Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/0d4810-902a-4b7d-9818-3cef5625aed6/1/Gt23A32LNafHLHsemLl1kayh63c.roa
File:                     Gt23A32LNafHLHsemLl1kayh63c.roa (raw, json)
Hash identifier:          0agfcNSK+86f7lJTamSexAv7ynwwXj+0r7ubyCpwQQc=
Subject key identifier:   1A:DD:B7:03:7D:8B:35:A7:C7:2C:7B:1E:98:B9:75:91:AC:A1:EB:77
Certificate issuer:       /CN=dfa69c3d98385d415405fc6fd30a800363c017c1
Certificate serial:       0199515D08405DEDAE0CCE764468A04FAD05
Authority key identifier: DF:A6:9C:3D:98:38:5D:41:54:05:FC:6F:D3:0A:80:03:63:C0:17:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/36acPZg4XUFUBfxv0wqAA2PAF8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/0d4810-902a-4b7d-9818-3cef5625aed6/1/Gt23A32LNafHLHsemLl1kayh63c.roa
Signing time:             Tue 16 Sep 2025 07:11:15 +0000
ROA not before:           Tue 16 Sep 2025 07:11:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        188.215.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/0d4810-902a-4b7d-9818-3cef5625aed6/1/36acPZg4XUFUBfxv0wqAA2PAF8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/0d4810-902a-4b7d-9818-3cef5625aed6/1/36acPZg4XUFUBfxv0wqAA2PAF8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/36acPZg4XUFUBfxv0wqAA2PAF8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:51:5d:08:40:5d:ed:ae:0c:ce:76:44:68:a0:4f:ad:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfa69c3d98385d415405fc6fd30a800363c017c1
        Validity
            Not Before: Sep 16 07:11:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1addb7037d8b35a7c72c7b1e98b97591aca1eb77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c0:aa:d4:c8:e6:66:61:00:ac:04:dd:4b:86:
                    f0:b8:72:2d:ff:a1:25:30:49:30:23:75:4a:7e:86:
                    84:bf:a5:04:fa:09:7c:fc:ff:c9:fc:cd:31:76:aa:
                    a2:97:aa:86:0d:3f:2d:b9:4b:1f:b7:21:12:f9:1d:
                    2c:0a:d0:f3:70:c4:a4:80:1e:74:c8:c0:3f:34:78:
                    ef:e3:c8:4e:6d:f5:66:5d:aa:7b:dc:76:95:81:08:
                    c9:ba:75:c8:22:dd:03:fa:79:97:8a:cc:8f:2e:43:
                    35:39:ee:04:0e:4d:d4:19:52:a3:4d:48:67:46:7c:
                    11:2f:40:2e:70:12:12:51:33:23:f6:d0:1a:26:5b:
                    82:0b:2a:99:e1:c0:4d:75:07:d4:7b:fe:18:60:ad:
                    18:34:08:98:56:e3:a2:b3:2c:4e:0a:f3:8f:48:69:
                    72:a5:12:f4:a6:9d:af:b3:db:23:2d:db:b5:85:58:
                    03:4a:fb:02:11:5a:63:fa:85:8f:91:86:26:a1:a0:
                    02:88:ee:73:16:b8:c4:13:be:e8:a7:da:49:9c:f7:
                    2d:35:98:76:ca:4b:86:2b:a4:06:3b:45:6b:6c:8d:
                    4f:4e:37:ef:02:40:c7:57:ad:ac:4c:00:24:08:8a:
                    bd:d0:7b:60:8c:18:93:d2:88:57:df:df:b1:aa:50:
                    78:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:DD:B7:03:7D:8B:35:A7:C7:2C:7B:1E:98:B9:75:91:AC:A1:EB:77
            X509v3 Authority Key Identifier:
