Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Ghp0PCWdIazQwCFV7OQNMwhEPuQ.roa
File:                     Ghp0PCWdIazQwCFV7OQNMwhEPuQ.roa (raw, json)
Hash identifier:          2wFgb7f0r+uUUAQIBdneqqlv2Fi4u7mHJ4xG45nReGk=
Subject key identifier:   1A:1A:74:3C:25:9D:21:AC:D0:C0:21:55:EC:E4:0D:33:08:44:3E:E4
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0199EC79F33801BD29EC5685FB8193F72F69
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Ghp0PCWdIazQwCFV7OQNMwhEPuQ.roa
Signing time:             Thu 16 Oct 2025 10:03:59 +0000
ROA not before:           Thu 16 Oct 2025 10:03:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57304
IP address blocks:        109.248.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ec:79:f3:38:01:bd:29:ec:56:85:fb:81:93:f7:2f:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Oct 16 10:03:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a1a743c259d21acd0c02155ece40d3308443ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:03:63:33:e8:22:b5:ab:08:fe:f2:8e:b2:52:
                    d9:3c:f1:b6:de:b9:a4:e1:d8:17:69:3c:74:45:f1:
                    83:13:af:a2:f8:f2:32:63:f7:fc:6e:b1:5e:ea:cb:
                    ad:13:00:cb:73:69:cb:ff:91:f9:94:8e:9a:74:c5:
                    2c:6d:94:eb:73:9e:bf:fa:46:b9:7d:47:6a:45:24:
                    20:6f:dc:d0:a5:55:7b:19:bc:0f:6f:af:e2:6f:0c:
                    d4:5e:1f:17:03:29:a0:af:ce:f4:c1:4c:08:86:60:
                    40:1b:fa:17:7d:67:71:1b:6b:fc:66:5b:36:a9:bb:
                    be:ef:85:ae:2c:ec:d6:aa:3b:b0:d6:03:20:58:a1:
                    e5:27:a3:bb:17:52:79:82:24:d7:e6:90:25:17:c1:
                    d0:09:13:b3:6a:fe:d2:9c:38:de:ed:10:0b:ad:1a:
                    61:be:45:be:37:c8:87:5e:00:4a:d8:3f:ca:20:7f:
                    80:4c:69:23:66:67:a8:21:0c:cf:84:84:21:3a:1b:
                    d2:71:ad:c1:d2:7b:e9:78:d9:e7:c4:35:d4:7d:d3:
                    83:35:50:24:07:4c:89:42:63:60:14:3f:20:6d:0a:
                    da:be:48:66:fc:67:64:45:86:bd:6a:16:0f:96:9e:
                    32:0b:62:5b:ca:33:cc:f7:88:2b:54:66:39:0e:07:
                    28:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:1A:74:3C:25:9D:21:AC:D0:C0:21:55:EC:E4:0D:33:08:44:3E:E4
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Ghp0PCWdIazQwCFV7OQNMwhEPuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:5f:e7:37:c4:32:c8:bb:72:39:91:d6:0b:6a:02:0a:36:f4:
         34:bd:f7:47:57:9b:f4:68:15:33:ed:be:e4:6d:32:d6:3e:e0:
         6f:dc:e9:ce:80:6d:71:c9:42:5e:3e:75:8b:d1:a0:d2:2e:8e:
         39:1e:e5:03:16:4f:40:f6:e6:f2:a3:6d:9c:7c:6b:89:96:bc:
         70:23:6e:36:5b:0c:40:aa:b2:10:ce:ee:60:60:2b:ce:75:9a:
         12:a2:08:a3:f9:9e:1e:f6:1e:ab:f5:11:64:51:4c:c1:a5:4b:
         37:2f:d8:bb:5d:83:96:15:09:7d:0e:5e:ef:0d:e5:a4:23:90:
         97:8c:88:f4:04:25:99:f0:58:f0:97:c3:8d:9c:05:d3:23:cb:
         46:10:47:56:8e:c4:f9:f0:e1:28:94:2d:9b:bb:5f:6f:5e:49:
         61:bb:05:19:cc:f7:95:53:0d:cb:49:53:d4:ce:cc:dc:0c:27:
         59:17:95:88:bd:01:d6:6b:f0:22:e9:ef:ae:8f:6b:24:77:a8:
         2a:4b:2c:fb:5c:0b:1f:78:80:60:03:bb:82:2a:98:a0:eb:f5:
         bb:77:54:45:c3:3d:a4:46:63:0a:8e:fe:48:9e:23:30:9b:bb:
         ca:44:b6:43:5f:96:4d:e6:a6:0f:0b:32:bd:14:4a:e0:67:e8:
         41:70:18:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnsefM4Ab0p7FaF+4GT9y9pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUxMDE2MTAwMzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTFhNzQzYzI1OWQyMWFjZDBjMDIxNTVlY2U0MGQzMzA4NDQzZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wNjM+gitasI/vKOslLZPPG23rmk
4dgXaTx0RfGDE6+i+PIyY/f8brFe6sutEwDLc2nL/5H5lI6adMUsbZTrc56/+ka5
fUdqRSQgb9zQpVV7GbwPb6/ibwzUXh8XAymgr870wUwIhmBAG/oXfWdxG2v8Zls2
qbu+74WuLOzWqjuw1gMgWKHlJ6O7F1J5giTX5pAlF8HQCROzav7SnDje7RALrRph
vkW+N8iHXgBK2D/KIH+ATGkjZmeoIQzPhIQhOhvSca3B0nvpeNnnxDXUfdODNVAk
B0yJQmNgFD8gbQravkhm/GdkRYa9ahYPlp4yC2JbyjPM94grVGY5DgcoLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoadDwlnSGs0MAhVezkDTMIRD7kMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvR2hwMFBDV2RJYXpRd0NGVjdPUU5Nd2hFUHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfjEMA0G
CSqGSIb3DQEBCwUAA4IBAQBgX+c3xDLIu3I5kdYLagIKNvQ0vfdHV5v0aBUz7b7k
bTLWPuBv3OnOgG1xyUJePnWL0aDSLo45HuUDFk9A9ubyo22cfGuJlrxwI242WwxA
qrIQzu5gYCvOdZoSogij+Z4e9h6r9RFkUUzBpUs3L9i7XYOWFQl9Dl7vDeWkI5CX
jIj0BCWZ8Fjwl8ONnAXTI8tGEEdWjsT58OEolC2bu19vXklhuwUZzPeVUw3LSVPU
zszcDCdZF5WIvQHWa/Ai6e+uj2skd6gqSyz7XAsfeIBgA7uCKpig6/W7d1RFwz2k
RmMKjv5IniMwm7vKRLZDX5ZN5qYPCzK9FErgZ+hBcBho
-----END CERTIFICATE-----