Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/gbl3K87pq61HBpBF-ynT8FRiuRc.roa
File:                     gbl3K87pq61HBpBF-ynT8FRiuRc.roa (raw, json)
Hash identifier:          cXfO4y1iR7IIc0IloXuoSNqbZybBreBshUvynFBvAaA=
Subject key identifier:   81:B9:77:2B:CE:E9:AB:AD:47:06:90:45:FB:29:D3:F0:54:62:B9:17
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       01997617A0BB76D3B92D8B588CD73F1C9157
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/gbl3K87pq61HBpBF-ynT8FRiuRc.roa
Signing time:             Tue 23 Sep 2025 10:21:23 +0000
ROA not before:           Tue 23 Sep 2025 10:21:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204834
IP address blocks:        85.133.160.0/22 maxlen: 24
                          85.133.229.0/24 maxlen: 24
                          85.133.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:17:a0:bb:76:d3:b9:2d:8b:58:8c:d7:3f:1c:91:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Sep 23 10:21:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81b9772bcee9abad47069045fb29d3f05462b917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9f:0a:d7:9f:69:6f:64:4f:e7:cb:e0:30:c9:
                    19:04:8f:bd:9e:e6:a5:37:18:17:84:7f:bb:19:8e:
                    8a:c0:6e:36:61:85:d7:7a:d3:d4:73:66:74:32:ea:
                    8e:ae:67:42:23:5c:d0:7f:00:6b:7d:81:37:a2:28:
                    19:ff:00:69:a1:26:cd:dd:6a:cf:a4:dc:09:f2:db:
                    e2:b9:fe:d0:2b:01:bb:5b:03:a0:e0:e9:42:b1:51:
                    12:32:ae:da:ce:2f:50:9a:f3:f4:12:b3:c6:61:cd:
                    c2:71:01:8d:e3:b2:f7:61:2b:23:74:1d:1d:38:92:
                    01:ee:b2:1a:b7:37:5a:f5:b9:93:1f:ba:cc:76:e6:
                    4b:bf:32:a7:17:4d:4b:80:5e:83:f5:41:06:b9:ae:
                    88:2b:65:3e:6d:23:3d:35:80:1f:be:78:20:f7:20:
                    1c:c1:af:23:04:94:3a:98:95:17:9f:62:a9:ba:dd:
                    4a:62:70:66:75:94:41:06:6f:2a:87:86:70:93:b5:
                    49:97:4f:f5:7c:b9:82:b3:04:f7:fd:2e:da:78:50:
                    f8:4c:85:bd:e8:e9:91:83:61:c8:be:c3:e8:9b:b5:
                    bc:a8:3a:fa:75:1e:68:e1:99:38:68:3e:92:19:ef:
                    76:18:12:36:1c:8a:60:d5:6f:df:75:dc:6c:79:95:
                    3f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B9:77:2B:CE:E9:AB:AD:47:06:90:45:FB:29:D3:F0:54:62:B9:17
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/gbl3K87pq61HBpBF-ynT8FRiuRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.160.0/22
                  85.133.229.0/24
                  85.133.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:d9:39:ca:72:d4:d3:3d:fa:a4:4c:51:f3:88:7e:d2:22:81:
         0e:45:cb:37:a4:cd:53:ea:bd:02:21:c4:67:33:68:d9:90:b9:
         fa:e2:2b:fc:e5:11:f2:97:e9:14:c3:7c:56:b7:72:a0:6c:b6:
         74:58:46:d3:0b:87:a9:7e:a3:31:fb:1b:91:f1:4c:8c:72:9c:
         dc:dc:af:bf:54:47:dd:0d:d3:29:42:65:d8:f7:3d:e5:b8:6a:
         61:99:0c:45:0d:30:ec:7f:46:af:4f:7f:c1:39:60:bf:6d:c8:
         1b:82:eb:22:63:87:eb:a4:bf:47:72:06:18:eb:59:72:fd:31:
         6d:59:48:f3:43:ac:13:2c:a0:bc:68:f1:b3:b3:a5:59:a9:da:
         45:a6:d4:9c:5b:e0:29:7b:d9:c1:49:98:3c:05:fc:62:ac:3b:
         21:1e:94:86:3d:3d:16:9f:94:2d:d7:e2:ca:b0:bc:65:6a:e2:
         d2:cc:ea:d6:7c:14:c4:3f:b5:80:52:65:f6:04:29:1a:f1:90:
         d9:49:30:73:b6:0a:c3:c4:f8:9b:7d:14:97:92:ac:8b:da:ef:
         0e:68:d0:22:22:f5:56:56:6f:43:68:1d:9d:4d:c1:40:11:ba:
         5f:c5:9b:39:ae:d9:7d:60:a1:23:1d:2a:c8:5e:d5:1e:f2:43:
         0c:6c:a4:14
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZl2F6C7dtO5LYtYjNc/HJFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwOTIzMTAyMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWI5NzcyYmNlZTlhYmFkNDcwNjkwNDVmYjI5ZDNmMDU0NjJiOTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJ8K159pb2RP58vgMMkZBI+9nual
NxgXhH+7GY6KwG42YYXXetPUc2Z0MuqOrmdCI1zQfwBrfYE3oigZ/wBpoSbN3WrP
pNwJ8tviuf7QKwG7WwOg4OlCsVESMq7azi9QmvP0ErPGYc3CcQGN47L3YSsjdB0d
OJIB7rIatzda9bmTH7rMduZLvzKnF01LgF6D9UEGua6IK2U+bSM9NYAfvngg9yAc
wa8jBJQ6mJUXn2Kput1KYnBmdZRBBm8qh4Zwk7VJl0/1fLmCswT3/S7aeFD4TIW9
6OmRg2HIvsPom7W8qDr6dR5o4Zk4aD6SGe92GBI2HIpg1W/fddxseZU/owIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIG5dyvO6autRwaQRfsp0/BUYrkXMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvZ2JsM0s4N3BxNjFIQnBCRi15blQ4RlJpdVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCVYWgAwQA
VYXlAwQAVYXyMA0GCSqGSIb3DQEBCwUAA4IBAQBF2TnKctTTPfqkTFHziH7SIoEO
Rcs3pM1T6r0CIcRnM2jZkLn64iv85RHyl+kUw3xWt3KgbLZ0WEbTC4epfqMx+xuR
8UyMcpzc3K+/VEfdDdMpQmXY9z3luGphmQxFDTDsf0avT3/BOWC/bcgbgusiY4fr
pL9HcgYY61ly/TFtWUjzQ6wTLKC8aPGzs6VZqdpFptScW+Ape9nBSZg8BfxirDsh
HpSGPT0Wn5Qt1+LKsLxlauLSzOrWfBTEP7WAUmX2BCka8ZDZSTBztgrDxPibfRSX
kqyL2u8OaNAiIvVWVm9DaB2dTcFAEbpfxZs5rtl9YKEjHSrIXtUe8kMMbKQU
-----END CERTIFICATE-----