                keyid:DF:A6:9C:3D:98:38:5D:41:54:05:FC:6F:D3:0A:80:03:63:C0:17:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/36acPZg4XUFUBfxv0wqAA2PAF8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/0d4810-902a-4b7d-9818-3cef5625aed6/1/Gt23A32LNafHLHsemLl1kayh63c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/0d4810-902a-4b7d-9818-3cef5625aed6/1/36acPZg4XUFUBfxv0wqAA2PAF8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.215.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:ff:9e:fe:fa:2d:d1:6b:e7:5e:79:45:2f:e5:0c:d8:79:0c:
         48:d7:ad:d2:e1:9c:e2:2d:d5:81:86:89:c3:58:ba:13:84:df:
         42:8e:0d:2c:fa:32:39:3a:9e:22:13:a0:d2:49:24:0a:24:8b:
         a1:23:c9:35:28:0e:ac:c0:1f:07:fc:ac:64:a5:42:45:50:14:
         5c:6b:85:7b:95:85:25:c7:80:c8:ae:56:90:b0:8d:0c:32:af:
         4e:22:ca:00:0c:c4:87:bc:ee:41:76:f1:9b:d3:96:5e:9c:4f:
         36:9b:16:47:fb:5c:23:84:59:f6:73:2b:01:bc:88:b3:40:1f:
         c0:e0:cb:13:ac:89:b4:84:6e:33:cb:99:ae:ff:3c:f3:08:7b:
         00:65:b1:f1:67:48:c5:5d:28:39:07:0e:a2:8b:17:62:8c:7a:
         3e:82:26:f0:56:b5:0f:31:0a:92:2f:67:5f:8f:65:3b:c4:c1:
         e6:c8:10:b4:f6:ce:64:9f:18:8f:20:ce:52:cd:fc:c8:39:d6:
         f7:dd:82:d8:81:49:c5:97:37:ea:6d:4b:07:8e:d2:c3:17:f3:
         4b:60:50:00:e0:98:f8:70:8a:7b:c0:a9:e5:bc:df:db:1a:59:
         9c:37:88:bc:0a:1c:8d:25:71:22:32:67:88:e3:d0:02:41:39:
         7f:c4:26:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlRXQhAXe2uDM52RGigT60FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYTY5YzNkOTgzODVkNDE1NDA1ZmM2ZmQzMGE4MDAzNjNj
MDE3YzEwHhcNMjUwOTE2MDcxMTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWRkYjcwMzdkOGIzNWE3YzcyYzdiMWU5OGI5NzU5MWFjYTFlYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8Cq1MjmZmEArATdS4bwuHIt/6El
MEkwI3VKfoaEv6UE+gl8/P/J/M0xdqqil6qGDT8tuUsftyES+R0sCtDzcMSkgB50
yMA/NHjv48hObfVmXap73HaVgQjJunXIIt0D+nmXisyPLkM1Oe4EDk3UGVKjTUhn
RnwRL0AucBISUTMj9tAaJluCCyqZ4cBNdQfUe/4YYK0YNAiYVuOisyxOCvOPSGly
pRL0pp2vs9sjLdu1hVgDSvsCEVpj+oWPkYYmoaACiO5zFrjEE77op9pJnPctNZh2
ykuGK6QGO0VrbI1PTjfvAkDHV62sTAAkCIq90HtgjBiT0ohX39+xqlB47wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrdtwN9izWnxyx7Hpi5dZGsoet3MB8GA1UdIwQY
MBaAFN+mnD2YOF1BVAX8b9MKgANjwBfBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzZhY1BaZzRYVUZVQmZ4djB3cUFBMlBBRjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8wZDQ4MTAtOTAyYS00YjdkLTk4MTgt
M2NlZjU2MjVhZWQ2LzEvR3QyM0EzMkxOYWZITEhzZW1MbDFrYXloNjNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8wZDQ4MTAtOTAyYS00YjdkLTk4MTgtM2NlZjU2MjVhZWQ2
LzEvMzZhY1BaZzRYVUZVQmZ4djB3cUFBMlBBRjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNdtMA0G
CSqGSIb3DQEBCwUAA4IBAQCV/57++i3Ra+deeUUv5QzYeQxI163S4ZziLdWBhonD
WLoThN9Cjg0s+jI5Op4iE6DSSSQKJIuhI8k1KA6swB8H/KxkpUJFUBRca4V7lYUl
x4DIrlaQsI0MMq9OIsoADMSHvO5BdvGb05ZenE82mxZH+1wjhFn2cysBvIizQB/A
4MsTrIm0hG4zy5mu/zzzCHsAZbHxZ0jFXSg5Bw6iixdijHo+gibwVrUPMQqSL2df
j2U7xMHmyBC09s5knxiPIM5SzfzIOdb33YLYgUnFlzfqbUsHjtLDF/NLYFAA4Jj4
cIp7wKnlvN/bGlmcN4i8ChyNJXEiMmeI49ACQTl/xCbE
-----END CERTIFICATE-----