Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/GQfCTXlzQ4teX8FVx0nVHjfjPCo.roa
File:                     GQfCTXlzQ4teX8FVx0nVHjfjPCo.roa (raw, json)
Hash identifier:          sJIhi2+DtaS3Exb5aEGPNynpCj4YntHCMrta/UXKcus=
Subject key identifier:   19:07:C2:4D:79:73:43:8B:5E:5F:C1:55:C7:49:D5:1E:37:E3:3C:2A
Certificate issuer:       /CN=61ba0be7cce380e6bb74e3c5fcea081e9799ae54
Certificate serial:       019947FEF1E7868B4ADF6E4F65A4C9DA0A53
Authority key identifier: 61:BA:0B:E7:CC:E3:80:E6:BB:74:E3:C5:FC:EA:08:1E:97:99:AE:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YboL58zjgOa7dOPF_OoIHpeZrlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/GQfCTXlzQ4teX8FVx0nVHjfjPCo.roa
Signing time:             Sun 14 Sep 2025 11:31:54 +0000
ROA not before:           Sun 14 Sep 2025 11:31:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24631
IP address blocks:        185.191.76.0/24 maxlen: 24
                          185.191.77.0/24 maxlen: 24
                          185.191.78.0/24 maxlen: 24
                          185.191.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/YboL58zjgOa7dOPF_OoIHpeZrlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/YboL58zjgOa7dOPF_OoIHpeZrlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YboL58zjgOa7dOPF_OoIHpeZrlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:47:fe:f1:e7:86:8b:4a:df:6e:4f:65:a4:c9:da:0a:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61ba0be7cce380e6bb74e3c5fcea081e9799ae54
        Validity
            Not Before: Sep 14 11:31:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1907c24d7973438b5e5fc155c749d51e37e33c2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d6:64:67:0e:ca:20:3f:b2:e5:54:86:44:2c:
                    2f:19:16:66:10:65:83:9d:8c:17:7a:5b:42:95:19:
                    ed:cd:05:c7:77:78:b0:0d:87:61:9d:1b:11:ea:10:
                    2b:5f:9c:55:c7:c8:be:27:5a:6d:0b:6d:6f:80:53:
                    41:4d:da:e5:ae:5c:85:d8:cd:6f:38:92:f7:12:f3:
                    21:2c:10:b3:6e:f6:57:75:79:9e:f0:ef:be:1e:32:
                    ea:b6:52:57:63:e6:b8:cb:4e:86:7f:ae:e8:30:70:
                    3c:45:ce:a3:9a:43:94:f8:7f:a8:39:58:d6:93:98:
                    69:6c:9a:d6:86:3d:02:fc:35:54:5d:47:01:e8:c5:
                    46:bc:e9:d1:6f:1b:3e:31:4e:4f:b0:5b:02:52:dc:
                    73:37:23:2c:4e:f3:cb:9b:0a:8e:87:b7:e5:1b:22:
                    bc:71:1b:8a:63:3d:67:75:0f:32:8d:47:2a:ae:17:
                    77:df:b8:a2:7e:ff:81:e2:80:09:15:93:98:3a:78:
                    44:49:20:b4:f8:3d:e8:be:7f:fb:8b:27:75:52:70:
                    a8:6f:da:02:8d:85:52:3b:34:e1:3b:d6:9f:1c:e3:
                    a4:e1:fb:21:3e:30:e8:f7:fd:c6:fa:1d:22:b4:c5:
                    bf:72:36:1f:ca:30:e0:fd:2f:a6:6b:98:9e:a4:b6:
                    d7:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:07:C2:4D:79:73:43:8B:5E:5F:C1:55:C7:49:D5:1E:37:E3:3C:2A
