Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/gujpeuXdKQltuUKd7nb7ecCwHu0.roa
File:                     gujpeuXdKQltuUKd7nb7ecCwHu0.roa (raw, json)
Hash identifier:          2n9HbUvjLRQ1ByGXuU3L0Iu4zHU5gGJaPtEBGt//aPI=
Subject key identifier:   82:E8:E9:7A:E5:DD:29:09:6D:B9:42:9D:EE:76:FB:79:C0:B0:1E:ED
Certificate issuer:       /CN=90f64b12108d9b366779afbacf482f79f8c0e31a
Certificate serial:       019B797E1128D1D206D9E2E68505AE6C6C77
Authority key identifier: 90:F6:4B:12:10:8D:9B:36:67:79:AF:BA:CF:48:2F:79:F8:C0:E3:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPZLEhCNmzZnea-6z0gvefjA4xo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/gujpeuXdKQltuUKd7nb7ecCwHu0.roa
Signing time:             Thu 01 Jan 2026 12:17:43 +0000
ROA not before:           Thu 01 Jan 2026 12:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29242
IP address blocks:        185.102.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/kPZLEhCNmzZnea-6z0gvefjA4xo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/kPZLEhCNmzZnea-6z0gvefjA4xo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPZLEhCNmzZnea-6z0gvefjA4xo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:11:28:d1:d2:06:d9:e2:e6:85:05:ae:6c:6c:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f64b12108d9b366779afbacf482f79f8c0e31a
        Validity
            Not Before: Jan  1 12:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82e8e97ae5dd29096db9429dee76fb79c0b01eed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:af:88:0b:0e:52:1f:4b:17:0f:74:3a:27:90:
                    58:1b:d7:87:23:4d:c1:44:1b:b5:16:a6:85:37:38:
                    66:54:a7:0e:bd:e7:52:ee:3f:b2:46:1f:0e:13:9d:
                    79:a5:77:f5:b5:bd:03:b5:de:91:e6:69:97:66:f3:
                    73:51:c9:44:a0:bb:6f:03:98:bb:6e:65:e1:16:7a:
                    df:51:01:2c:da:80:7c:9a:10:cd:93:6e:88:c5:55:
                    53:33:ce:a1:b7:72:e4:50:66:aa:fb:8b:c4:43:23:
                    d4:58:bd:2c:17:91:4e:25:a7:16:d1:5a:88:f3:94:
                    dc:ee:c6:9c:e9:cb:c8:86:8c:7b:1c:c7:7c:86:e6:
                    66:a1:62:62:9c:57:ce:96:88:24:4d:ad:24:1d:d0:
                    1d:42:38:ce:ff:1c:d1:5d:2a:a8:ac:2e:bf:43:f9:
                    4f:57:e9:15:ae:8d:b0:7a:02:9f:b5:30:aa:ac:1d:
                    33:19:58:bc:f1:48:ab:03:3f:1a:83:53:18:2f:af:
                    52:76:1f:6e:05:ac:8a:f9:9c:9c:ee:5d:ac:8a:f9:
                    e2:8e:61:fc:03:1d:bc:b3:6d:e0:ea:ea:f8:09:15:
                    8d:43:45:d9:da:b0:b0:33:ec:ca:8b:8d:e4:18:94:
                    fb:9c:44:3c:44:24:7d:73:15:df:43:83:fc:2e:f3:
                    d8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E8:E9:7A:E5:DD:29:09:6D:B9:42:9D:EE:76:FB:79:C0:B0:1E:ED
            X509v3 Authority Key Identifier:
