Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/GgRzm6XdJtgztlq2L8QP7Fq_MiU.roa
File:                     GgRzm6XdJtgztlq2L8QP7Fq_MiU.roa (raw, json)
Hash identifier:          ehD0t7Zb24BzFaVvHAACJxocutQbEQmugsGj8AVJ7Lw=
Subject key identifier:   1A:04:73:9B:A5:DD:26:D8:33:B6:5A:B6:2F:C4:0F:EC:5A:BF:32:25
Certificate issuer:       /CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
Certificate serial:       019861D337B20B9118ABD80A1C39AE19EDBA
Authority key identifier: 02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/GgRzm6XdJtgztlq2L8QP7Fq_MiU.roa
Signing time:             Thu 31 Jul 2025 18:51:28 +0000
ROA not before:           Thu 31 Jul 2025 18:51:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207957
IP address blocks:        150.40.107.0/24 maxlen: 24
                          150.40.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:61:d3:37:b2:0b:91:18:ab:d8:0a:1c:39:ae:19:ed:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
        Validity
            Not Before: Jul 31 18:51:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a04739ba5dd26d833b65ab62fc40fec5abf3225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bd:72:fb:85:06:3b:a5:2d:8b:ba:2f:9e:1d:
                    63:3f:2e:89:0c:84:0a:e6:0b:10:bb:ac:4f:ec:08:
                    4f:44:4a:b1:1a:cb:de:de:2a:25:3d:1b:21:3f:6f:
                    35:32:c6:bf:e5:b2:f0:e8:e2:8b:28:b8:8a:81:34:
                    fd:58:37:84:c5:3e:81:88:d4:8e:c0:90:b7:75:78:
                    10:e0:8f:54:e4:9b:87:1c:01:ad:54:a9:a6:4f:ed:
                    a1:8e:4a:16:da:ec:a4:c1:cb:06:11:f1:7c:13:97:
                    23:15:51:a3:a9:8a:3a:7b:76:01:97:df:e5:f6:42:
                    13:7d:ca:a5:3f:ee:ad:7e:e8:ba:da:c4:c9:a8:07:
                    29:e8:4e:fd:d2:05:93:b5:5e:52:70:c9:62:3d:1b:
                    3a:95:2a:1d:f0:f5:ae:61:9f:e1:62:e3:15:a3:cc:
                    ce:4d:80:08:1b:48:d1:cd:94:91:01:b0:cb:62:c5:
                    51:ff:93:d1:85:ca:53:1f:1f:ef:35:a7:2f:7c:96:
                    9a:2f:59:48:a7:a1:c1:fb:59:b7:7d:30:45:7e:5e:
                    b1:cd:e2:fd:73:3f:d8:09:32:5d:1c:1c:d9:9c:fe:
                    a0:04:ed:a9:45:63:21:57:79:0c:2b:b8:22:de:f2:
                    b1:7b:34:fb:d3:04:77:f6:3a:01:65:e1:4c:1a:f8:
                    0f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:04:73:9B:A5:DD:26:D8:33:B6:5A:B6:2F:C4:0F:EC:5A:BF:32:25
            X509v3 Authority Key Identifier:
                keyid:02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/GgRzm6XdJtgztlq2L8QP7Fq_MiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.40.107.0/24
                  150.40.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:bf:40:62:c2:5f:38:54:d6:e7:2a:08:e8:d8:03:10:07:92:
         04:f3:0c:2e:7b:d5:e5:71:53:29:6b:c0:dc:ab:d3:bc:94:af:
         da:12:6f:7a:f8:6a:24:87:22:48:77:15:f2:b1:9d:7d:31:f9:
         55:6b:35:bb:17:2a:7b:cc:ae:5e:b4:b0:b3:85:9b:c5:c1:7b:
         c8:48:ff:cc:98:4b:0d:1f:72:db:da:ec:83:56:fc:65:98:77:
         30:dd:55:21:e5:79:22:2c:3c:bc:19:0b:aa:85:95:1b:7f:dc:
         49:58:66:a0:66:2e:dd:3b:41:f1:23:ef:50:67:5b:ee:66:46:
         90:ed:a5:2e:33:a5:80:8d:85:a7:49:87:3d:bc:c7:25:8c:b9:
         91:8c:85:3e:46:1c:0d:ca:de:9f:cd:85:4d:25:a3:9c:a0:1e:
         5e:27:a1:49:72:e4:9e:da:f2:d5:1b:26:81:80:0c:31:39:a1:
         11:ec:2e:98:62:7d:d9:36:86:84:56:f7:26:61:52:a2:16:32:
         c8:1d:7b:e5:5b:a8:0d:78:75:29:4c:cb:ab:35:d7:d3:8f:1a:
         b3:34:78:ef:17:55:bf:aa:26:e3:cc:43:4d:1f:8d:61:55:f1:
         5e:3a:1b:dc:80:ff:88:4f:01:16:cd:07:75:ff:5f:0e:9d:73:
         8a:bb:2b:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhh0zeyC5EYq9gKHDmuGe26MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYTk2MmMxZmU4ZTJlMTJhMzU1NzZmZDYyOTg3YTBjYmJh
NDYzZDQwHhcNMjUwNzMxMTg1MTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTA0NzM5YmE1ZGQyNmQ4MzNiNjVhYjYyZmM0MGZlYzVhYmYzMjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkr1y+4UGO6Uti7ovnh1jPy6JDIQK
5gsQu6xP7AhPREqxGsve3iolPRshP281Msa/5bLw6OKLKLiKgTT9WDeExT6BiNSO
wJC3dXgQ4I9U5JuHHAGtVKmmT+2hjkoW2uykwcsGEfF8E5cjFVGjqYo6e3YBl9/l
9kITfcqlP+6tfui62sTJqAcp6E790gWTtV5ScMliPRs6lSod8PWuYZ/hYuMVo8zO
TYAIG0jRzZSRAbDLYsVR/5PRhcpTHx/vNacvfJaaL1lIp6HB+1m3fTBFfl6xzeL9
cz/YCTJdHBzZnP6gBO2pRWMhV3kMK7gi3vKxezT70wR39joBZeFMGvgPUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBoEc5ul3SbYM7Zati/ED+xavzIlMB8GA1UdIwQY
MBaAFAKpYsH+ji4So1V2/WKYegy7pGPUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYt
N2QxMzQ5ODBjNWJlLzEvR2dSem02WGRKdGd6dGxxMkw4UVA3RnFfTWlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYtN2QxMzQ5ODBjNWJl
LzEvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAlihrAwQA
lihtMA0GCSqGSIb3DQEBCwUAA4IBAQCSv0Biwl84VNbnKgjo2AMQB5IE8wwue9Xl
cVMpa8Dcq9O8lK/aEm96+GokhyJIdxXysZ19MflVazW7Fyp7zK5etLCzhZvFwXvI
SP/MmEsNH3Lb2uyDVvxlmHcw3VUh5XkiLDy8GQuqhZUbf9xJWGagZi7dO0HxI+9Q
Z1vuZkaQ7aUuM6WAjYWnSYc9vMcljLmRjIU+RhwNyt6fzYVNJaOcoB5eJ6FJcuSe
2vLVGyaBgAwxOaER7C6YYn3ZNoaEVvcmYVKiFjLIHXvlW6gNeHUpTMurNdfTjxqz
NHjvF1W/qibjzENNH41hVfFeOhvcgP+ITwEWzQd1/18OnXOKuytr
-----END CERTIFICATE-----