Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/GALRsHt2BP3_hLeCyF5X8veO3VQ.roa
File:                     GALRsHt2BP3_hLeCyF5X8veO3VQ.roa (raw, json)
Hash identifier:          MtSdNE65GoL9VWO2nC4FrJOXk2JbT39DC+CAtCVmfaA=
Subject key identifier:   18:02:D1:B0:7B:76:04:FD:FF:84:B7:82:C8:5E:57:F2:F7:8E:DD:54
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019A360400A9ECF5A43D544A6D4504D0E3FB
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/GALRsHt2BP3_hLeCyF5X8veO3VQ.roa
Signing time:             Thu 30 Oct 2025 16:47:03 +0000
ROA not before:           Thu 30 Oct 2025 16:47:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56512
IP address blocks:        185.86.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:36:04:00:a9:ec:f5:a4:3d:54:4a:6d:45:04:d0:e3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Oct 30 16:47:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1802d1b07b7604fdff84b782c85e57f2f78edd54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fe:2c:64:f4:d4:90:e9:57:2b:a3:4a:80:dd:
                    16:4d:62:c6:7a:21:5b:06:04:d8:34:b9:79:19:84:
                    4d:d1:b1:d0:ef:1e:4a:0e:6c:a5:23:2a:73:be:cd:
                    08:12:25:bd:30:bc:46:84:a4:45:26:9e:01:08:f1:
                    a0:c0:4e:ff:60:81:a9:7b:fa:b2:a7:5f:62:a0:72:
                    fd:bf:a3:9e:e4:70:97:b7:d0:1a:df:1e:16:db:fd:
                    53:70:b7:05:ad:73:d8:8c:74:20:15:f4:69:99:1a:
                    b7:34:81:6c:b7:ad:78:5c:66:b2:f7:66:11:da:88:
                    32:1d:8a:3a:ed:05:3d:90:f5:52:54:79:f3:1b:31:
                    bd:f2:fc:26:96:e8:e8:06:6c:a6:7f:b0:13:97:58:
                    d8:33:a5:0d:3c:cc:4d:7d:b1:04:fc:12:3a:ba:48:
                    5d:08:8a:ad:b0:8e:61:d5:d7:f5:6d:53:ec:11:90:
                    8a:cb:8b:f2:fe:65:56:c4:b4:6e:f3:c7:70:79:0c:
                    eb:24:b2:76:33:55:56:da:da:0b:71:19:72:e4:e4:
                    10:41:fb:8b:52:e6:18:06:58:c7:a4:c7:5c:d0:e1:
                    ee:dc:a0:45:2d:c3:6a:af:d0:9b:ff:44:fa:ab:47:
                    62:97:9a:76:46:0b:d3:81:cb:8a:30:42:a1:36:6d:
                    36:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:02:D1:B0:7B:76:04:FD:FF:84:B7:82:C8:5E:57:F2:F7:8E:DD:54
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/GALRsHt2BP3_hLeCyF5X8veO3VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:78:29:19:7b:d5:8d:96:a5:6e:46:26:12:dd:b6:5d:f6:dd:
         45:37:7b:fc:aa:4d:3e:27:90:8d:4a:6d:fb:41:f4:ce:cf:de:
         17:d3:52:a4:93:d0:a3:82:07:24:a6:68:44:64:68:e6:80:4e:
         4d:6b:d4:ef:61:70:8e:a1:4f:41:a7:af:f7:99:93:5b:df:7e:
         84:05:e0:3b:3d:82:be:ba:61:86:ee:26:89:fb:11:5b:31:5f:
         bd:20:2b:f0:f5:db:0a:63:1c:8a:a8:53:92:0c:e0:ee:21:60:
         11:41:52:86:42:6c:21:0b:b5:07:92:8f:43:fe:d7:96:92:bf:
         e8:fa:3d:1f:5a:39:26:91:03:31:98:c7:ce:04:55:ac:5a:b4:
         a1:80:6f:ed:b0:86:bb:71:02:49:42:fd:85:81:95:27:e1:09:
         63:92:0c:9b:26:f0:7c:c1:3e:be:01:e3:29:de:66:21:5e:12:
         a1:f8:7c:66:f9:25:0e:7b:ef:f2:d4:5e:3a:57:a0:5e:a8:61:
         fb:ca:6b:72:56:c4:f3:21:e0:63:dc:86:14:7b:21:9d:bb:81:
         2b:1f:fa:ba:bf:28:81:4b:5b:82:2a:0b:aa:49:80:87:d6:1f:
         4d:d5:d1:59:3c:7c:f5:c7:ee:54:38:ad:bc:4c:67:9b:ad:cf:
         da:ab:09:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo2BACp7PWkPVRKbUUE0OP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUxMDMwMTY0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODAyZDFiMDdiNzYwNGZkZmY4NGI3ODJjODVlNTdmMmY3OGVkZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf4sZPTUkOlXK6NKgN0WTWLGeiFb
BgTYNLl5GYRN0bHQ7x5KDmylIypzvs0IEiW9MLxGhKRFJp4BCPGgwE7/YIGpe/qy
p19ioHL9v6Oe5HCXt9Aa3x4W2/1TcLcFrXPYjHQgFfRpmRq3NIFst614XGay92YR
2ogyHYo67QU9kPVSVHnzGzG98vwmlujoBmymf7ATl1jYM6UNPMxNfbEE/BI6ukhd
CIqtsI5h1df1bVPsEZCKy4vy/mVWxLRu88dweQzrJLJ2M1VW2toLcRly5OQQQfuL
UuYYBljHpMdc0OHu3KBFLcNqr9Cb/0T6q0dil5p2RgvTgcuKMEKhNm02uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgC0bB7dgT9/4S3gsheV/L3jt1UMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvR0FMUnNIdDJCUDNfaExlQ3lGNVg4dmVPM1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVZBMA0G
CSqGSIb3DQEBCwUAA4IBAQCOeCkZe9WNlqVuRiYS3bZd9t1FN3v8qk0+J5CNSm37
QfTOz94X01Kkk9CjggckpmhEZGjmgE5Na9TvYXCOoU9Bp6/3mZNb336EBeA7PYK+
umGG7iaJ+xFbMV+9ICvw9dsKYxyKqFOSDODuIWARQVKGQmwhC7UHko9D/teWkr/o
+j0fWjkmkQMxmMfOBFWsWrShgG/tsIa7cQJJQv2FgZUn4QljkgybJvB8wT6+AeMp
3mYhXhKh+Hxm+SUOe+/y1F46V6BeqGH7ymtyVsTzIeBj3IYUeyGdu4ErH/q6vyiB
S1uCKguqSYCH1h9N1dFZPHz1x+5UOK28TGebrc/aqwme
-----END CERTIFICATE-----