Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/gwfn3PT-MQqFFn_YZUn1VnSs404.roa
File:                     gwfn3PT-MQqFFn_YZUn1VnSs404.roa (raw, json)
Hash identifier:          c4zhho+aqNUoK7W7kOcrZMRa2YWQ2RPJhZe/PNQeRPA=
Subject key identifier:   83:07:E7:DC:F4:FE:31:0A:85:16:7F:D8:65:49:F5:56:74:AC:E3:4E
Certificate issuer:       /CN=66af1c224db29a5104a61aac32f60956025fad43
Certificate serial:       0198CC4A90DF8884A63E3AA0B82FF714D364
Authority key identifier: 66:AF:1C:22:4D:B2:9A:51:04:A6:1A:AC:32:F6:09:56:02:5F:AD:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zq8cIk2ymlEEphqsMvYJVgJfrUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/gwfn3PT-MQqFFn_YZUn1VnSs404.roa
Signing time:             Thu 21 Aug 2025 11:01:35 +0000
ROA not before:           Thu 21 Aug 2025 11:01:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215037
IP address blocks:        81.177.208.0/22 maxlen: 24
                          81.177.208.0/23 maxlen: 23
                          81.177.210.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/Zq8cIk2ymlEEphqsMvYJVgJfrUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/Zq8cIk2ymlEEphqsMvYJVgJfrUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zq8cIk2ymlEEphqsMvYJVgJfrUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cc:4a:90:df:88:84:a6:3e:3a:a0:b8:2f:f7:14:d3:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66af1c224db29a5104a61aac32f60956025fad43
        Validity
            Not Before: Aug 21 11:01:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8307e7dcf4fe310a85167fd86549f55674ace34e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a7:a5:93:64:7e:0b:69:91:c9:0e:0e:53:c3:
                    30:88:f2:53:31:3b:3f:3b:c7:fb:78:24:f5:21:6a:
                    c2:80:fe:97:77:a6:04:5f:56:3d:95:4d:a1:fd:d7:
                    3b:78:51:b9:65:64:6d:2d:db:5e:59:67:d1:52:b9:
                    33:a8:61:3e:7f:ed:6a:f1:d8:c2:fb:0b:4a:57:1f:
                    4a:bb:54:b8:3b:18:85:15:01:9f:cb:b9:39:bc:cd:
                    96:17:b1:37:37:c7:c0:9a:85:43:b3:6c:8d:59:4b:
                    61:d3:07:07:14:d8:0e:4e:8a:da:d9:fe:e1:fc:6d:
                    37:20:0b:fb:35:fb:5f:8c:88:b4:7f:62:9e:b0:58:
                    9f:af:05:31:d4:28:81:b7:b2:71:2a:86:75:22:2d:
                    70:88:47:2f:53:ce:35:98:50:48:31:eb:76:4d:c1:
                    3a:5b:14:74:cd:6b:ec:6a:9b:73:dd:94:9e:dd:ae:
                    61:d8:d4:39:1f:bc:80:c0:4b:41:2c:4c:9d:66:34:
                    57:d8:dc:f1:da:8b:98:ec:c3:5b:6e:2d:91:43:ef:
                    ed:e2:14:f9:39:59:2e:70:95:17:ef:27:63:b0:1a:
                    fc:29:87:36:ef:a3:4a:f0:ad:a0:96:b5:e8:52:e6:
                    ee:70:3f:c8:98:95:00:02:a3:9f:06:52:88:c9:39:
                    3e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:07:E7:DC:F4:FE:31:0A:85:16:7F:D8:65:49:F5:56:74:AC:E3:4E
            X509v3 Authority Key Identifier:
