Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/gt8flTD_zJibygdA8dyeuF1l6X4.roa
File:                     gt8flTD_zJibygdA8dyeuF1l6X4.roa (raw, json)
Hash identifier:          aubI8iptMgWbWF9zUBH11nChoCQulzBZponMqronaCU=
Subject key identifier:   82:DF:1F:95:30:FF:CC:98:9B:CA:07:40:F1:DC:9E:B8:5D:65:E9:7E
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0197F43D5746BD46B8AD4CCC3137EACE4155
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/gt8flTD_zJibygdA8dyeuF1l6X4.roa
Signing time:             Thu 10 Jul 2025 12:09:09 +0000
ROA not before:           Thu 10 Jul 2025 12:09:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     269800
IP address blocks:        95.164.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:3d:57:46:bd:46:b8:ad:4c:cc:31:37:ea:ce:41:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jul 10 12:09:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82df1f9530ffcc989bca0740f1dc9eb85d65e97e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:de:d7:c4:08:9a:2c:94:cd:a0:24:c0:35:66:
                    cf:08:49:b2:b8:da:eb:94:e0:f0:86:e8:51:51:1e:
                    12:ed:45:61:16:29:b2:1b:3e:7a:25:0e:ee:40:dd:
                    df:06:7d:9e:ff:7b:51:66:19:27:51:b5:0c:f0:ae:
                    66:ca:5e:d3:2a:eb:f4:e4:06:f3:5b:f3:f6:42:e2:
                    04:58:c8:f3:d5:d3:3b:f4:4f:80:ed:68:db:88:8a:
                    c2:d8:ce:3c:69:88:bf:94:f9:2f:04:8a:b1:4c:4d:
                    a9:fc:fe:83:32:95:c0:fb:67:e3:5f:eb:30:0f:f1:
                    65:ae:b2:95:b8:8e:83:50:4b:ad:8a:15:96:a2:56:
                    fc:09:ef:4a:9d:82:23:da:27:e6:80:79:4f:b4:d2:
                    49:e9:61:c2:c2:cf:1f:1c:44:0a:10:85:77:4e:45:
                    ff:d2:29:da:38:62:c3:6e:d4:76:e4:ee:be:c2:f5:
                    56:94:01:05:0e:83:f9:46:32:94:c8:80:29:f1:f6:
                    5b:c6:da:ea:98:cb:8d:46:2f:ab:dd:72:da:65:f8:
                    03:15:03:db:bf:b3:c7:11:bc:7c:ff:ac:99:31:05:
                    88:2e:de:e1:49:24:b8:b5:fd:28:76:92:b2:b1:23:
                    40:24:8e:40:ee:5b:33:01:52:9d:49:04:a1:f5:0f:
                    50:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:DF:1F:95:30:FF:CC:98:9B:CA:07:40:F1:DC:9E:B8:5D:65:E9:7E
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/gt8flTD_zJibygdA8dyeuF1l6X4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:64:54:46:aa:d5:7b:e5:6d:04:8a:90:c3:9b:61:3f:2e:3d:
         9c:2d:4d:dc:b1:ea:f0:c2:58:72:0d:8b:97:67:90:49:86:d1:
         ee:e5:bf:6b:88:16:4c:51:1c:3d:65:3b:a5:f0:10:70:c9:1d:
         1e:74:a7:7d:b8:d6:91:0c:b8:14:f3:28:50:c5:5a:30:35:b4:
         9b:52:21:2a:16:60:9b:03:06:32:47:99:bb:1e:98:60:1d:bc:
         20:b7:1f:41:c7:66:60:d0:5c:0e:92:f8:00:d5:f3:64:a6:bd:
         39:c9:8f:b8:d0:f7:93:dc:5c:5f:ba:72:c6:0d:75:5b:1c:db:
         3e:f0:5d:7f:c1:29:ed:1f:13:32:57:34:00:40:8f:e8:37:f4:
         ba:78:1c:16:f1:f7:48:7e:6a:04:b5:b1:4b:81:03:c8:cd:55:
         c3:b9:ec:d3:69:ff:e1:d5:ea:de:0b:78:b1:b0:33:06:7d:a4:
         fa:3e:b7:53:14:a1:c3:09:90:04:5c:9e:85:bf:32:d0:7b:a0:
         20:fd:69:cf:9a:4c:0e:d3:05:06:7f:71:b1:dc:95:fc:55:5d:
         d2:44:51:a1:4b:89:38:5b:4a:d5:9e:92:e3:c5:31:08:91:29:
         36:6f:5b:ec:5e:70:31:65:cf:7c:43:14:ba:7e:24:7a:70:fe:
         c9:12:89:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf0PVdGvUa4rUzMMTfqzkFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzEwMTIwOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmRmMWY5NTMwZmZjYzk4OWJjYTA3NDBmMWRjOWViODVkNjVlOTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1N7XxAiaLJTNoCTANWbPCEmyuNrr
lODwhuhRUR4S7UVhFimyGz56JQ7uQN3fBn2e/3tRZhknUbUM8K5myl7TKuv05Abz
W/P2QuIEWMjz1dM79E+A7WjbiIrC2M48aYi/lPkvBIqxTE2p/P6DMpXA+2fjX+sw
D/FlrrKVuI6DUEutihWWolb8Ce9KnYIj2ifmgHlPtNJJ6WHCws8fHEQKEIV3TkX/
0inaOGLDbtR25O6+wvVWlAEFDoP5RjKUyIAp8fZbxtrqmMuNRi+r3XLaZfgDFQPb
v7PHEbx8/6yZMQWILt7hSSS4tf0odpKysSNAJI5A7lszAVKdSQSh9Q9QRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILfH5Uw/8yYm8oHQPHcnrhdZel+MB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvZ3Q4ZmxURF96SmlieWdkQThkeWV1RjFsNlg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6TsMA0G
CSqGSIb3DQEBCwUAA4IBAQBqZFRGqtV75W0EipDDm2E/Lj2cLU3cserwwlhyDYuX
Z5BJhtHu5b9riBZMURw9ZTul8BBwyR0edKd9uNaRDLgU8yhQxVowNbSbUiEqFmCb
AwYyR5m7HphgHbwgtx9Bx2Zg0FwOkvgA1fNkpr05yY+40PeT3FxfunLGDXVbHNs+
8F1/wSntHxMyVzQAQI/oN/S6eBwW8fdIfmoEtbFLgQPIzVXDuezTaf/h1ereC3ix
sDMGfaT6PrdTFKHDCZAEXJ6FvzLQe6Ag/WnPmkwO0wUGf3Gx3JX8VV3SRFGhS4k4
W0rVnpLjxTEIkSk2b1vsXnAxZc98QxS6fiR6cP7JEokB
-----END CERTIFICATE-----