Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/1da7ec-1c34-4647-9e83-7579e85a1a49/1/GvyGkOachzJk9DygDnTBnDm6D0g.roa
File:                     GvyGkOachzJk9DygDnTBnDm6D0g.roa (raw, json)
Hash identifier:          9DNBA079y1VayC4HCKQN0sFF5/u3/PsV+NDhAUJH7m4=
Subject key identifier:   1A:FC:86:90:E6:9C:87:32:64:F4:3C:A0:0E:74:C1:9C:39:BA:0F:48
Certificate issuer:       /CN=8751054dfbfdad22c49e6bbadab3a18f42a1c364
Certificate serial:       0199583384FFFEA010BBC7DAFB65CC689EA5
Authority key identifier: 87:51:05:4D:FB:FD:AD:22:C4:9E:6B:BA:DA:B3:A1:8F:42:A1:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h1EFTfv9rSLEnmu62rOhj0Khw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/1da7ec-1c34-4647-9e83-7579e85a1a49/1/GvyGkOachzJk9DygDnTBnDm6D0g.roa
Signing time:             Wed 17 Sep 2025 15:03:15 +0000
ROA not before:           Wed 17 Sep 2025 15:03:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        194.99.52.0/24 maxlen: 24
                          2a0d:2d80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/1da7ec-1c34-4647-9e83-7579e85a1a49/1/h1EFTfv9rSLEnmu62rOhj0Khw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/1da7ec-1c34-4647-9e83-7579e85a1a49/1/h1EFTfv9rSLEnmu62rOhj0Khw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h1EFTfv9rSLEnmu62rOhj0Khw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:58:33:84:ff:fe:a0:10:bb:c7:da:fb:65:cc:68:9e:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8751054dfbfdad22c49e6bbadab3a18f42a1c364
        Validity
            Not Before: Sep 17 15:03:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1afc8690e69c873264f43ca00e74c19c39ba0f48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7e:16:f5:e9:4e:c4:a2:fd:d1:9c:a2:8c:47:
                    52:66:5a:56:8f:f9:2f:3f:30:60:31:7c:a1:f8:03:
                    1c:54:14:d9:f8:94:1e:b7:67:e6:94:fe:4d:59:f0:
                    91:fd:5d:86:e7:c9:fc:9b:12:d7:ca:89:a7:36:22:
                    41:63:67:5f:5a:3c:53:db:54:09:71:6d:d9:a0:c3:
                    69:fb:26:fe:d0:58:4d:37:25:8f:5c:e5:3e:86:68:
                    a1:55:fa:c5:ea:7a:51:17:3b:0c:45:20:5b:a0:a9:
                    0f:01:61:10:b5:1d:d3:32:7f:ef:db:64:2b:10:63:
                    a1:09:83:0e:42:cc:87:77:2a:95:6a:0e:fe:87:5d:
                    35:12:9a:ee:34:9e:af:e1:a0:49:65:31:2b:38:e3:
                    91:23:77:67:d0:41:32:93:83:5a:ce:20:c1:ec:0f:
                    30:67:93:1f:84:d2:5a:97:a7:e0:84:40:7f:cc:81:
                    8b:8d:f3:11:fe:3f:5e:8f:a1:67:a3:22:cf:8a:93:
                    0e:c3:2f:30:6a:5f:51:ae:1d:ca:60:17:68:ec:41:
                    35:08:4e:a7:48:90:98:d3:8b:dd:ee:d4:90:7f:52:
                    cd:04:63:06:75:08:9d:d9:5d:ea:f1:b5:a6:2d:a1:
                    d7:a9:54:c5:6e:6d:60:e3:5a:15:af:1f:43:3c:b8:
                    f6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:FC:86:90:E6:9C:87:32:64:F4:3C:A0:0E:74:C1:9C:39:BA:0F:48
            X509v3 Authority Key Identifier:
