Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/gpgP_YmTtsmxlSANAlEYmQOs-r4.roa
File:                     gpgP_YmTtsmxlSANAlEYmQOs-r4.roa (raw, json)
Hash identifier:          MsN3w01I4GAkWG1L2v4xb1q5dQkczXCJIOeH3N8wUHE=
Subject key identifier:   82:98:0F:FD:89:93:B6:C9:B1:95:20:0D:02:51:18:99:03:AC:FA:BE
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       0197A84715FE571F824625D52C8A60EE8926
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/gpgP_YmTtsmxlSANAlEYmQOs-r4.roa
Signing time:             Wed 25 Jun 2025 18:08:40 +0000
ROA not before:           Wed 25 Jun 2025 18:08:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211895
IP address blocks:        85.204.127.0/24 maxlen: 24
                          89.33.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a8:47:15:fe:57:1f:82:46:25:d5:2c:8a:60:ee:89:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jun 25 18:08:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82980ffd8993b6c9b195200d0251189903acfabe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ec:56:75:86:45:08:08:cf:89:44:9a:ae:0d:
                    ff:0a:fc:a3:ce:7a:c9:81:cb:c3:69:f3:9b:c1:37:
                    9a:51:6c:45:90:bd:86:8f:33:00:ad:f0:99:07:fe:
                    23:8f:27:37:a3:45:61:cf:f9:b0:60:22:f1:37:89:
                    20:c9:c3:33:f4:97:70:5a:72:92:15:42:a8:78:ae:
                    eb:56:a3:77:40:32:30:d1:28:e6:7f:c6:75:c6:6a:
                    71:e7:cb:e8:63:ea:33:a7:6c:38:9b:f1:72:0c:c6:
                    1d:f0:d4:58:b7:5e:57:68:18:f8:c8:ae:7b:3c:5d:
                    ae:e8:10:3a:17:e5:e1:4b:c2:8b:d8:bf:03:a9:a6:
                    3a:93:80:6f:14:f1:78:09:d4:0c:7e:2a:cd:b8:c6:
                    0e:1e:b6:e5:e2:b3:d3:0e:99:75:0c:8d:84:be:cc:
                    53:99:c1:fc:1b:63:13:33:7d:a0:4f:61:ad:31:20:
                    48:2d:cd:8b:48:2f:ff:78:69:99:2c:48:b2:82:f8:
                    e4:c7:38:8c:e9:39:99:34:ef:d3:de:0b:49:8b:80:
                    39:f4:f4:82:b9:90:8b:6c:5f:52:e1:60:11:7e:67:
                    90:0d:1b:33:d9:34:53:b9:6a:54:07:e7:56:c7:3a:
                    f2:c1:cd:02:cf:9a:61:99:bc:bf:64:40:e2:44:6a:
                    22:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:98:0F:FD:89:93:B6:C9:B1:95:20:0D:02:51:18:99:03:AC:FA:BE
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/gpgP_YmTtsmxlSANAlEYmQOs-r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.127.0/24
                  89.33.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:e6:58:00:5b:8d:b3:90:39:9f:3b:b5:b0:4c:13:ac:e3:41:
         c4:ff:8c:d4:39:52:fa:81:70:0f:9c:42:ec:77:54:d4:3b:e2:
         0a:10:8c:32:96:07:c0:ef:ec:7f:9a:71:76:10:48:7c:21:ec:
         cf:ca:25:eb:cf:6b:af:c0:40:ab:39:29:0c:e2:7a:57:7b:5c:
         58:56:54:f7:7c:c9:0a:fa:1c:cb:36:72:bb:97:06:b1:4f:79:
         92:40:70:dd:6e:ec:2d:f3:20:78:8e:ff:8b:c4:b3:b7:21:b4:
         41:7d:c8:4a:d7:c7:f2:85:4a:1c:10:02:f0:4a:a7:56:32:1f:
         12:2c:ee:70:5e:e2:5f:69:ae:7c:8f:2c:62:c6:d8:23:cf:ff:
         6a:4c:a9:6f:dd:e8:19:b0:45:a4:8f:6a:b2:8e:39:15:a2:eb:
         f7:37:e3:44:c4:37:4b:27:6f:35:e5:4d:69:5c:0e:40:f2:06:
         15:19:97:a1:2f:5c:cf:1d:1b:45:c5:26:be:e6:6d:b0:4e:76:
         19:74:bd:96:71:a2:8d:90:10:0c:8d:06:ab:fc:1b:f7:be:0e:
         1d:63:4b:d5:0d:99:5e:27:2c:09:6a:ca:6f:a2:38:4e:bf:25:
         75:4a:dd:9b:aa:9c:f1:0d:4a:2d:ed:81:71:a9:4e:fb:95:25:
         65:81:d8:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeoRxX+Vx+CRiXVLIpg7okmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwNjI1MTgwODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjk4MGZmZDg5OTNiNmM5YjE5NTIwMGQwMjUxMTg5OTAzYWNmYWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuxWdYZFCAjPiUSarg3/CvyjznrJ
gcvDafObwTeaUWxFkL2GjzMArfCZB/4jjyc3o0Vhz/mwYCLxN4kgycMz9JdwWnKS
FUKoeK7rVqN3QDIw0Sjmf8Z1xmpx58voY+ozp2w4m/FyDMYd8NRYt15XaBj4yK57
PF2u6BA6F+XhS8KL2L8DqaY6k4BvFPF4CdQMfirNuMYOHrbl4rPTDpl1DI2EvsxT
mcH8G2MTM32gT2GtMSBILc2LSC//eGmZLEiygvjkxziM6TmZNO/T3gtJi4A59PSC
uZCLbF9S4WARfmeQDRsz2TRTuWpUB+dWxzrywc0Cz5phmby/ZEDiRGoiFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIKYD/2Jk7bJsZUgDQJRGJkDrPq+MB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvZ3BnUF9ZbVR0c214bFNBTkFsRVltUU9zLXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcx/AwQA
WSGjMA0GCSqGSIb3DQEBCwUAA4IBAQAa5lgAW42zkDmfO7WwTBOs40HE/4zUOVL6
gXAPnELsd1TUO+IKEIwylgfA7+x/mnF2EEh8IezPyiXrz2uvwECrOSkM4npXe1xY
VlT3fMkK+hzLNnK7lwaxT3mSQHDdbuwt8yB4jv+LxLO3IbRBfchK18fyhUocEALw
SqdWMh8SLO5wXuJfaa58jyxixtgjz/9qTKlv3egZsEWkj2qyjjkVouv3N+NExDdL
J2815U1pXA5A8gYVGZehL1zPHRtFxSa+5m2wTnYZdL2WcaKNkBAMjQar/Bv3vg4d
Y0vVDZleJywJaspvojhOvyV1St2bqpzxDUot7YFxqU77lSVlgdje
-----END CERTIFICATE-----