Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/ghLUfufgx1VoBmbU1sZuk7NLdck.roa
File:                     ghLUfufgx1VoBmbU1sZuk7NLdck.roa (raw, json)
Hash identifier:          KlUf0BqZgjwHYa7TQ0G1F7PJPcSLF10z1HCqYwcsEU0=
Subject key identifier:   82:12:D4:7E:E7:E0:C7:55:68:06:66:D4:D6:C6:6E:93:B3:4B:75:C9
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       0199B54A78D0AE8D404670A0DD359D012AEA
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/ghLUfufgx1VoBmbU1sZuk7NLdck.roa
Signing time:             Sun 05 Oct 2025 16:53:00 +0000
ROA not before:           Sun 05 Oct 2025 16:53:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        45.140.245.0/24 maxlen: 24
                          81.199.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b5:4a:78:d0:ae:8d:40:46:70:a0:dd:35:9d:01:2a:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Oct  5 16:53:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8212d47ee7e0c755680666d4d6c66e93b34b75c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:95:58:d4:b2:c6:32:b9:47:60:92:f4:40:f5:
                    6f:ce:72:62:bd:7f:83:85:ba:ce:68:0e:56:57:be:
                    ac:1d:0f:8c:10:0d:9d:0c:3f:54:c2:17:1e:95:dd:
                    93:e2:53:72:1e:0a:9e:73:27:b0:ff:bd:72:ee:2d:
                    55:1b:4c:5d:77:5e:4d:02:71:c1:94:5a:c9:c1:45:
                    dc:2f:89:ee:3d:f1:46:77:03:c0:f9:0f:e6:e8:e5:
                    12:d4:7c:6f:16:85:01:8b:7d:cc:c8:94:b7:34:39:
                    21:a6:ca:8d:01:ec:8c:f1:9e:4f:8d:a9:54:9a:75:
                    3d:58:98:e6:cb:bb:d1:5c:67:fe:d2:d5:3b:7e:f6:
                    7e:e8:db:60:20:3e:bd:82:5b:af:87:db:15:14:78:
                    19:ce:d7:4e:0d:70:3c:26:85:83:c1:8d:55:79:3b:
                    13:ae:25:f4:c0:05:a2:5e:e4:b1:dc:04:16:19:13:
                    81:8f:97:53:10:67:37:5b:47:38:06:97:95:9d:7f:
                    ba:d9:2d:e5:a4:f6:c9:0f:74:1b:1c:83:2e:97:8c:
                    9e:6e:97:cf:24:67:03:00:c6:57:f1:74:9b:28:07:
                    f5:51:c2:fe:ec:38:72:da:8e:37:53:e9:72:2f:19:
                    21:bd:e4:d1:d3:79:a9:f3:6a:cc:27:66:e9:20:3d:
                    7d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:12:D4:7E:E7:E0:C7:55:68:06:66:D4:D6:C6:6E:93:B3:4B:75:C9
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/ghLUfufgx1VoBmbU1sZuk7NLdck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.245.0/24
                  81.199.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:6a:88:21:aa:43:66:a5:69:ba:9a:e4:f8:1b:98:7a:ad:36:
         cd:f7:86:1a:32:f6:4b:1e:4e:03:d1:d2:c9:13:98:18:71:a9:
         79:1e:6d:1e:59:9d:b8:8e:b7:af:10:ec:ce:28:10:5c:79:bc:
         25:b2:62:a6:48:7a:1a:47:33:db:e9:6e:0c:6a:d6:6c:63:7e:
         a3:53:91:45:25:0e:8c:34:9c:ed:20:3e:3b:48:1f:9e:52:e4:
         65:f2:eb:24:98:ba:42:bf:10:87:a5:9c:c7:df:ad:43:2d:ea:
         39:27:05:a5:18:e2:c5:31:63:23:6f:96:3a:7c:92:c4:42:3f:
         64:19:59:44:6a:7c:60:ab:61:f3:6c:be:a3:dd:27:ce:61:a5:
         9a:4a:eb:9b:2c:69:a7:d8:e6:bc:22:18:59:a5:c7:25:aa:fa:
         43:02:80:f4:c1:dc:c1:ed:2e:7e:95:f7:ae:e2:06:12:a4:a4:
         f3:80:03:bd:cc:f7:34:50:10:a1:e6:88:2c:31:f2:41:d1:d1:
         20:f3:36:9c:d0:fd:60:40:9d:56:e6:00:76:d7:62:6f:e2:cf:
         47:dc:1b:a4:f8:77:a3:d8:6f:71:e0:0c:bb:3d:75:9d:e2:4b:
         fb:49:8b:0f:40:cc:4c:25:ab:eb:66:4c:69:98:43:d0:15:ca:
         00:94:1a:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm1SnjQro1ARnCg3TWdASrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUxMDA1MTY1MzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjEyZDQ3ZWU3ZTBjNzU1NjgwNjY2ZDRkNmM2NmU5M2IzNGI3NWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5VY1LLGMrlHYJL0QPVvznJivX+D
hbrOaA5WV76sHQ+MEA2dDD9Uwhceld2T4lNyHgqecyew/71y7i1VG0xdd15NAnHB
lFrJwUXcL4nuPfFGdwPA+Q/m6OUS1HxvFoUBi33MyJS3NDkhpsqNAeyM8Z5PjalU
mnU9WJjmy7vRXGf+0tU7fvZ+6NtgID69gluvh9sVFHgZztdODXA8JoWDwY1VeTsT
riX0wAWiXuSx3AQWGROBj5dTEGc3W0c4BpeVnX+62S3lpPbJD3QbHIMul4yebpfP
JGcDAMZX8XSbKAf1UcL+7Dhy2o43U+lyLxkhveTR03mp82rMJ2bpID19lwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIIS1H7n4MdVaAZm1NbGbpOzS3XJMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvZ2hMVWZ1Zmd4MVZvQm1iVTFzWnVrN05MZGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYz1AwQA
UccaMA0GCSqGSIb3DQEBCwUAA4IBAQC9aoghqkNmpWm6muT4G5h6rTbN94YaMvZL
Hk4D0dLJE5gYcal5Hm0eWZ24jrevEOzOKBBcebwlsmKmSHoaRzPb6W4MatZsY36j
U5FFJQ6MNJztID47SB+eUuRl8uskmLpCvxCHpZzH361DLeo5JwWlGOLFMWMjb5Y6
fJLEQj9kGVlEanxgq2HzbL6j3SfOYaWaSuubLGmn2Oa8IhhZpcclqvpDAoD0wdzB
7S5+lfeu4gYSpKTzgAO9zPc0UBCh5ogsMfJB0dEg8zac0P1gQJ1W5gB212Jv4s9H
3Buk+Hej2G9x4Ay7PXWd4kv7SYsPQMxMJavrZkxpmEPQFcoAlBpZ
-----END CERTIFICATE-----