Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/gnsJSXke69khQKvmyXFs37GD7g8.roa
File:                     gnsJSXke69khQKvmyXFs37GD7g8.roa (raw, json)
Hash identifier:          4w7s5qQeu5b0MvjVI6GYHgBwiVj/VRDAL/3vkRnMGlU=
Subject key identifier:   82:7B:09:49:79:1E:EB:D9:21:40:AB:E6:C9:71:6C:DF:B1:83:EE:0F
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0197511630282E7BF8204B1126AB345F99BC
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/gnsJSXke69khQKvmyXFs37GD7g8.roa
Signing time:             Sun 08 Jun 2025 19:48:17 +0000
ROA not before:           Sun 08 Jun 2025 19:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        88.216.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:51:16:30:28:2e:7b:f8:20:4b:11:26:ab:34:5f:99:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jun  8 19:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=827b0949791eebd92140abe6c9716cdfb183ee0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:06:59:e1:7d:70:99:6e:fb:e8:2b:5a:2f:22:
                    12:07:d2:7b:66:55:43:9c:81:58:de:a7:b8:6d:3c:
                    bc:22:f2:9a:73:f0:ce:14:04:80:eb:80:10:19:03:
                    7f:f0:c8:a6:8b:5f:64:a7:85:3e:77:eb:fa:8e:de:
                    54:62:67:37:dc:8d:b9:ab:8b:09:52:8a:34:1f:e7:
                    2e:8b:20:27:a9:5e:3e:fa:6b:31:46:c5:b4:c2:4b:
                    92:0b:83:b2:44:cd:71:54:c3:ac:f4:c9:7e:d9:f1:
                    e5:86:7d:db:a2:d6:a7:24:3d:33:56:d3:5f:0a:49:
                    a5:e8:bc:19:63:bb:9e:34:57:cc:92:d5:a2:12:fb:
                    20:d4:9e:69:2b:b2:c9:07:3e:e7:51:1d:d9:32:b5:
                    6e:ef:60:5b:77:32:f6:8e:2e:5c:ad:59:16:30:f6:
                    1c:7d:d2:cb:f8:ee:98:df:e0:6b:b2:38:1c:d6:f4:
                    c7:b7:6f:4b:37:72:b6:4d:bd:af:ae:88:de:13:8a:
                    1c:e0:22:14:54:3d:29:1f:3a:4e:8f:70:58:be:90:
                    6c:78:67:da:a4:0a:02:d3:e3:c7:d2:44:1e:36:45:
                    7d:d4:ea:d7:50:08:b7:c5:27:74:3e:18:fe:2a:40:
                    61:a5:04:92:f3:47:5f:61:35:22:80:14:f1:f8:aa:
                    5a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:7B:09:49:79:1E:EB:D9:21:40:AB:E6:C9:71:6C:DF:B1:83:EE:0F
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/gnsJSXke69khQKvmyXFs37GD7g8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:52:df:c8:29:7d:67:47:9c:cb:bb:2f:0c:02:38:8a:64:c0:
         d6:02:3c:c3:8e:c0:15:03:e0:45:ff:6c:4e:11:94:73:3c:67:
         f8:4c:0c:b9:08:c2:85:28:2d:be:22:e7:0a:cf:f4:c5:94:84:
         4a:7c:f4:4f:ce:7b:a1:e2:57:c8:05:61:a3:4c:7e:35:5d:fe:
         3b:2d:f6:6b:6c:9e:29:86:29:cb:fe:3b:d2:b5:19:f1:ae:0f:
         25:fa:cd:1d:95:66:cb:2a:07:b5:09:31:79:65:31:1f:1f:cd:
         de:36:8a:f0:bb:db:68:f1:e7:f5:bf:d7:9a:2f:71:59:12:e8:
         a0:b7:71:86:8c:54:48:48:5c:07:d2:98:cb:20:4f:e6:13:b5:
         5d:6e:50:2e:10:47:31:fe:c6:e6:25:f2:67:6a:63:0c:04:c0:
         45:da:94:20:f2:ff:2a:92:df:b3:5d:0c:45:18:a8:39:d3:dc:
         e1:f4:7c:47:60:a8:e5:7d:d0:7c:8c:6b:b1:03:34:c4:9d:60:
         f2:42:8d:b6:99:3e:d5:3c:ee:4b:51:69:ed:63:91:65:7b:d4:
         c3:18:f2:53:e0:c5:7c:2b:00:52:43:ee:9f:14:a8:75:b9:72:
         25:6d:86:a3:5c:92:5e:28:8d:7e:cc:f3:40:84:fc:31:92:95:
         3d:09:36:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdRFjAoLnv4IEsRJqs0X5m8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwNjA4MTk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjdiMDk0OTc5MWVlYmQ5MjE0MGFiZTZjOTcxNmNkZmIxODNlZTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QZZ4X1wmW776CtaLyISB9J7ZlVD
nIFY3qe4bTy8IvKac/DOFASA64AQGQN/8Mimi19kp4U+d+v6jt5UYmc33I25q4sJ
Uoo0H+cuiyAnqV4++msxRsW0wkuSC4OyRM1xVMOs9Ml+2fHlhn3botanJD0zVtNf
Ckml6LwZY7ueNFfMktWiEvsg1J5pK7LJBz7nUR3ZMrVu72BbdzL2ji5crVkWMPYc
fdLL+O6Y3+Brsjgc1vTHt29LN3K2Tb2vrojeE4oc4CIUVD0pHzpOj3BYvpBseGfa
pAoC0+PH0kQeNkV91OrXUAi3xSd0Phj+KkBhpQSS80dfYTUigBTx+KpaDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJ7CUl5HuvZIUCr5slxbN+xg+4PMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZ25zSlNYa2U2OWtoUUt2bXlYRnMzN0dEN2c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNjgMA0G
CSqGSIb3DQEBCwUAA4IBAQBVUt/IKX1nR5zLuy8MAjiKZMDWAjzDjsAVA+BF/2xO
EZRzPGf4TAy5CMKFKC2+IucKz/TFlIRKfPRPznuh4lfIBWGjTH41Xf47LfZrbJ4p
hinL/jvStRnxrg8l+s0dlWbLKge1CTF5ZTEfH83eNorwu9to8ef1v9eaL3FZEuig
t3GGjFRISFwH0pjLIE/mE7VdblAuEEcx/sbmJfJnamMMBMBF2pQg8v8qkt+zXQxF
GKg509zh9HxHYKjlfdB8jGuxAzTEnWDyQo22mT7VPO5LUWntY5Fle9TDGPJT4MV8
KwBSQ+6fFKh1uXIlbYajXJJeKI1+zPNAhPwxkpU9CTZB
-----END CERTIFICATE-----