Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/ghNDZNJhpYP_Htc1Wek-L5R4BeI.roa
File:                     ghNDZNJhpYP_Htc1Wek-L5R4BeI.roa (raw, json)
Hash identifier:          R8J6wlPRCV7dUDvscKB1CZV2169wkfxGRLHSAdA+H2w=
Subject key identifier:   82:13:43:64:D2:61:A5:83:FF:1E:D7:35:59:E9:3E:2F:94:78:05:E2
Certificate issuer:       /CN=706745ad92353da8a80cb2e0d229d68c2ef53db2
Certificate serial:       01995C8B1821153C09238903333CC1B02641
Authority key identifier: 70:67:45:AD:92:35:3D:A8:A8:0C:B2:E0:D2:29:D6:8C:2E:F5:3D:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGdFrZI1PaioDLLg0inWjC71PbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/ghNDZNJhpYP_Htc1Wek-L5R4BeI.roa
Signing time:             Thu 18 Sep 2025 11:17:23 +0000
ROA not before:           Thu 18 Sep 2025 11:17:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        185.133.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/cGdFrZI1PaioDLLg0inWjC71PbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/cGdFrZI1PaioDLLg0inWjC71PbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cGdFrZI1PaioDLLg0inWjC71PbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:8b:18:21:15:3c:09:23:89:03:33:3c:c1:b0:26:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706745ad92353da8a80cb2e0d229d68c2ef53db2
        Validity
            Not Before: Sep 18 11:17:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82134364d261a583ff1ed73559e93e2f947805e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:57:89:5f:ee:88:b6:51:bf:24:04:51:59:ef:
                    fa:37:dc:77:22:b0:af:b4:de:42:bf:af:f3:66:30:
                    0e:82:a4:9b:60:8d:92:59:69:a6:51:f8:cf:2c:f9:
                    59:96:f3:f6:85:59:08:ec:cf:89:bd:57:76:85:be:
                    ef:33:c2:f3:07:98:3e:b1:e9:0c:5f:5e:25:1e:d1:
                    ae:45:84:d5:16:ce:01:4c:5b:e9:82:5b:33:f9:39:
                    a4:ff:c3:a8:65:b3:00:d9:c7:be:d3:ef:a1:3d:b3:
                    f9:22:f4:08:53:b3:f3:13:13:6d:aa:af:39:87:52:
                    91:aa:92:33:7a:bc:6e:49:d3:c2:5c:8e:62:03:6b:
                    ec:c7:e2:bb:8e:6b:f3:98:18:f9:03:c9:19:26:f9:
                    b6:6f:f0:10:f9:49:b1:cd:06:08:4b:b6:cc:4f:ed:
                    46:49:17:7e:db:9e:11:1b:92:95:23:af:36:62:1c:
                    a3:d4:13:55:62:25:e2:28:33:66:b5:23:6f:fb:69:
                    2f:82:f7:b3:7b:e7:4d:61:8b:f3:f3:f5:a8:f6:10:
                    87:14:3c:10:1d:03:83:78:37:ec:4e:a6:24:7b:9a:
                    5b:ae:e4:2d:0c:64:99:9c:b2:04:ef:0d:56:b7:60:
                    91:28:af:ad:9a:ff:8c:73:9e:53:a3:10:78:5f:82:
                    67:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:13:43:64:D2:61:A5:83:FF:1E:D7:35:59:E9:3E:2F:94:78:05:E2
            X509v3 Authority Key Identifier:
                keyid:70:67:45:AD:92:35:3D:A8:A8:0C:B2:E0:D2:29:D6:8C:2E:F5:3D:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGdFrZI1PaioDLLg0inWjC71PbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/ghNDZNJhpYP_Htc1Wek-L5R4BeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/cGdFrZI1PaioDLLg0inWjC71PbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:7c:2e:ac:43:3e:85:7c:e8:ae:a8:88:29:31:a7:a2:c3:7b:
         a7:a8:b6:eb:4b:27:17:31:5b:42:6a:96:fc:28:1f:4e:ae:93:
         ab:bb:e3:0c:bd:60:0f:cc:92:c2:5a:4d:a2:aa:50:78:f3:48:
         b3:ed:7f:4f:cb:5f:e7:6e:07:06:5d:7c:d9:61:28:ab:20:d0:
         25:b0:b2:0c:49:f5:2c:c6:da:2c:2e:9f:87:47:e1:b2:0f:fa:
         62:45:06:1e:59:3e:13:7f:d6:c5:23:aa:cd:62:bc:36:c7:3b:
         6b:7d:90:19:6d:53:4a:b3:88:70:fd:ce:bf:b6:fc:44:f2:0e:
         8c:eb:33:32:17:f9:84:80:e4:7e:18:95:29:04:fb:fe:3b:5b:
         1d:0c:50:c6:df:32:76:40:ec:2c:28:e8:9a:51:cd:50:f2:1b:
         ab:36:54:97:90:f4:6d:34:a3:45:8e:9e:60:97:3e:1a:7d:5b:
         25:c6:3a:53:c9:5f:de:bb:e2:da:8a:76:ae:1e:fd:17:bc:4e:
         66:4b:44:70:4d:b0:d2:33:80:b2:57:d8:1b:2a:71:2c:52:c6:
         60:87:cf:1f:75:ed:2c:da:37:a2:a7:ea:14:82:44:03:75:b8:
         80:41:3f:9f:56:e2:ea:e4:dc:e9:25:36:4e:b9:a8:31:88:f1:
         2a:16:e6:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlcixghFTwJI4kDMzzBsCZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNjc0NWFkOTIzNTNkYThhODBjYjJlMGQyMjlkNjhjMmVm
NTNkYjIwHhcNMjUwOTE4MTExNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjEzNDM2NGQyNjFhNTgzZmYxZWQ3MzU1OWU5M2UyZjk0NzgwNWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+VeJX+6ItlG/JARRWe/6N9x3IrCv
tN5Cv6/zZjAOgqSbYI2SWWmmUfjPLPlZlvP2hVkI7M+JvVd2hb7vM8LzB5g+sekM
X14lHtGuRYTVFs4BTFvpglsz+Tmk/8OoZbMA2ce+0++hPbP5IvQIU7PzExNtqq85
h1KRqpIzerxuSdPCXI5iA2vsx+K7jmvzmBj5A8kZJvm2b/AQ+UmxzQYIS7bMT+1G
SRd+254RG5KVI682Yhyj1BNVYiXiKDNmtSNv+2kvgveze+dNYYvz8/Wo9hCHFDwQ
HQODeDfsTqYke5pbruQtDGSZnLIE7w1Wt2CRKK+tmv+Mc55ToxB4X4JnjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIITQ2TSYaWD/x7XNVnpPi+UeAXiMB8GA1UdIwQY
MBaAFHBnRa2SNT2oqAyy4NIp1owu9T2yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0dkRnJaSTFQYWlvRExMZzBpbldqQzcxUGJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kMGFiZDAtYjExNC00ZTNhLWFlNTkt
ZTIxNzYzYzY3MmZhLzEvZ2hORFpOSmhwWVBfSHRjMVdlay1MNVI0QmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kMGFiZDAtYjExNC00ZTNhLWFlNTktZTIxNzYzYzY3MmZh
LzEvY0dkRnJaSTFQYWlvRExMZzBpbldqQzcxUGJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYWsMA0G
CSqGSIb3DQEBCwUAA4IBAQA1fC6sQz6FfOiuqIgpMaeiw3unqLbrSycXMVtCapb8
KB9OrpOru+MMvWAPzJLCWk2iqlB480iz7X9Py1/nbgcGXXzZYSirINAlsLIMSfUs
xtosLp+HR+GyD/piRQYeWT4Tf9bFI6rNYrw2xztrfZAZbVNKs4hw/c6/tvxE8g6M
6zMyF/mEgOR+GJUpBPv+O1sdDFDG3zJ2QOwsKOiaUc1Q8hurNlSXkPRtNKNFjp5g
lz4afVslxjpTyV/eu+LainauHv0XvE5mS0RwTbDSM4CyV9gbKnEsUsZgh88fde0s
2jeip+oUgkQDdbiAQT+fVuLq5NzpJTZOuagxiPEqFuYe
-----END CERTIFICATE-----