            X509v3 Authority Key Identifier:
                keyid:61:BA:0B:E7:CC:E3:80:E6:BB:74:E3:C5:FC:EA:08:1E:97:99:AE:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YboL58zjgOa7dOPF_OoIHpeZrlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/GQfCTXlzQ4teX8FVx0nVHjfjPCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/YboL58zjgOa7dOPF_OoIHpeZrlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:82:6d:7f:3a:0c:0a:38:b8:4b:4b:fa:a2:13:08:83:f3:27:
         f0:a9:c5:02:83:0c:be:cd:e4:5e:5d:73:72:aa:bc:cd:14:51:
         4d:06:e5:6a:c2:a7:9a:bb:d5:eb:e7:08:9a:3a:aa:8f:45:2b:
         d2:52:23:0c:32:f8:28:22:81:d1:80:81:fb:7b:f3:3d:f8:31:
         cc:2f:a9:f7:9b:bb:b5:27:72:28:e4:54:60:95:e6:cf:d5:0c:
         f5:dc:71:76:67:d0:82:50:59:93:d3:1b:15:59:41:63:e9:a6:
         65:68:6a:72:08:6a:76:0a:2b:5a:bf:6a:78:95:94:e5:90:1e:
         bb:30:72:80:d4:18:15:db:09:24:17:34:05:14:8f:68:9e:df:
         21:52:ad:39:14:31:4c:72:94:96:d4:44:49:8e:93:96:6f:d7:
         e2:06:12:43:b8:a7:bf:35:df:ae:e3:17:dc:0b:57:3e:7b:fc:
         e1:0b:d0:51:b6:5a:fc:46:51:5c:f4:34:22:cc:13:b3:fc:16:
         97:08:84:1c:8a:ba:45:80:f9:71:65:56:0f:f9:68:39:16:4d:
         31:bb:d3:49:61:2d:22:51:d2:24:d3:37:64:4b:67:98:fe:98:
         4c:1b:6a:06:1c:d3:d7:35:29:fe:19:4b:ec:24:29:ca:90:1c:
         59:60:60:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlH/vHnhotK325PZaTJ2gpTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYmEwYmU3Y2NlMzgwZTZiYjc0ZTNjNWZjZWEwODFlOTc5
OWFlNTQwHhcNMjUwOTE0MTEzMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTA3YzI0ZDc5NzM0MzhiNWU1ZmMxNTVjNzQ5ZDUxZTM3ZTMzYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotZkZw7KID+y5VSGRCwvGRZmEGWD
nYwXeltClRntzQXHd3iwDYdhnRsR6hArX5xVx8i+J1ptC21vgFNBTdrlrlyF2M1v
OJL3EvMhLBCzbvZXdXme8O++HjLqtlJXY+a4y06Gf67oMHA8Rc6jmkOU+H+oOVjW
k5hpbJrWhj0C/DVUXUcB6MVGvOnRbxs+MU5PsFsCUtxzNyMsTvPLmwqOh7flGyK8
cRuKYz1ndQ8yjUcqrhd337iifv+B4oAJFZOYOnhESSC0+D3ovn/7iyd1UnCob9oC
jYVSOzThO9afHOOk4fshPjDo9/3G+h0itMW/cjYfyjDg/S+ma5iepLbX+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkHwk15c0OLXl/BVcdJ1R434zwqMB8GA1UdIwQY
MBaAFGG6C+fM44Dmu3TjxfzqCB6Xma5UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJvTDU4empnT2E3ZE9QRl9Pb0lIcGVacmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMmUzN2QtNGJhNS00MTY1LTlmZDIt
MjEwZDQ4MmE0YjkzLzEvR1FmQ1RYbHpRNHRlWDhGVngwblZIamZqUENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMmUzN2QtNGJhNS00MTY1LTlmZDItMjEwZDQ4MmE0Yjkz
LzEvWWJvTDU4empnT2E3ZE9QRl9Pb0lIcGVacmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub9MMA0G
CSqGSIb3DQEBCwUAA4IBAQAsgm1/OgwKOLhLS/qiEwiD8yfwqcUCgwy+zeReXXNy
qrzNFFFNBuVqwqeau9Xr5wiaOqqPRSvSUiMMMvgoIoHRgIH7e/M9+DHML6n3m7u1
J3Io5FRglebP1Qz13HF2Z9CCUFmT0xsVWUFj6aZlaGpyCGp2Citav2p4lZTlkB67
MHKA1BgV2wkkFzQFFI9ont8hUq05FDFMcpSW1ERJjpOWb9fiBhJDuKe/Nd+u4xfc
C1c+e/zhC9BRtlr8RlFc9DQizBOz/BaXCIQcirpFgPlxZVYP+Wg5Fk0xu9NJYS0i
UdIk0zdkS2eY/phMG2oGHNPXNSn+GUvsJCnKkBxZYGD2
-----END CERTIFICATE-----