Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/GnoVV1PtMRC2jUfUFiPdzHxlxwU.roa
File:                     GnoVV1PtMRC2jUfUFiPdzHxlxwU.roa (raw, json)
Hash identifier:          lk6jGrozVKQ/8B+Qe2uINFFR8sFLolbJMCGzGH2bMm8=
Subject key identifier:   1A:7A:15:57:53:ED:31:10:B6:8D:47:D4:16:23:DD:CC:7C:65:C7:05
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019A34FAAC7DFD5ACE756E5EC57AC0627364
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/GnoVV1PtMRC2jUfUFiPdzHxlxwU.roa
Signing time:             Thu 30 Oct 2025 11:57:14 +0000
ROA not before:           Thu 30 Oct 2025 11:57:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401783
IP address blocks:        80.174.252.0/23 maxlen: 23
                          80.174.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:54:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:34:fa:ac:7d:fd:5a:ce:75:6e:5e:c5:7a:c0:62:73:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: Oct 30 11:57:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a7a155753ed3110b68d47d41623ddcc7c65c705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f2:ae:56:ec:83:66:f3:dd:08:4f:d6:3b:69:
                    e1:93:91:6f:d7:78:f2:0f:9b:cb:3c:ce:7f:ee:09:
                    64:71:58:5a:38:3a:fd:2b:c1:d4:ea:83:37:10:d2:
                    93:9d:0f:3f:2a:37:b7:bd:8a:83:15:c8:b1:00:7c:
                    fd:43:cd:ee:9a:6c:57:ce:56:90:63:96:52:43:7f:
                    d6:0b:30:46:d2:88:54:b3:7e:67:5c:1a:2b:5c:1d:
                    d7:f7:39:9b:7e:c6:f4:fd:49:1f:3c:58:fb:04:af:
                    38:53:89:61:53:ef:ff:e3:17:51:c8:5d:d5:fd:8f:
                    36:ce:37:d7:a9:17:8e:36:be:9a:13:5c:26:ec:f8:
                    2b:af:d1:ce:76:5b:fc:61:f6:98:95:a6:0d:6d:8c:
                    ab:cb:6c:9f:36:fa:6a:d3:cd:b3:e6:cf:bb:fe:bb:
                    47:cc:ef:9e:6b:38:e0:48:30:33:5b:c2:94:60:70:
                    38:a4:79:6d:ec:8e:42:3f:67:7f:12:7d:d8:08:0b:
                    b4:3b:f6:82:b2:3a:8a:26:13:ef:56:d9:40:4a:ac:
                    09:ef:fc:d2:c4:f9:d3:c4:43:e6:e5:be:8d:4e:ec:
                    45:84:d5:75:ec:b8:13:af:99:5c:dd:fa:5d:b9:a6:
                    1d:25:28:6f:40:76:49:a0:f6:18:d8:a0:e6:74:cc:
                    a7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:7A:15:57:53:ED:31:10:B6:8D:47:D4:16:23:DD:CC:7C:65:C7:05
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/GnoVV1PtMRC2jUfUFiPdzHxlxwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.174.252.0-80.174.254.255

    Signature Algorithm: sha256WithRSAEncryption
         ce:61:11:fd:30:01:54:6e:fe:ad:4e:19:dd:60:0e:f7:78:44:
         4c:c7:54:85:d4:d1:55:b4:be:3a:fa:46:72:54:ed:16:9b:7d:
         78:47:f3:63:ba:e2:84:81:60:e8:96:5f:66:6a:c3:f7:f2:0d:
         8f:16:d8:c1:5a:30:b4:5a:81:54:d6:c2:e1:e3:13:3c:0f:c8:
         26:8e:10:a4:f7:e8:27:b0:4b:38:23:ab:df:ea:6d:2d:3c:5c:
         b2:88:84:e0:ce:d5:5a:98:3e:07:1a:c3:06:cb:18:5a:4e:de:
         5e:07:bd:f5:10:11:bc:13:6f:72:52:7e:ad:2b:5e:56:8a:2d:
         be:89:7c:3e:bc:f2:2c:ce:95:f7:36:34:18:72:1d:16:9b:8c:
         f3:7b:bb:07:c3:23:8e:c9:57:8b:e7:ad:3c:17:d3:0a:6b:33:
         32:1d:34:f0:04:76:f0:c6:68:3e:54:6d:8f:3c:19:4a:e2:61:
         ad:24:22:75:27:c6:d6:d4:db:f3:35:89:4c:16:de:f3:f2:15:
         57:93:b4:bf:ec:8a:97:14:91:fd:39:d9:78:d2:f4:c4:5c:9a:
         86:dc:0a:3b:b4:7b:b0:50:c5:94:cb:d2:2b:90:85:b2:e4:e4:
         41:ee:bd:48:b0:e2:f6:67:b1:c0:fc:70:37:23:b6:f7:f3:e0:
         82:0f:1f:40
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZo0+qx9/VrOdW5exXrAYnNkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjUxMDMwMTE1NzE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTdhMTU1NzUzZWQzMTEwYjY4ZDQ3ZDQxNjIzZGRjYzdjNjVjNzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/KuVuyDZvPdCE/WO2nhk5Fv13jy
D5vLPM5/7glkcVhaODr9K8HU6oM3ENKTnQ8/Kje3vYqDFcixAHz9Q83ummxXzlaQ
Y5ZSQ3/WCzBG0ohUs35nXBorXB3X9zmbfsb0/UkfPFj7BK84U4lhU+//4xdRyF3V
/Y82zjfXqReONr6aE1wm7Pgrr9HOdlv8YfaYlaYNbYyry2yfNvpq082z5s+7/rtH
zO+eazjgSDAzW8KUYHA4pHlt7I5CP2d/En3YCAu0O/aCsjqKJhPvVtlASqwJ7/zS
xPnTxEPm5b6NTuxFhNV17LgTr5lc3fpduaYdJShvQHZJoPYY2KDmdMyndwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBp6FVdT7TEQto1H1BYj3cx8ZccFMB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvR25vVlYxUHRNUkMyalVmVUZpUGR6SHhseHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJQrvwD
BABQrv4wDQYJKoZIhvcNAQELBQADggEBAM5hEf0wAVRu/q1OGd1gDvd4REzHVIXU
0VW0vjr6RnJU7RabfXhH82O64oSBYOiWX2Zqw/fyDY8W2MFaMLRagVTWwuHjEzwP
yCaOEKT36CewSzgjq9/qbS08XLKIhODO1VqYPgcawwbLGFpO3l4HvfUQEbwTb3JS
fq0rXlaKLb6JfD688izOlfc2NBhyHRabjPN7uwfDI47JV4vnrTwX0wprMzIdNPAE
dvDGaD5UbY88GUriYa0kInUnxtbU2/M1iUwW3vPyFVeTtL/sipcUkf052XjS9MRc
mobcCju0e7BQxZTL0iuQhbLk5EHuvUiw4vZnscD8cDcjtvfz4IIPH0A=
-----END CERTIFICATE-----