Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/e552f4-96ca-4259-a82a-e35a67e5d9e2/1/G4p3T3vKIJwpoVG087GbMaXF5PU.roa
File:                     G4p3T3vKIJwpoVG087GbMaXF5PU.roa (raw, json)
Hash identifier:          S1k3o+lhMdQMdnd1dbHX7NQg9XvE842LHxXNFh07jnY=
Subject key identifier:   1B:8A:77:4F:7B:CA:20:9C:29:A1:51:B4:F3:B1:9B:31:A5:C5:E4:F5
Certificate issuer:       /CN=b28599292a6324297e02fff3c5119bee0b317548
Certificate serial:       019875DEBF81FB21D39FEA39660F33AB56C1
Authority key identifier: B2:85:99:29:2A:63:24:29:7E:02:FF:F3:C5:11:9B:EE:0B:31:75:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/soWZKSpjJCl-Av_zxRGb7gsxdUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/e552f4-96ca-4259-a82a-e35a67e5d9e2/1/G4p3T3vKIJwpoVG087GbMaXF5PU.roa
Signing time:             Mon 04 Aug 2025 16:16:28 +0000
ROA not before:           Mon 04 Aug 2025 16:16:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203455
IP address blocks:        185.133.132.0/22 maxlen: 32
                          2a05:70c0::/29 maxlen: 128
                          2a05:70c0::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/e552f4-96ca-4259-a82a-e35a67e5d9e2/1/soWZKSpjJCl-Av_zxRGb7gsxdUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/e552f4-96ca-4259-a82a-e35a67e5d9e2/1/soWZKSpjJCl-Av_zxRGb7gsxdUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/soWZKSpjJCl-Av_zxRGb7gsxdUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:de:bf:81:fb:21:d3:9f:ea:39:66:0f:33:ab:56:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b28599292a6324297e02fff3c5119bee0b317548
        Validity
            Not Before: Aug  4 16:16:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b8a774f7bca209c29a151b4f3b19b31a5c5e4f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:04:53:3e:9d:45:0a:21:06:11:c5:3b:ca:e6:
                    ac:6e:47:97:a6:16:aa:2e:2e:f5:43:da:20:6f:6a:
                    cf:3e:27:cb:c1:ef:77:41:c1:bd:3d:d1:ec:5b:a7:
                    ea:5a:a8:e7:9c:20:2e:c6:7f:da:9e:17:fd:bc:af:
                    ff:4f:b0:e3:ee:6e:5b:8a:b6:a4:d1:4f:48:2f:80:
                    6c:8d:df:b1:9f:42:43:29:5c:42:05:6f:a5:ef:97:
                    ed:de:3c:91:ad:e7:cd:39:bd:ca:83:a0:f8:29:21:
                    22:b3:d8:56:80:77:6d:32:98:98:2e:bd:be:c3:c8:
                    77:8d:0a:47:d9:a0:ce:e4:ae:10:64:93:d6:db:9b:
                    da:3b:71:56:b8:90:50:ec:ea:37:1d:1b:02:c3:4a:
                    b0:7c:fc:29:e5:35:cf:70:fe:c0:cd:8e:a5:88:6e:
                    df:86:86:74:f0:3c:3e:57:e4:85:21:93:4e:d3:15:
                    83:17:da:c6:7c:af:f0:5b:89:68:5b:df:25:ac:a8:
                    f1:31:85:97:c6:12:5b:ad:28:c7:8d:b2:f4:47:13:
                    89:0c:7b:62:c6:be:d1:b4:ad:d6:7e:be:fb:1e:d4:
                    44:06:35:d3:4e:46:9d:45:b5:c2:33:2b:1c:0c:e3:
                    6c:93:63:44:0c:7d:9d:b7:ad:07:81:6e:3a:a6:4a:
                    83:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:8A:77:4F:7B:CA:20:9C:29:A1:51:B4:F3:B1:9B:31:A5:C5:E4:F5
            X509v3 Authority Key Identifier:
                keyid:B2:85:99:29:2A:63:24:29:7E:02:FF:F3:C5:11:9B:EE:0B:31:75:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/soWZKSpjJCl-Av_zxRGb7gsxdUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/e552f4-96ca-4259-a82a-e35a67e5d9e2/1/G4p3T3vKIJwpoVG087GbMaXF5PU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/e552f4-96ca-4259-a82a-e35a67e5d9e2/1/soWZKSpjJCl-Av_zxRGb7gsxdUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.132.0/22
                IPv6:
                  2a05:70c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:8f:22:4c:74:82:9c:b5:6f:2e:52:a0:2b:ce:3c:d1:18:9a:
         a8:33:3e:1e:1b:00:28:5d:c0:0d:ff:46:af:32:e4:bf:ee:51:
         85:cd:e0:00:d2:70:d2:f7:1e:8d:ec:fa:85:56:4f:34:40:28:
         01:3f:eb:90:ef:d6:70:e7:cc:b0:c5:87:9f:47:fb:97:7f:f7:
         d8:be:0d:f9:7c:65:50:d9:ea:ac:63:2d:47:61:50:7b:90:f7:
         bd:11:60:b9:39:5e:2d:15:14:95:2e:f4:6e:13:a3:55:e5:ae:
         d3:cf:e0:9a:a9:e5:a0:99:6a:bc:2d:e4:a9:9b:2f:9e:69:ac:
         58:5f:03:68:a2:b9:1d:2c:87:06:88:d6:7f:8a:77:a9:5c:bc:
         a5:8a:9b:0a:41:0d:c8:39:94:8f:06:03:10:85:89:7d:e4:5b:
         dc:3a:70:d8:b6:95:55:f1:0f:e6:e4:08:e5:7b:61:47:c1:83:
         fc:83:74:62:68:02:9a:1a:cd:e8:f8:21:5c:d9:2b:f4:2a:2b:
         d3:7d:35:f8:09:e7:69:c3:0d:aa:c3:83:73:65:31:19:7e:0d:
         c1:d5:e2:16:ac:93:43:31:8c:5f:3e:f2:3f:ea:d7:4d:2a:5b:
         09:e2:61:ae:64:e5:6b:ad:c5:0d:9a:ab:2b:85:62:52:9e:f3:
         7c:6c:42:92
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZh13r+B+yHTn+o5Zg8zq1bBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyODU5OTI5MmE2MzI0Mjk3ZTAyZmZmM2M1MTE5YmVlMGIz
MTc1NDgwHhcNMjUwODA0MTYxNjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjhhNzc0ZjdiY2EyMDljMjlhMTUxYjRmM2IxOWIzMWE1YzVlNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgRTPp1FCiEGEcU7yuasbkeXphaq
Li71Q9ogb2rPPifLwe93QcG9PdHsW6fqWqjnnCAuxn/anhf9vK//T7Dj7m5birak
0U9IL4Bsjd+xn0JDKVxCBW+l75ft3jyRrefNOb3Kg6D4KSEis9hWgHdtMpiYLr2+
w8h3jQpH2aDO5K4QZJPW25vaO3FWuJBQ7Oo3HRsCw0qwfPwp5TXPcP7AzY6liG7f
hoZ08Dw+V+SFIZNO0xWDF9rGfK/wW4loW98lrKjxMYWXxhJbrSjHjbL0RxOJDHti
xr7RtK3Wfr77HtREBjXTTkadRbXCMyscDONsk2NEDH2dt60HgW46pkqDjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBuKd097yiCcKaFRtPOxmzGlxeT1MB8GA1UdIwQY
MBaAFLKFmSkqYyQpfgL/88URm+4LMXVIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc29XWktTcGpKQ2wtQXZfenhSR2I3Z3N4ZFVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9lNTUyZjQtOTZjYS00MjU5LWE4MmEt
ZTM1YTY3ZTVkOWUyLzEvRzRwM1QzdktJSndwb1ZHMDg3R2JNYVhGNVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9lNTUyZjQtOTZjYS00MjU5LWE4MmEtZTM1YTY3ZTVkOWUy
LzEvc29XWktTcGpKQ2wtQXZfenhSR2I3Z3N4ZFVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYWEMA0E
AgACMAcDBQMqBXDAMA0GCSqGSIb3DQEBCwUAA4IBAQCYjyJMdIKctW8uUqArzjzR
GJqoMz4eGwAoXcAN/0avMuS/7lGFzeAA0nDS9x6N7PqFVk80QCgBP+uQ79Zw58yw
xYefR/uXf/fYvg35fGVQ2eqsYy1HYVB7kPe9EWC5OV4tFRSVLvRuE6NV5a7Tz+Ca
qeWgmWq8LeSpmy+eaaxYXwNoorkdLIcGiNZ/inepXLylipsKQQ3IOZSPBgMQhYl9
5FvcOnDYtpVV8Q/m5Ajle2FHwYP8g3RiaAKaGs3o+CFc2Sv0KivTfTX4Cedpww2q
w4NzZTEZfg3B1eIWrJNDMYxfPvI/6tdNKlsJ4mGuZOVrrcUNmqsrhWJSnvN8bEKS
-----END CERTIFICATE-----