Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gJUEmUI8raD8Dv1I0Fw1zO3u27w.roa
File:                     gJUEmUI8raD8Dv1I0Fw1zO3u27w.roa (raw, json)
Hash identifier:          xAY5n7MmqCcQ/9v7upvPuJEXPGaresezmiXgyPFCCz4=
Subject key identifier:   80:95:04:99:42:3C:AD:A0:FC:0E:FD:48:D0:5C:35:CC:ED:EE:DB:BC
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0198A2B1E8955FDD979462BBD43D1A308481
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gJUEmUI8raD8Dv1I0Fw1zO3u27w.roa
Signing time:             Wed 13 Aug 2025 09:10:25 +0000
ROA not before:           Wed 13 Aug 2025 09:10:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     271915
IP address blocks:        92.118.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:b1:e8:95:5f:dd:97:94:62:bb:d4:3d:1a:30:84:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Aug 13 09:10:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80950499423cada0fc0efd48d05c35ccedeedbbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8e:46:ab:19:dd:61:26:94:47:30:a4:a0:72:
                    69:4d:fc:64:19:73:e1:02:3d:6c:57:d3:67:a4:91:
                    08:3c:62:ec:f5:ae:ee:c6:11:65:53:80:ae:a3:da:
                    68:0e:5f:45:af:13:19:de:e5:60:32:c2:bd:43:72:
                    70:15:5b:47:01:e0:d9:d7:39:af:78:d4:7b:16:30:
                    04:82:cc:59:3d:f3:55:a6:26:0d:f7:03:75:3c:1c:
                    c5:77:a5:dd:5d:32:54:5c:31:08:14:c7:86:3d:4c:
                    ad:f3:7e:35:b1:b1:9e:8f:d5:f3:db:5a:31:e0:03:
                    3c:60:f1:02:43:65:d5:e5:c3:83:e6:d3:81:14:66:
                    1b:25:a1:70:2b:73:6c:32:dc:60:57:62:fc:0a:cc:
                    cb:51:53:2d:c8:ce:b0:4f:76:6b:48:26:33:dd:5a:
                    73:1f:34:f7:80:f7:57:cd:8d:75:8d:03:1e:65:d3:
                    20:51:45:69:74:5c:82:42:ce:3f:d2:50:61:5b:08:
                    52:8a:32:ef:16:78:12:ef:94:1c:c4:d2:83:f2:7b:
                    bd:8b:39:e7:76:2d:dc:2c:dd:07:79:a7:57:5b:43:
                    c5:97:28:fb:91:ea:02:ff:09:ce:cc:f1:c5:68:5b:
                    ac:19:fc:0a:c9:71:86:62:df:5c:8c:ad:a5:83:5d:
                    1e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:95:04:99:42:3C:AD:A0:FC:0E:FD:48:D0:5C:35:CC:ED:EE:DB:BC
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gJUEmUI8raD8Dv1I0Fw1zO3u27w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:16:ed:b2:f6:88:2c:4d:c5:37:d6:87:80:41:89:5d:da:c8:
         7f:2d:8a:9a:54:bc:25:63:c5:de:c0:c9:16:eb:e8:9d:d2:b4:
         a7:84:0d:c2:78:e2:af:93:78:50:e6:3e:5a:9a:c4:3d:32:7f:
         4d:6c:ab:f1:0d:bc:c9:83:4b:fb:16:5c:78:cc:a3:1b:bd:24:
         bb:68:8f:aa:6a:a4:be:56:42:d3:40:60:58:37:70:a3:dd:4e:
         85:ef:52:64:bf:2d:76:da:74:57:1b:74:29:f4:d1:da:6e:41:
         08:93:a6:83:9c:b3:7b:15:d5:69:cf:6d:ad:b2:ec:e3:81:dc:
         eb:96:a7:ef:08:11:59:44:13:a0:d4:a2:bb:72:57:a1:80:1a:
         6d:02:9c:b6:40:92:fe:9c:93:3d:aa:42:25:a7:28:ca:3e:1f:
         74:de:b1:cb:b0:6b:f7:c6:36:cd:ee:32:7a:1b:da:33:9c:29:
         1d:64:8b:c4:24:7c:24:7d:e4:8a:0b:e1:35:b9:22:d3:0d:4a:
         fc:87:27:c8:76:33:db:1e:c8:af:b2:0a:7b:89:ec:8f:33:a4:
         32:18:0d:26:54:14:b3:67:da:0e:6d:c9:d1:b1:d0:9d:3c:84:
         29:ba:ee:a1:7e:a0:88:11:cd:04:a9:be:db:e4:05:99:db:ae:
         6d:e0:9c:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiiseiVX92XlGK71D0aMISBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwODEzMDkxMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDk1MDQ5OTQyM2NhZGEwZmMwZWZkNDhkMDVjMzVjY2VkZWVkYmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwo5GqxndYSaURzCkoHJpTfxkGXPh
Aj1sV9NnpJEIPGLs9a7uxhFlU4Cuo9poDl9FrxMZ3uVgMsK9Q3JwFVtHAeDZ1zmv
eNR7FjAEgsxZPfNVpiYN9wN1PBzFd6XdXTJUXDEIFMeGPUyt8341sbGej9Xz21ox
4AM8YPECQ2XV5cOD5tOBFGYbJaFwK3NsMtxgV2L8CszLUVMtyM6wT3ZrSCYz3Vpz
HzT3gPdXzY11jQMeZdMgUUVpdFyCQs4/0lBhWwhSijLvFngS75QcxNKD8nu9iznn
di3cLN0HeadXW0PFlyj7keoC/wnOzPHFaFusGfwKyXGGYt9cjK2lg10exQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICVBJlCPK2g/A79SNBcNczt7tu8MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZ0pVRW1VSThyYUQ4RHYxSTBGdzF6TzN1Mjd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHa3MA0G
CSqGSIb3DQEBCwUAA4IBAQCTFu2y9ogsTcU31oeAQYld2sh/LYqaVLwlY8XewMkW
6+id0rSnhA3CeOKvk3hQ5j5amsQ9Mn9NbKvxDbzJg0v7Flx4zKMbvSS7aI+qaqS+
VkLTQGBYN3Cj3U6F71Jkvy122nRXG3Qp9NHabkEIk6aDnLN7FdVpz22tsuzjgdzr
lqfvCBFZRBOg1KK7clehgBptApy2QJL+nJM9qkIlpyjKPh903rHLsGv3xjbN7jJ6
G9oznCkdZIvEJHwkfeSKC+E1uSLTDUr8hyfIdjPbHsivsgp7ieyPM6QyGA0mVBSz
Z9oObcnRsdCdPIQpuu6hfqCIEc0Eqb7b5AWZ265t4JxO
-----END CERTIFICATE-----