Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/G-QzSCp9UymcdMz0daYu0sP3pEQ.roa
File:                     G-QzSCp9UymcdMz0daYu0sP3pEQ.roa (raw, json)
Hash identifier:          48RSeSTI22Va9gFaOQBvJ5gWYoxG8pgs56AwCUkVJxo=
Subject key identifier:   1B:E4:33:48:2A:7D:53:29:9C:74:CC:F4:75:A6:2E:D2:C3:F7:A4:44
Certificate issuer:       /CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
Certificate serial:       019A2B2B34787F53791DDEE372C392BBADA5
Authority key identifier: F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/G-QzSCp9UymcdMz0daYu0sP3pEQ.roa
Signing time:             Tue 28 Oct 2025 14:14:03 +0000
ROA not before:           Tue 28 Oct 2025 14:14:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208185
IP address blocks:        176.103.224.0/22 maxlen: 24
                          176.103.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2b:2b:34:78:7f:53:79:1d:de:e3:72:c3:92:bb:ad:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
        Validity
            Not Before: Oct 28 14:14:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1be433482a7d53299c74ccf475a62ed2c3f7a444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:8f:97:be:37:ad:59:8d:3c:04:37:b8:c8:93:
                    e9:ff:53:af:5a:8f:a6:f7:09:12:65:a5:3f:61:d1:
                    cd:13:8c:a8:30:94:30:c3:6a:4e:fa:f1:18:bf:30:
                    f7:28:90:54:7c:58:60:52:47:c1:6c:b6:b0:59:72:
                    50:17:11:6b:9c:40:5b:45:5e:99:be:98:73:6c:37:
                    95:88:af:9b:c9:60:6c:b9:be:a4:65:32:c9:d4:e2:
                    b8:cc:b2:2c:a1:45:95:be:01:4d:08:4d:98:10:f5:
                    40:3f:5d:f8:25:49:55:44:2b:a4:d3:20:97:93:9b:
                    a1:5f:b3:77:a3:ea:a2:84:7c:46:b6:f5:09:e3:81:
                    2b:b7:f8:65:57:16:bf:30:13:91:c8:9e:86:2a:84:
                    f5:88:9a:85:90:7f:66:1d:ec:07:cc:fb:25:2f:4f:
                    a2:7f:0f:22:0d:67:3c:f4:9e:49:62:74:79:2d:5c:
                    f9:27:6f:67:c5:6a:2f:33:c5:62:13:92:c7:fa:41:
                    e9:ac:21:22:90:61:7c:be:d6:18:c3:cf:7f:12:ad:
                    2f:e2:24:80:33:ef:7c:b5:e4:8b:39:f3:2e:b6:bd:
                    c7:d4:96:0d:3c:c7:77:69:03:6d:f4:e3:b7:27:aa:
                    62:b2:c8:3b:38:34:19:af:9b:47:23:9d:a3:b6:65:
                    ab:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:E4:33:48:2A:7D:53:29:9C:74:CC:F4:75:A6:2E:D2:C3:F7:A4:44
            X509v3 Authority Key Identifier:
                keyid:F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/G-QzSCp9UymcdMz0daYu0sP3pEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.224.0/22
                  176.103.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:ce:8e:b9:6e:ba:22:f2:ae:46:ec:fc:77:3d:35:ab:59:e0:
         99:a3:8e:9e:41:a5:2b:49:8f:c1:a3:bc:79:93:46:69:fb:f7:
         e9:83:e1:b0:2c:d4:3e:47:32:d4:e5:d3:40:25:75:75:23:e6:
         f5:15:93:34:11:0b:ac:57:ed:ac:d1:36:3c:86:e1:37:4b:cb:
         a1:aa:c2:e8:25:e7:bb:da:ca:4f:63:24:78:d0:9c:be:ee:6e:
         77:2a:39:e9:81:a2:7f:5d:4b:15:a1:af:bf:4f:7c:52:d4:2b:
         42:0f:39:4d:53:f9:62:74:4c:29:c9:41:11:ac:e5:4f:fe:af:
         64:24:64:00:12:8d:dd:7d:f0:90:14:13:86:6f:8e:57:1c:25:
         0b:ff:ca:e8:01:28:87:b3:d0:1d:b9:c4:66:de:9b:52:eb:c4:
         f0:c5:5f:e6:72:f8:1b:3e:c7:17:c7:a4:58:3c:04:31:33:e6:
         8a:b1:f6:9b:4c:79:90:2a:74:b1:84:aa:82:9a:b0:55:02:a2:
         ce:f3:ed:17:72:42:6f:b0:8e:54:4f:d1:9b:50:76:fe:45:c6:
         dc:e2:37:e6:a6:d4:be:6f:39:b5:f7:8e:9c:9b:87:70:0b:82:
         39:6b:5f:c4:9b:3c:98:ec:67:29:00:03:67:04:0a:9f:bf:cb:
         09:17:a1:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZorKzR4f1N5Hd7jcsOSu62lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjllYTRkOWQ4M2E3MjhkZDQxMDI5ZTg2YWY4YTEzMGQz
ODllZDQwHhcNMjUxMDI4MTQxNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmU0MzM0ODJhN2Q1MzI5OWM3NGNjZjQ3NWE2MmVkMmMzZjdhNDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8o+XvjetWY08BDe4yJPp/1OvWo+m
9wkSZaU/YdHNE4yoMJQww2pO+vEYvzD3KJBUfFhgUkfBbLawWXJQFxFrnEBbRV6Z
vphzbDeViK+byWBsub6kZTLJ1OK4zLIsoUWVvgFNCE2YEPVAP134JUlVRCuk0yCX
k5uhX7N3o+qihHxGtvUJ44Ert/hlVxa/MBORyJ6GKoT1iJqFkH9mHewHzPslL0+i
fw8iDWc89J5JYnR5LVz5J29nxWovM8ViE5LH+kHprCEikGF8vtYYw89/Eq0v4iSA
M+98teSLOfMutr3H1JYNPMd3aQNt9OO3J6pissg7ODQZr5tHI52jtmWrKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBvkM0gqfVMpnHTM9HWmLtLD96REMB8GA1UdIwQY
MBaAFPS56k2dg6co3UECnoavihMNOJ7UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMt
MDgxY2IyYjE3YWI1LzEvRy1RelNDcDlVeW1jZE16MGRhWXUwc1AzcEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMtMDgxY2IyYjE3YWI1
LzEvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsGfgAwQC
sGfoMA0GCSqGSIb3DQEBCwUAA4IBAQAozo65broi8q5G7Px3PTWrWeCZo46eQaUr
SY/Bo7x5k0Zp+/fpg+GwLNQ+RzLU5dNAJXV1I+b1FZM0EQusV+2s0TY8huE3S8uh
qsLoJee72spPYyR40Jy+7m53KjnpgaJ/XUsVoa+/T3xS1CtCDzlNU/lidEwpyUER
rOVP/q9kJGQAEo3dffCQFBOGb45XHCUL/8roASiHs9AducRm3ptS68TwxV/mcvgb
PscXx6RYPAQxM+aKsfabTHmQKnSxhKqCmrBVAqLO8+0XckJvsI5UT9GbUHb+Rcbc
4jfmptS+bzm1946cm4dwC4I5a1/EmzyY7GcpAANnBAqfv8sJF6FP
-----END CERTIFICATE-----