                keyid:87:51:05:4D:FB:FD:AD:22:C4:9E:6B:BA:DA:B3:A1:8F:42:A1:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h1EFTfv9rSLEnmu62rOhj0Khw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/1da7ec-1c34-4647-9e83-7579e85a1a49/1/GvyGkOachzJk9DygDnTBnDm6D0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/1da7ec-1c34-4647-9e83-7579e85a1a49/1/h1EFTfv9rSLEnmu62rOhj0Khw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.52.0/24
                IPv6:
                  2a0d:2d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:45:47:60:66:b1:a6:e7:26:9b:05:37:1d:43:3d:ad:40:f9:
         d9:f5:7d:17:d9:bd:97:7d:99:42:77:ad:a2:01:fb:2a:cb:7e:
         85:c6:aa:21:ba:1b:27:16:3c:e4:3f:b5:1a:67:d5:19:fd:9d:
         90:07:32:05:2c:b0:b8:cb:d9:35:df:b4:d7:59:8f:15:41:cd:
         b8:1e:9f:e0:3c:7c:53:35:53:dc:8d:20:d3:3f:02:2f:33:9f:
         3d:f4:37:02:6c:44:6c:88:4c:e6:57:ae:01:18:94:92:6f:87:
         96:ca:01:f6:5c:03:a1:32:2c:d5:8c:11:12:52:f4:26:45:f5:
         35:6b:c6:cc:ca:20:0b:6a:ca:d1:00:ab:45:d5:f0:77:89:19:
         5c:e4:23:0c:48:cf:69:76:da:34:59:40:8e:75:8f:43:38:53:
         e5:e7:7f:00:b9:05:61:5e:b0:2b:58:d5:3a:62:58:d9:0b:7e:
         e7:7e:69:4b:a7:9c:e6:8e:0b:59:1d:a8:8a:95:3e:ab:79:0c:
         20:9d:18:b2:c3:d7:4a:c9:92:6d:b6:95:39:e9:68:1f:1a:0b:
         92:ec:8f:a0:54:c3:09:00:c5:70:6d:ea:64:77:84:17:43:8c:
         7d:32:07:1b:a8:0b:26:b8:16:7e:c4:ce:63:dc:67:2d:4b:b5:
         89:06:58:31
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZlYM4T//qAQu8fa+2XMaJ6lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NTEwNTRkZmJmZGFkMjJjNDllNmJiYWRhYjNhMThmNDJh
MWMzNjQwHhcNMjUwOTE3MTUwMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWZjODY5MGU2OWM4NzMyNjRmNDNjYTAwZTc0YzE5YzM5YmEwZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtn4W9elOxKL90ZyijEdSZlpWj/kv
PzBgMXyh+AMcVBTZ+JQet2fmlP5NWfCR/V2G58n8mxLXyomnNiJBY2dfWjxT21QJ
cW3ZoMNp+yb+0FhNNyWPXOU+hmihVfrF6npRFzsMRSBboKkPAWEQtR3TMn/v22Qr
EGOhCYMOQsyHdyqVag7+h101EpruNJ6v4aBJZTErOOORI3dn0EEyk4NaziDB7A8w
Z5MfhNJal6fghEB/zIGLjfMR/j9ej6FnoyLPipMOwy8wal9Rrh3KYBdo7EE1CE6n
SJCY04vd7tSQf1LNBGMGdQid2V3q8bWmLaHXqVTFbm1g41oVrx9DPLj2SQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBr8hpDmnIcyZPQ8oA50wZw5ug9IMB8GA1UdIwQY
MBaAFIdRBU37/a0ixJ5rutqzoY9CocNkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDFFRlRmdjlyU0xFbm11NjJyT2hqMEtodzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xZGE3ZWMtMWMzNC00NjQ3LTllODMt
NzU3OWU4NWExYTQ5LzEvR3Z5R2tPYWNoekprOUR5Z0RuVEJuRG02RDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xZGE3ZWMtMWMzNC00NjQ3LTllODMtNzU3OWU4NWExYTQ5
LzEvaDFFRlRmdjlyU0xFbm11NjJyT2hqMEtodzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwmM0MA0E
AgACMAcDBQAqDS2AMA0GCSqGSIb3DQEBCwUAA4IBAQCFRUdgZrGm5yabBTcdQz2t
QPnZ9X0X2b2XfZlCd62iAfsqy36FxqohuhsnFjzkP7UaZ9UZ/Z2QBzIFLLC4y9k1
37TXWY8VQc24Hp/gPHxTNVPcjSDTPwIvM5899DcCbERsiEzmV64BGJSSb4eWygH2
XAOhMizVjBESUvQmRfU1a8bMyiALasrRAKtF1fB3iRlc5CMMSM9pdto0WUCOdY9D
OFPl538AuQVhXrArWNU6YljZC37nfmlLp5zmjgtZHaiKlT6reQwgnRiyw9dKyZJt
tpU56WgfGguS7I+gVMMJAMVwbepkd4QXQ4x9MgcbqAsmuBZ+xM5j3GctS7WJBlgx
-----END CERTIFICATE-----