Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/w_gzCBRtpUsiPnUGxqZUGzD1VAI.roa
File:                     w_gzCBRtpUsiPnUGxqZUGzD1VAI.roa (raw, json)
Hash identifier:          UW9r/G1zt1vXti13hE3C7ezuEbsxdhFejGJfjJIJOm8=
Subject key identifier:   C3:F8:33:08:14:6D:A5:4B:22:3E:75:06:C6:A6:54:1B:30:F5:54:02
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0199DC6AE9CD79E6BE94B8410636CFA185F5
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/w_gzCBRtpUsiPnUGxqZUGzD1VAI.roa
Signing time:             Mon 13 Oct 2025 07:13:38 +0000
ROA not before:           Mon 13 Oct 2025 07:13:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        79.175.115.0/24 maxlen: 24
                          81.18.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:6a:e9:cd:79:e6:be:94:b8:41:06:36:cf:a1:85:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 13 07:13:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3f83308146da54b223e7506c6a6541b30f55402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:73:1b:24:dd:ea:68:23:bc:22:25:ce:f8:ac:
                    33:45:04:6a:de:8f:0d:f9:9c:d5:55:7c:af:7a:15:
                    2a:ab:02:10:48:dc:f2:8b:7e:43:c1:e7:7e:87:d6:
                    8d:f1:25:ac:0c:35:e7:26:84:90:23:f8:db:f1:47:
                    8d:22:f4:ff:77:d3:15:a2:4b:18:ea:27:82:23:15:
                    d1:d1:1e:e5:bf:e8:9f:e5:90:64:b3:73:c1:82:37:
                    60:e0:a7:47:6a:0e:6b:6a:20:36:ec:91:51:fe:92:
                    1e:ce:9a:de:b0:f3:41:04:bf:e7:64:0e:75:54:5e:
                    23:6f:c9:1d:b7:14:7d:83:fd:1b:15:45:3a:84:c2:
                    09:66:6d:52:44:6c:8b:9d:80:78:11:ac:1c:21:b2:
                    51:11:79:01:88:ff:f3:98:38:60:4b:4b:a7:2f:4f:
                    f9:23:b7:79:95:9f:59:04:f0:83:b1:ec:2c:2b:7f:
                    b0:4a:4a:83:43:fc:b9:83:e0:d2:f2:7f:19:91:e2:
                    c3:57:6d:01:06:e9:ca:ca:5c:83:ae:63:7c:be:3c:
                    9d:24:24:a1:28:5b:87:eb:c1:b7:a4:e2:1f:87:60:
                    93:06:cb:ae:d9:e2:8f:d5:65:9c:9a:22:7f:4b:6c:
                    dc:25:76:38:b1:ff:b2:67:be:de:33:54:91:b3:46:
                    4e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F8:33:08:14:6D:A5:4B:22:3E:75:06:C6:A6:54:1B:30:F5:54:02
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/w_gzCBRtpUsiPnUGxqZUGzD1VAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.115.0/24
                  81.18.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:d7:fc:89:ed:6f:58:95:92:1c:bf:49:29:34:cc:cb:32:79:
         74:7e:ce:ee:f3:b8:73:d5:58:e7:c5:6d:bc:a7:8b:e7:01:e4:
         af:b2:d2:97:be:ea:7a:05:7d:ae:66:cc:88:a0:cb:a1:99:a0:
         29:f2:e9:8d:cd:a5:1b:ca:b7:62:52:c7:d4:72:23:47:61:ee:
         37:dc:7a:ac:32:68:eb:fe:14:50:97:5b:99:aa:c5:7d:2d:28:
         7c:99:69:af:62:83:9c:43:e5:98:5e:82:e3:ee:0a:e9:ff:23:
         aa:0d:98:e1:b8:64:2e:d6:9e:0e:b5:26:85:d4:1c:40:e7:78:
         20:06:a6:12:db:0a:d5:88:a2:fd:29:23:18:dc:05:dc:2d:c3:
         06:6a:c5:37:5d:95:49:e2:b7:1b:f2:9b:07:cd:84:cf:4d:e2:
         0f:9d:18:23:76:7f:a9:17:07:d2:a3:ac:7b:d5:13:b6:f5:e1:
         f2:17:b8:56:fd:22:93:af:2c:78:ad:fd:b5:4a:14:e7:9f:8b:
         69:b8:24:51:34:15:2e:75:d6:02:45:51:5d:e8:02:c2:46:36:
         e2:52:2b:cb:c9:1f:ab:26:7b:fd:bc:cf:57:3b:fb:a5:fb:d8:
         c7:86:e3:99:52:37:7e:94:17:6c:80:d3:0b:5e:7f:eb:a9:16:
         7e:4d:ab:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZncaunNeea+lLhBBjbPoYX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDEzMDcxMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Y4MzMwODE0NmRhNTRiMjIzZTc1MDZjNmE2NTQxYjMwZjU1NDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXMbJN3qaCO8IiXO+KwzRQRq3o8N
+ZzVVXyvehUqqwIQSNzyi35Dwed+h9aN8SWsDDXnJoSQI/jb8UeNIvT/d9MVoksY
6ieCIxXR0R7lv+if5ZBks3PBgjdg4KdHag5raiA27JFR/pIezpresPNBBL/nZA51
VF4jb8kdtxR9g/0bFUU6hMIJZm1SRGyLnYB4EawcIbJREXkBiP/zmDhgS0unL0/5
I7d5lZ9ZBPCDsewsK3+wSkqDQ/y5g+DS8n8ZkeLDV20BBunKylyDrmN8vjydJCSh
KFuH68G3pOIfh2CTBsuu2eKP1WWcmiJ/S2zcJXY4sf+yZ77eM1SRs0ZOMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMP4MwgUbaVLIj51BsamVBsw9VQCMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvd19nekNCUnRwVXNpUG5VR3hxWlVHekQxVkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT69zAwQA
URI/MA0GCSqGSIb3DQEBCwUAA4IBAQAG1/yJ7W9YlZIcv0kpNMzLMnl0fs7u87hz
1VjnxW28p4vnAeSvstKXvup6BX2uZsyIoMuhmaAp8umNzaUbyrdiUsfUciNHYe43
3HqsMmjr/hRQl1uZqsV9LSh8mWmvYoOcQ+WYXoLj7grp/yOqDZjhuGQu1p4OtSaF
1BxA53ggBqYS2wrViKL9KSMY3AXcLcMGasU3XZVJ4rcb8psHzYTPTeIPnRgjdn+p
FwfSo6x71RO29eHyF7hW/SKTryx4rf21ShTnn4tpuCRRNBUuddYCRVFd6ALCRjbi
UivLyR+rJnv9vM9XO/ul+9jHhuOZUjd+lBdsgNMLXn/rqRZ+Tati
-----END CERTIFICATE-----