                keyid:90:F6:4B:12:10:8D:9B:36:67:79:AF:BA:CF:48:2F:79:F8:C0:E3:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPZLEhCNmzZnea-6z0gvefjA4xo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/gujpeuXdKQltuUKd7nb7ecCwHu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/kPZLEhCNmzZnea-6z0gvefjA4xo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:f0:68:63:24:e6:bb:2f:21:ab:68:8e:c1:e3:29:e3:61:fe:
         b1:8f:db:7c:18:cf:a5:37:bf:60:32:ea:ca:fc:55:60:4f:c6:
         29:a5:fc:89:13:58:cc:41:9e:0c:6c:ca:81:61:be:c6:b6:dd:
         4b:d8:2a:d0:56:ed:83:e7:f9:00:aa:2b:f8:08:e0:df:08:8e:
         4b:ab:77:6b:a6:63:6b:5c:d5:c7:13:5f:f7:9f:44:f4:49:2a:
         c4:6d:cf:ea:6e:2a:e8:f6:af:64:4a:30:2b:b5:4b:2e:08:a4:
         d4:09:6d:6d:1d:65:de:f2:1f:30:cf:55:9d:74:d8:2b:0f:3e:
         94:06:9f:70:bd:dc:8a:df:51:a1:1d:04:64:3b:8e:16:a8:c6:
         74:33:ca:c1:0c:76:03:15:bb:03:79:1f:cf:51:ae:be:e8:b7:
         b6:d9:9a:ae:5e:6a:dd:7d:17:0a:6d:e8:5f:af:c5:f9:9b:7e:
         e3:da:19:81:b4:21:3e:62:e8:3a:2e:ea:ab:57:99:fa:43:cb:
         30:11:ec:d8:3d:b3:9c:d2:18:02:a6:9e:04:63:b7:7c:88:b7:
         b3:5e:e6:52:75:64:bb:4b:a9:28:51:56:dd:06:3a:3f:6d:2b:
         88:f7:52:ee:55:8c:99:21:17:30:01:19:37:e5:52:a3:6b:31:
         63:fa:26:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fhEo0dIG2eLmhQWubGx3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjY0YjEyMTA4ZDliMzY2Nzc5YWZiYWNmNDgyZjc5Zjhj
MGUzMWEwHhcNMjYwMTAxMTIxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU4ZTk3YWU1ZGQyOTA5NmRiOTQyOWRlZTc2ZmI3OWMwYjAxZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16+ICw5SH0sXD3Q6J5BYG9eHI03B
RBu1FqaFNzhmVKcOvedS7j+yRh8OE515pXf1tb0Dtd6R5mmXZvNzUclEoLtvA5i7
bmXhFnrfUQEs2oB8mhDNk26IxVVTM86ht3LkUGaq+4vEQyPUWL0sF5FOJacW0VqI
85Tc7sac6cvIhox7HMd8huZmoWJinFfOlogkTa0kHdAdQjjO/xzRXSqorC6/Q/lP
V+kVro2wegKftTCqrB0zGVi88UirAz8ag1MYL69Sdh9uBayK+Zyc7l2sivnijmH8
Ax28s23g6ur4CRWNQ0XZ2rCwM+zKi43kGJT7nEQ8RCR9cxXfQ4P8LvPYjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILo6Xrl3SkJbblCne52+3nAsB7tMB8GA1UdIwQY
MBaAFJD2SxIQjZs2Z3mvus9IL3n4wOMaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BaTEVoQ05telpuZWEtNnowZ3ZlZmpBNHhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mMTlmNjItY2FkZS00MmM5LWE3NTct
MWRjYjBiYzdhOTZhLzEvZ3VqcGV1WGRLUWx0dVVLZDduYjdlY0N3SHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mMTlmNjItY2FkZS00MmM5LWE3NTctMWRjYjBiYzdhOTZh
LzEva1BaTEVoQ05telpuZWEtNnowZ3ZlZmpBNHhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWakMA0G
CSqGSIb3DQEBCwUAA4IBAQBL8GhjJOa7LyGraI7B4ynjYf6xj9t8GM+lN79gMurK
/FVgT8YppfyJE1jMQZ4MbMqBYb7Gtt1L2CrQVu2D5/kAqiv4CODfCI5Lq3drpmNr
XNXHE1/3n0T0SSrEbc/qbiro9q9kSjArtUsuCKTUCW1tHWXe8h8wz1WddNgrDz6U
Bp9wvdyK31GhHQRkO44WqMZ0M8rBDHYDFbsDeR/PUa6+6Le22ZquXmrdfRcKbehf
r8X5m37j2hmBtCE+Yug6LuqrV5n6Q8swEezYPbOc0hgCpp4EY7d8iLezXuZSdWS7
S6koUVbdBjo/bSuI91LuVYyZIRcwARk35VKjazFj+ibD
-----END CERTIFICATE-----