                keyid:66:AF:1C:22:4D:B2:9A:51:04:A6:1A:AC:32:F6:09:56:02:5F:AD:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zq8cIk2ymlEEphqsMvYJVgJfrUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/gwfn3PT-MQqFFn_YZUn1VnSs404.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/Zq8cIk2ymlEEphqsMvYJVgJfrUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.177.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:7a:b9:d1:64:65:f4:8c:bd:42:46:93:b7:81:d0:1f:75:34:
         74:a9:70:01:d7:50:ee:10:d9:62:1e:a7:6e:d6:e4:ad:42:3e:
         b0:5c:db:2d:b7:27:c4:f0:31:f5:b2:74:51:03:b6:3a:1b:c0:
         91:9d:67:52:23:16:e8:ad:25:92:0d:5a:55:85:d3:bc:fd:b4:
         e7:59:25:72:12:d3:c2:be:1e:01:50:af:a3:dc:9f:b0:a6:84:
         7d:e0:ac:1c:9e:59:8d:5c:2d:af:f3:bd:86:11:a6:0e:3a:0a:
         08:ac:01:86:de:13:57:4c:ce:65:a2:80:9d:66:23:9c:9c:45:
         a9:70:66:2b:36:e3:5b:8a:44:ae:32:ee:f9:07:b3:74:cf:f9:
         59:ff:27:eb:23:bc:19:95:98:b8:8e:fd:fe:44:88:7e:76:e7:
         bf:03:5b:53:2c:89:34:01:f6:d3:95:91:de:dd:07:33:86:73:
         83:94:c8:d4:0f:b9:5c:ca:42:a8:2c:2e:09:43:29:eb:f4:c9:
         ed:10:88:d6:cc:81:0d:74:d0:90:50:89:86:ad:df:70:fd:13:
         88:cd:0d:a8:65:01:02:a1:96:ee:06:4d:cb:92:f8:a1:b4:7a:
         f8:c5:b6:d5:e9:15:15:ff:1d:0e:f4:23:be:8b:4a:6b:e9:8c:
         e9:cf:58:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjMSpDfiISmPjqguC/3FNNkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YWYxYzIyNGRiMjlhNTEwNGE2MWFhYzMyZjYwOTU2MDI1
ZmFkNDMwHhcNMjUwODIxMTEwMTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzA3ZTdkY2Y0ZmUzMTBhODUxNjdmZDg2NTQ5ZjU1Njc0YWNlMzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6elk2R+C2mRyQ4OU8MwiPJTMTs/
O8f7eCT1IWrCgP6Xd6YEX1Y9lU2h/dc7eFG5ZWRtLdteWWfRUrkzqGE+f+1q8djC
+wtKVx9Ku1S4OxiFFQGfy7k5vM2WF7E3N8fAmoVDs2yNWUth0wcHFNgOTora2f7h
/G03IAv7NftfjIi0f2KesFifrwUx1CiBt7JxKoZ1Ii1wiEcvU841mFBIMet2TcE6
WxR0zWvsaptz3ZSe3a5h2NQ5H7yAwEtBLEydZjRX2Nzx2ouY7MNbbi2RQ+/t4hT5
OVkucJUX7ydjsBr8KYc276NK8K2glrXoUubucD/ImJUAAqOfBlKIyTk+IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMH59z0/jEKhRZ/2GVJ9VZ0rONOMB8GA1UdIwQY
MBaAFGavHCJNsppRBKYarDL2CVYCX61DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnE4Y0lrMnltbEVFcGhxc012WUpWZ0pmclVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9iMjhhMWQtZjQ3MS00ZWI3LWE4ZGUt
YzBjNzQ4MDk0MzllLzEvZ3dmbjNQVC1NUXFGRm5fWVpVbjFWblNzNDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9iMjhhMWQtZjQ3MS00ZWI3LWE4ZGUtYzBjNzQ4MDk0Mzll
LzEvWnE4Y0lrMnltbEVFcGhxc012WUpWZ0pmclVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUbHQMA0G
CSqGSIb3DQEBCwUAA4IBAQA5ernRZGX0jL1CRpO3gdAfdTR0qXAB11DuENliHqdu
1uStQj6wXNsttyfE8DH1snRRA7Y6G8CRnWdSIxborSWSDVpVhdO8/bTnWSVyEtPC
vh4BUK+j3J+wpoR94KwcnlmNXC2v872GEaYOOgoIrAGG3hNXTM5looCdZiOcnEWp
cGYrNuNbikSuMu75B7N0z/lZ/yfrI7wZlZi4jv3+RIh+due/A1tTLIk0AfbTlZHe
3QczhnODlMjUD7lcykKoLC4JQynr9MntEIjWzIENdNCQUImGrd9w/ROIzQ2oZQEC
oZbuBk3LkvihtHr4xbbV6RUV/x0O9CO+i0pr6Yzpz1j0
-----END CERTIFICATE-----