Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gk7D-j8iAnxWP5i_OLZPryMAupg.roa
File:                     gk7D-j8iAnxWP5i_OLZPryMAupg.roa (raw, json)
Hash identifier:          YjT4IieQHhx4cq9MRMB3FdzXYkwGshCT4trM/moouwo=
Subject key identifier:   82:4E:C3:FA:3F:22:02:7C:56:3F:98:BF:38:B6:4F:AF:23:00:BA:98
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D28AD4C86440700373D8B892C3CD112B8
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gk7D-j8iAnxWP5i_OLZPryMAupg.roa
Signing time:             Thu 26 Mar 2026 05:45:39 +0000
ROA not before:           Thu 26 Mar 2026 05:45:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273163
IP address blocks:        185.225.244.0/23 maxlen: 23
                          185.225.244.0/24 maxlen: 24
                          185.225.245.0/24 maxlen: 24
                          185.225.245.192/26 maxlen: 26
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:28:ad:4c:86:44:07:00:37:3d:8b:89:2c:3c:d1:12:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 26 05:45:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=824ec3fa3f22027c563f98bf38b64faf2300ba98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e6:38:5f:54:ca:14:57:41:07:6f:a0:06:26:
                    9e:d4:c9:03:96:5b:a3:ec:cc:cd:02:40:78:31:e9:
                    57:aa:9c:57:0c:a0:2f:25:f2:2f:ce:12:d8:36:2e:
                    54:cb:4f:b5:b0:1c:cb:01:41:6c:88:4c:2a:2a:29:
                    be:3d:76:40:b3:15:9d:5f:17:37:d7:9b:fb:6b:52:
                    78:8b:82:1e:95:7f:65:05:84:fc:c4:ec:4a:1a:dd:
                    ad:a2:cd:e1:95:26:c9:d9:7a:79:e0:31:1b:77:30:
                    31:e3:ec:3b:a3:81:51:c7:eb:6f:4a:30:b4:8a:1e:
                    14:73:34:67:70:28:7e:60:fa:4d:95:36:ee:07:d2:
                    08:25:a8:20:78:39:24:93:4f:3c:ef:12:02:84:80:
                    39:fe:ca:bd:0c:0e:fc:72:2e:bf:ec:26:0f:dd:85:
                    e2:fc:b4:84:6f:d3:93:a0:12:86:60:b8:d1:4a:d3:
                    ed:b7:f3:03:d5:ad:10:cb:cd:d9:a0:70:66:37:ff:
                    16:67:fe:66:53:c5:48:bf:50:8e:d0:da:b1:ae:d2:
                    9a:5a:19:a3:e9:03:a1:0b:e2:9d:a0:5c:49:0e:c5:
                    88:4a:9f:b5:9e:e8:64:ff:a5:8b:7f:7e:dd:40:31:
                    fe:fb:dd:30:97:e8:66:34:4d:9c:fb:41:25:be:f5:
                    0d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:4E:C3:FA:3F:22:02:7C:56:3F:98:BF:38:B6:4F:AF:23:00:BA:98
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gk7D-j8iAnxWP5i_OLZPryMAupg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c2:b4:b8:d8:8e:42:fd:71:c5:a2:95:96:71:f1:50:b8:88:2d:
         2a:73:97:d2:7a:7d:30:d9:ed:3d:62:4c:8c:31:b6:57:b0:97:
         53:22:4e:8f:3b:7c:76:a7:e1:cd:76:d7:eb:52:47:4a:2b:6f:
         c7:89:a2:f9:9a:af:19:9b:14:12:0d:d3:bc:9b:54:72:fe:17:
         72:d7:0c:92:58:56:f9:9e:ff:2f:be:b6:33:6f:b0:8e:8e:71:
         da:67:44:bd:f1:79:0d:63:6d:f9:dc:28:ea:9b:94:8b:44:aa:
         67:ef:82:30:34:8e:a1:31:87:29:51:2e:78:33:64:24:65:33:
         78:a9:0d:18:4e:fe:7e:88:b2:c0:a2:b7:0c:a8:2c:57:98:14:
         eb:a9:5d:d8:45:f0:b0:3b:f2:df:c8:c0:41:ab:ea:d0:92:b2:
         68:48:3b:64:1f:61:85:30:82:2a:5b:fe:93:20:e8:50:2d:e0:
         f7:be:b7:27:12:71:57:bc:39:45:c3:69:ae:bf:68:58:6b:9d:
         62:96:6a:74:45:42:a6:4a:74:48:38:ca:3e:e4:bf:ec:b5:c1:
         0c:ef:4a:f2:a4:fd:77:f3:c5:44:e3:78:25:85:da:77:50:e6:
         8f:ed:42:6c:ee:dc:19:f4:8a:1f:20:fe:16:53:c3:f7:fc:b9:
         82:13:9b:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0orUyGRAcANz2LiSw80RK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzI2MDU0NTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjRlYzNmYTNmMjIwMjdjNTYzZjk4YmYzOGI2NGZhZjIzMDBiYTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOY4X1TKFFdBB2+gBiae1MkDlluj
7MzNAkB4MelXqpxXDKAvJfIvzhLYNi5Uy0+1sBzLAUFsiEwqKim+PXZAsxWdXxc3
15v7a1J4i4IelX9lBYT8xOxKGt2tos3hlSbJ2Xp54DEbdzAx4+w7o4FRx+tvSjC0
ih4UczRncCh+YPpNlTbuB9IIJaggeDkkk0887xIChIA5/sq9DA78ci6/7CYP3YXi
/LSEb9OToBKGYLjRStPtt/MD1a0Qy83ZoHBmN/8WZ/5mU8VIv1CO0NqxrtKaWhmj
6QOhC+KdoFxJDsWISp+1nuhk/6WLf37dQDH++90wl+hmNE2c+0ElvvUNgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJOw/o/IgJ8Vj+Yvzi2T68jALqYMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZ2s3RC1qOGlBbnhXUDVpX09MWlByeU1BdXBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueH0MA0G
CSqGSIb3DQEBCwUAA4IBAQDCtLjYjkL9ccWilZZx8VC4iC0qc5fSen0w2e09YkyM
MbZXsJdTIk6PO3x2p+HNdtfrUkdKK2/HiaL5mq8ZmxQSDdO8m1Ry/hdy1wySWFb5
nv8vvrYzb7COjnHaZ0S98XkNY2353Cjqm5SLRKpn74IwNI6hMYcpUS54M2QkZTN4
qQ0YTv5+iLLAorcMqCxXmBTrqV3YRfCwO/LfyMBBq+rQkrJoSDtkH2GFMIIqW/6T
IOhQLeD3vrcnEnFXvDlFw2muv2hYa51ilmp0RUKmSnRIOMo+5L/stcEM70rypP13
88VE43glhdp3UOaP7UJs7twZ9IofIP4WU8P3/LmCE5vx
-----END CERTIFICATE-----