Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/8wGardeeEmTMhzRkH2QgILTu5wc.roa
File:                     8wGardeeEmTMhzRkH2QgILTu5wc.roa (raw, json)
Hash identifier:          Cdy17idpQ91vblcr1bF/c0NNDsf4K72mGLO3I6JxJgc=
Subject key identifier:   F3:01:9A:AD:D7:9E:12:64:CC:87:34:64:1F:64:20:20:B4:EE:E7:07
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0199F1D35E8EEAD0513B4E777E67E510422E
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/8wGardeeEmTMhzRkH2QgILTu5wc.roa
Signing time:             Fri 17 Oct 2025 10:59:45 +0000
ROA not before:           Fri 17 Oct 2025 10:59:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        31.186.180.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f1:d3:5e:8e:ea:d0:51:3b:4e:77:7e:67:e5:10:42:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Oct 17 10:59:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3019aadd79e1264cc8734641f642020b4eee707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5c:60:13:9a:b7:6a:05:a0:a4:4a:91:15:f0:
                    90:b7:6f:bf:27:e5:94:20:92:06:27:f3:b6:01:5e:
                    3d:bb:f2:02:5d:cf:db:0d:66:1d:b7:a0:d6:c4:f8:
                    82:de:17:47:e6:95:48:24:5c:09:64:c2:ec:ab:38:
                    01:ed:7b:6a:f0:42:76:5a:7e:82:b7:39:e9:70:a9:
                    d1:63:e9:ff:d4:03:d3:a2:20:90:95:65:55:5e:fe:
                    92:3e:b9:42:58:73:92:37:a4:ad:58:b2:c9:a1:23:
                    f1:cf:dd:14:a0:86:f6:d7:cb:d8:4e:1d:78:29:f8:
                    d9:30:c5:f6:65:a7:30:a8:cd:db:6e:03:f7:0e:46:
                    44:a8:e4:bf:bb:84:f5:85:d7:d8:06:9f:f9:37:27:
                    3e:1f:46:b8:bb:ad:23:e6:1b:9d:d2:4d:76:2d:23:
                    d7:85:08:be:02:ed:b8:c5:5e:88:49:a5:40:cd:2f:
                    cf:b3:5f:f3:09:d9:73:0e:22:0a:36:fa:b0:09:26:
                    e9:df:a3:e3:dc:c3:12:80:8b:dd:d7:c8:3d:ea:79:
                    be:c3:4f:a8:b1:b9:76:57:84:49:8f:91:6b:8a:a8:
                    13:f5:ee:32:3e:aa:14:dd:e7:d1:3e:e4:78:b4:c4:
                    fa:60:88:ea:fe:65:b0:18:15:c1:6e:a4:dc:30:7a:
                    a1:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:01:9A:AD:D7:9E:12:64:CC:87:34:64:1F:64:20:20:B4:EE:E7:07
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/8wGardeeEmTMhzRkH2QgILTu5wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:26:b1:e5:8d:e6:3f:99:4b:6a:86:30:98:75:05:a6:77:ad:
         61:f3:d2:94:9c:d7:9e:8f:9e:34:59:b1:d7:0d:5e:dd:a6:bb:
         69:37:e5:f9:5d:76:d7:28:93:a7:7f:cb:29:c3:21:e0:56:cd:
         27:5a:88:a0:0c:c7:18:c8:f5:ca:6f:db:22:53:08:9e:f6:ba:
         34:e4:5b:f0:8c:15:c9:e2:06:16:be:2f:fc:1d:10:a7:de:22:
         d2:9d:d2:fe:3f:ed:58:cb:fd:96:55:41:a6:81:ba:52:0b:71:
         a0:70:a7:1a:e0:e9:fb:d9:9b:43:83:5e:bb:e8:84:57:7f:a3:
         da:b6:1e:a9:05:de:34:67:f9:5e:e0:a7:5d:10:33:04:53:e5:
         7a:0e:e6:ba:f5:c2:0f:ea:68:36:9b:9c:65:98:f6:70:83:8f:
         c1:db:aa:93:40:e1:8f:84:a8:b0:66:27:31:0e:7c:cb:f0:67:
         40:4f:03:4c:bf:40:8d:16:03:19:5d:5d:1d:a7:46:7f:44:5c:
         d5:5d:00:de:4f:e5:67:e7:43:9b:60:20:10:89:9d:a4:da:54:
         bd:ef:41:34:6d:54:5b:06:f2:00:d8:62:95:c9:56:0a:c4:68:
         0f:88:c3:85:0f:13:f5:ac:8b:c7:8e:27:84:11:48:4e:8f:d5:
         10:8e:2f:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnx016O6tBRO053fmflEEIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUxMDE3MTA1OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzAxOWFhZGQ3OWUxMjY0Y2M4NzM0NjQxZjY0MjAyMGI0ZWVlNzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFxgE5q3agWgpEqRFfCQt2+/J+WU
IJIGJ/O2AV49u/ICXc/bDWYdt6DWxPiC3hdH5pVIJFwJZMLsqzgB7Xtq8EJ2Wn6C
tznpcKnRY+n/1APToiCQlWVVXv6SPrlCWHOSN6StWLLJoSPxz90UoIb218vYTh14
KfjZMMX2ZacwqM3bbgP3DkZEqOS/u4T1hdfYBp/5Nyc+H0a4u60j5hud0k12LSPX
hQi+Au24xV6ISaVAzS/Ps1/zCdlzDiIKNvqwCSbp36Pj3MMSgIvd18g96nm+w0+o
sbl2V4RJj5FriqgT9e4yPqoU3efRPuR4tMT6YIjq/mWwGBXBbqTcMHqh9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMBmq3XnhJkzIc0ZB9kICC07ucHMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvOHdHYXJkZWVFbVRNaHpSa0gyUWdJTFR1NXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH7q0MA0G
CSqGSIb3DQEBCwUAA4IBAQBuJrHljeY/mUtqhjCYdQWmd61h89KUnNeej540WbHX
DV7dprtpN+X5XXbXKJOnf8spwyHgVs0nWoigDMcYyPXKb9siUwie9ro05FvwjBXJ
4gYWvi/8HRCn3iLSndL+P+1Yy/2WVUGmgbpSC3GgcKca4On72ZtDg1676IRXf6Pa
th6pBd40Z/le4KddEDMEU+V6Dua69cIP6mg2m5xlmPZwg4/B26qTQOGPhKiwZicx
DnzL8GdATwNMv0CNFgMZXV0dp0Z/RFzVXQDeT+Vn50ObYCAQiZ2k2lS970E0bVRb
BvIA2GKVyVYKxGgPiMOFDxP1rIvHjieEEUhOj9UQji90
-----END CERTIFICATE-----