Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/GSUyrsgD-8hbyXwRx2V71EkTBp8.roa
File:                     GSUyrsgD-8hbyXwRx2V71EkTBp8.roa (raw, json)
Hash identifier:          8Pr7dmpQrGiRHGRXxFvpYmKJkKyMBCaORWjGDjY2kDI=
Subject key identifier:   19:25:32:AE:C8:03:FB:C8:5B:C9:7C:11:C7:65:7B:D4:49:13:06:9F
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01999F39B355C6BBAD469F8D0C8D1A7D8E18
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/GSUyrsgD-8hbyXwRx2V71EkTBp8.roa
Signing time:             Wed 01 Oct 2025 10:03:02 +0000
ROA not before:           Wed 01 Oct 2025 10:03:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     272330
IP address blocks:        45.142.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9f:39:b3:55:c6:bb:ad:46:9f:8d:0c:8d:1a:7d:8e:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Oct  1 10:03:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=192532aec803fbc85bc97c11c7657bd44913069f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1c:d9:13:6f:77:17:af:ad:1a:13:e1:70:13:
                    e9:3d:77:35:07:f6:f8:9e:a8:87:1d:41:87:5a:bf:
                    dc:ec:da:ea:fe:8c:d3:21:cd:66:69:e3:ee:0d:b3:
                    86:65:b2:c9:1e:46:33:56:3a:94:ad:88:8c:9e:a1:
                    a5:b8:60:8f:8b:19:5a:48:15:9f:c9:06:fa:a0:19:
                    7c:e1:5c:45:29:9c:27:47:47:57:3c:ba:d3:25:9c:
                    7a:f1:82:8e:39:4f:37:65:54:e8:56:7f:17:cf:b4:
                    68:af:b0:fd:a8:d3:08:e9:9b:b6:28:ac:27:a7:d9:
                    f8:06:df:4c:58:bc:1a:02:74:a7:81:bd:9f:f6:db:
                    45:95:fb:44:20:0d:ad:31:71:ea:91:11:67:ae:a2:
                    57:7f:55:5c:e6:f5:51:94:9f:77:b0:6c:38:08:cb:
                    35:0c:0f:45:8d:a8:c3:17:77:0d:73:31:16:3b:f8:
                    5c:6b:7c:11:75:3d:e5:1e:c6:9c:19:f2:49:6f:74:
                    4c:d8:28:4e:40:36:5f:53:6c:8c:4d:0a:19:3e:0c:
                    1f:16:d9:38:a1:5b:d3:58:a8:6b:e4:6e:aa:09:44:
                    d4:df:20:b1:5f:3b:d7:aa:42:1d:c5:0c:e4:df:83:
                    26:72:95:83:ad:c7:7b:35:e6:c6:92:31:52:ba:97:
                    47:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:25:32:AE:C8:03:FB:C8:5B:C9:7C:11:C7:65:7B:D4:49:13:06:9F
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/GSUyrsgD-8hbyXwRx2V71EkTBp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:35:15:fe:ac:62:f4:b3:96:af:96:bb:47:2e:7a:58:be:f9:
         fd:d5:5f:e4:20:51:4c:10:fc:0c:7f:99:b0:87:a4:6e:d4:6c:
         1a:95:1c:6b:36:bf:0d:5d:40:7f:b7:ff:b2:de:f6:64:cb:a9:
         c8:0f:da:35:3c:ae:55:de:5a:f6:69:8c:ce:d9:78:f3:43:08:
         47:c0:f0:a4:00:95:3a:38:83:df:5e:34:3a:a2:1d:b8:c9:e9:
         f7:b4:7f:ba:03:76:02:67:6c:1e:25:8e:14:8a:23:f5:76:34:
         b7:47:15:f4:fa:b6:79:60:e7:12:c0:09:61:4f:52:03:11:8c:
         15:11:2c:da:f3:70:da:b9:86:7d:59:fa:50:a8:b8:ed:69:9a:
         2d:0b:ad:c3:d2:d6:7f:ef:f9:dc:df:f5:fa:f9:35:fc:d2:85:
         75:c2:e8:a7:f3:92:45:4a:17:bb:53:14:9f:01:e7:66:d1:f5:
         11:1b:53:83:35:e9:74:14:53:cf:0f:67:13:93:e1:7e:d7:22:
         b5:46:31:e8:20:2b:ae:23:ff:d1:dd:f3:b3:fa:27:4b:1c:cb:
         95:0a:72:ec:f8:b3:0c:22:b0:0b:17:48:dc:bc:f4:0d:a7:c7:
         10:c2:f0:e6:d0:8e:8e:97:45:30:46:1a:95:50:e1:93:a5:3e:
         da:f3:c0:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmfObNVxrutRp+NDI0afY4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUxMDAxMTAwMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTI1MzJhZWM4MDNmYmM4NWJjOTdjMTFjNzY1N2JkNDQ5MTMwNjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRzZE293F6+tGhPhcBPpPXc1B/b4
nqiHHUGHWr/c7Nrq/ozTIc1maePuDbOGZbLJHkYzVjqUrYiMnqGluGCPixlaSBWf
yQb6oBl84VxFKZwnR0dXPLrTJZx68YKOOU83ZVToVn8Xz7Ror7D9qNMI6Zu2KKwn
p9n4Bt9MWLwaAnSngb2f9ttFlftEIA2tMXHqkRFnrqJXf1Vc5vVRlJ93sGw4CMs1
DA9FjajDF3cNczEWO/hca3wRdT3lHsacGfJJb3RM2ChOQDZfU2yMTQoZPgwfFtk4
oVvTWKhr5G6qCUTU3yCxXzvXqkIdxQzk34MmcpWDrcd7NebGkjFSupdHMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBklMq7IA/vIW8l8Ecdle9RJEwafMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvR1NVeXJzZ0QtOGhieVh3UngyVjcxRWtUQnA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY4oMA0G
CSqGSIb3DQEBCwUAA4IBAQB/NRX+rGL0s5avlrtHLnpYvvn91V/kIFFMEPwMf5mw
h6Ru1GwalRxrNr8NXUB/t/+y3vZky6nID9o1PK5V3lr2aYzO2XjzQwhHwPCkAJU6
OIPfXjQ6oh24yen3tH+6A3YCZ2weJY4UiiP1djS3RxX0+rZ5YOcSwAlhT1IDEYwV
ESza83DauYZ9WfpQqLjtaZotC63D0tZ/7/nc3/X6+TX80oV1wuin85JFShe7UxSf
Aedm0fURG1ODNel0FFPPD2cTk+F+1yK1RjHoICuuI//R3fOz+idLHMuVCnLs+LMM
IrALF0jcvPQNp8cQwvDm0I6Ol0UwRhqVUOGTpT7a88BX
-----END CERTIFICATE-----