMwFNUCXKTJ1EE3UWxu6
2z0CV3Nw1tMLX9b0Tbi6piHaMJ2pNW0OoU8KhHCyq5YglAkfNRPQf5ZmnTfJh7zs
M1FzX2CJdgWXYJ/xer08QVtWZevfjJetEfRceljoEMbmN0wzwC85iB2rsyah4eHL
G9cbDmQ+gJPiEs+Y9byWDaHPMvjIRYHq4OWZLAAAMyHD0rr0zNusoJjpwiP3U9kh
Bji32OR5RGn9fGmJ0WOtDJV+ljEZ9Ol7FdZsNy+a+jrNeORhPc+00/kFJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGAVSWZjSHXMQwuVk0Aw+JhJqK+MB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvZ1lCVkpabU5JZGN4REM1V1RRREQ0bUVtb3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh9IMA0G
CSqGSIb3DQEBCwUAA4IBAQC0FYfrxvpjlMxj8oCPBHud6Cup7lnnIqNvz7uZEOL8
lCntQMQEafxNRSsQiXfbiKoOqUKEaAuOnkwth+EXI6lPQvG2gunuE3fSxYeXoFe3
T+CI4WLFhnK/XD8cn2Yu09G78sufAe6eT7cMBYDVV/ngT3zC/HYlmSQ4FCsgKuAT
NhtEDfiZbG41G+6zGhLp5g56ZjVzh6xzl0+BVDw9NWJmENCYcUXjMaq4eU0o1TaS
e3Nji79fG3o4zxHfUWkHozUONJfqUBLYvDWfe8sQgPRQkzJuwfesWOq8sZELKUeb
mKSi07Nt6YmFZ75rT/SvgvjKxLIYrox+1J7eVzjH9Utp
-----END CERTIFICATE-----