Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/gb_7RBDBHtSouzTkIocBb4u61RM.roa
File:                     gb_7RBDBHtSouzTkIocBb4u61RM.roa (raw, json)
Hash identifier:          uthvRlwLyi3YEwwwgsTSY0oSHHc2cmy6aV2kce8gTFg=
Subject key identifier:   81:BF:FB:44:10:C1:1E:D4:A8:BB:34:E4:22:87:01:6F:8B:BA:D5:13
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       0199E4598D26C0B89AF0147F4F5FAE54511B
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/gb_7RBDBHtSouzTkIocBb4u61RM.roa
Signing time:             Tue 14 Oct 2025 20:11:38 +0000
ROA not before:           Tue 14 Oct 2025 20:11:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        89.187.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e4:59:8d:26:c0:b8:9a:f0:14:7f:4f:5f:ae:54:51:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Oct 14 20:11:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81bffb4410c11ed4a8bb34e42287016f8bbad513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b9:d3:df:ac:ba:74:d2:91:52:db:30:89:fa:
                    01:ff:72:6f:04:f2:57:97:8e:b4:98:2b:ab:b8:ef:
                    e6:b3:64:0a:d0:12:2e:02:c3:1c:7d:c8:74:72:da:
                    35:95:a4:62:48:37:75:93:d2:54:0c:64:7e:a3:0a:
                    c7:4c:1a:62:5f:60:89:26:59:73:1f:f4:6f:54:f9:
                    28:10:cf:d1:8b:5d:4d:80:d5:13:f7:97:52:4f:89:
                    68:4b:87:56:60:c0:45:56:fc:a7:f6:c8:b0:04:99:
                    f3:ba:c5:e2:e6:39:07:44:c8:2d:3d:76:bc:cf:ea:
                    f9:e8:c4:a1:35:cf:07:d0:4c:c9:17:cf:ad:f7:49:
                    9a:7c:ad:d1:a5:27:25:ec:04:19:50:ef:7b:72:fa:
                    1d:3d:fa:ce:f2:68:42:10:bf:1e:c1:61:80:d3:d9:
                    37:87:e8:c5:83:d4:b5:8f:0b:67:04:e0:ae:7c:a8:
                    b1:5c:a1:d7:94:b7:ad:4e:95:a2:c1:c8:3d:c3:d9:
                    29:6a:be:fc:5b:d8:f8:11:da:73:08:56:13:17:1c:
                    09:dc:04:33:17:8f:13:c8:06:54:cd:33:e1:6a:c4:
                    a5:47:de:5d:d0:df:96:85:d3:3e:9b:95:2e:ec:a9:
                    3f:a2:16:dd:c8:bd:14:36:64:a1:60:91:b7:fb:03:
                    5a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:BF:FB:44:10:C1:1E:D4:A8:BB:34:E4:22:87:01:6F:8B:BA:D5:13
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/gb_7RBDBHtSouzTkIocBb4u61RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:26:b8:81:ad:2a:4d:57:74:ed:3b:b1:87:f1:d7:ae:4a:42:
         d8:2c:d0:e5:4b:c6:da:d4:43:c8:5a:c2:c4:43:d8:f6:8f:43:
         ce:88:ce:e1:69:f4:55:92:c8:20:df:b5:fa:b2:25:6b:e1:9c:
         cd:30:54:99:88:4f:d8:86:05:9e:34:0b:5b:76:6a:d1:3b:3c:
         54:1e:22:e0:81:1e:95:ff:eb:8f:bc:b2:f5:21:c5:b7:fd:51:
         04:69:06:9b:e6:b0:f2:df:8a:74:7e:87:9b:29:99:7f:82:22:
         58:b6:e5:62:8c:dc:da:ae:a2:11:00:03:b7:aa:94:9f:24:c1:
         73:ea:0b:51:cf:d5:ca:3a:be:c3:93:3f:e9:43:89:64:84:37:
         35:83:37:c6:45:eb:ce:83:60:a6:a8:58:e4:ae:69:3b:46:f7:
         09:89:2f:18:b4:69:02:af:30:85:1e:bb:e7:e6:b8:48:93:3f:
         60:29:18:ce:00:58:7f:66:cd:e7:b9:ee:b7:f3:77:0f:7c:ec:
         b5:2f:54:38:d8:5c:a3:e0:1d:2f:5a:aa:ef:3e:09:9e:1c:4f:
         f3:b6:ca:1b:00:07:72:41:49:fc:7f:f4:b4:a3:7e:76:fe:2b:
         09:35:7b:f6:91:07:ee:b0:85:84:e5:7a:9e:5c:bc:6b:a4:6d:
         0e:bc:48:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnkWY0mwLia8BR/T1+uVFEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUxMDE0MjAxMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWJmZmI0NDEwYzExZWQ0YThiYjM0ZTQyMjg3MDE2ZjhiYmFkNTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rnT36y6dNKRUtswifoB/3JvBPJX
l460mCuruO/ms2QK0BIuAsMcfch0cto1laRiSDd1k9JUDGR+owrHTBpiX2CJJllz
H/RvVPkoEM/Ri11NgNUT95dST4loS4dWYMBFVvyn9siwBJnzusXi5jkHRMgtPXa8
z+r56MShNc8H0EzJF8+t90mafK3RpScl7AQZUO97cvodPfrO8mhCEL8ewWGA09k3
h+jFg9S1jwtnBOCufKixXKHXlLetTpWiwcg9w9kpar78W9j4EdpzCFYTFxwJ3AQz
F48TyAZUzTPhasSlR95d0N+WhdM+m5Uu7Kk/ohbdyL0UNmShYJG3+wNaPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIG/+0QQwR7UqLs05CKHAW+LutUTMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvZ2JfN1JCREJIdFNvdXpUa0lvY0JiNHU2MVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbseMA0G
CSqGSIb3DQEBCwUAA4IBAQBlJriBrSpNV3TtO7GH8deuSkLYLNDlS8ba1EPIWsLE
Q9j2j0POiM7hafRVksgg37X6siVr4ZzNMFSZiE/YhgWeNAtbdmrROzxUHiLggR6V
/+uPvLL1IcW3/VEEaQab5rDy34p0foebKZl/giJYtuVijNzarqIRAAO3qpSfJMFz
6gtRz9XKOr7Dkz/pQ4lkhDc1gzfGRevOg2CmqFjkrmk7RvcJiS8YtGkCrzCFHrvn
5rhIkz9gKRjOAFh/Zs3nue6383cPfOy1L1Q42Fyj4B0vWqrvPgmeHE/ztsobAAdy
QUn8f/S0o352/isJNXv2kQfusIWE5XqeXLxrpG0OvEgx
-----END CERTIFICATE-----