Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/gNmkHQKwVjoDmGP4C1z9iwzkGP4.roa
File:                     gNmkHQKwVjoDmGP4C1z9iwzkGP4.roa (raw, json)
Hash identifier:          57vHnGPa0cP0V8QujwgNB/Ef2IqIfbDHgULRufuedUM=
Subject key identifier:   80:D9:A4:1D:02:B0:56:3A:03:98:63:F8:0B:5C:FD:8B:0C:E4:18:FE
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019A121EDB7F0676270A071C4F77ACE3B934
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/gNmkHQKwVjoDmGP4C1z9iwzkGP4.roa
Signing time:             Thu 23 Oct 2025 17:30:03 +0000
ROA not before:           Thu 23 Oct 2025 17:30:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55201
IP address blocks:        212.134.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:28:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:12:1e:db:7f:06:76:27:0a:07:1c:4f:77:ac:e3:b9:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Oct 23 17:30:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80d9a41d02b0563a039863f80b5cfd8b0ce418fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ad:c3:19:da:9a:3d:d0:df:f5:a3:92:a2:73:
                    f1:79:e6:15:47:79:1d:b8:b4:3a:d4:d2:b5:79:63:
                    7d:85:9c:61:d7:31:97:86:6b:14:ea:c8:2a:3b:ed:
                    33:a5:8f:00:96:65:6d:e2:e3:5f:ef:28:bf:18:4d:
                    f4:96:56:a2:24:b1:90:7d:97:dc:38:f4:fc:eb:c7:
                    e4:09:44:8a:ce:35:b6:e1:f3:a1:25:6b:fc:b5:88:
                    06:ac:32:2f:b6:8f:7c:9f:3a:3f:e4:64:92:46:29:
                    c5:e2:09:06:30:3d:de:90:24:30:71:a0:a5:41:41:
                    67:a0:3e:ef:0b:6e:b1:be:c9:cd:fe:ec:e6:85:bd:
                    08:db:38:c7:58:16:af:8e:8f:94:89:bc:57:5f:d4:
                    93:c2:f3:8d:e5:08:48:0e:13:0e:6a:ba:49:62:61:
                    3c:d6:4e:4d:c9:0f:06:f5:a6:4a:d5:d4:43:d9:5b:
                    d7:d2:c6:44:2b:e1:66:f4:40:ff:49:c6:0d:9b:ec:
                    9c:ce:19:47:ec:39:e4:5b:35:6e:86:73:89:e5:61:
                    ab:d5:d1:44:b4:cd:57:44:fb:83:35:24:07:ed:2b:
                    ec:a7:08:af:a6:e8:de:bf:eb:61:07:08:6e:6e:54:
                    f4:dd:f9:87:48:b2:f7:77:5f:91:ca:8e:99:5e:b9:
                    32:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:D9:A4:1D:02:B0:56:3A:03:98:63:F8:0B:5C:FD:8B:0C:E4:18:FE
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/gNmkHQKwVjoDmGP4C1z9iwzkGP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d7:d1:5a:7c:57:b9:fa:2e:34:3b:41:a5:f4:ef:1c:87:9e:
         17:69:ea:13:ef:1a:e7:ed:97:9b:5e:9b:56:9b:48:aa:08:83:
         69:c8:f7:cd:fa:3d:e6:d4:ea:27:cf:c5:cc:9b:06:ea:59:7e:
         a2:66:d5:8a:f1:3e:4e:b0:7e:45:54:9c:d9:68:1c:d7:f2:cf:
         80:98:9f:28:92:48:e6:f9:6d:04:98:78:f3:21:e5:87:c6:8d:
         b0:1d:6f:a2:7b:ea:03:e5:df:5b:54:5c:01:79:66:73:ea:98:
         18:85:80:ca:ca:61:51:eb:18:3a:88:ca:6f:f2:57:c7:dd:9d:
         d8:b6:cb:c4:46:0b:b9:71:65:70:c9:60:29:da:7d:1a:e4:6b:
         17:1b:0f:62:e1:46:02:f3:77:1e:0d:55:b4:82:c9:6d:f5:f8:
         43:5e:bd:93:79:67:d2:af:d0:a1:8f:c8:e1:b3:b8:61:66:02:
         1d:17:5f:5e:05:d7:2b:c2:1b:f7:75:e8:76:35:39:59:d3:a6:
         4f:83:c6:34:f5:9a:f7:3b:22:6c:01:97:b5:e5:56:f1:fb:39:
         5d:97:a9:5e:55:0a:e4:fc:2b:96:94:fd:dd:ec:72:9d:16:dd:
         e4:20:fe:8f:f9:33:c2:f8:66:3a:94:4f:81:73:fb:f0:ea:64:
         a5:09:25:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoSHtt/BnYnCgccT3es47k0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDIzMTczMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGQ5YTQxZDAyYjA1NjNhMDM5ODYzZjgwYjVjZmQ4YjBjZTQxOGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6q3DGdqaPdDf9aOSonPxeeYVR3kd
uLQ61NK1eWN9hZxh1zGXhmsU6sgqO+0zpY8AlmVt4uNf7yi/GE30llaiJLGQfZfc
OPT868fkCUSKzjW24fOhJWv8tYgGrDIvto98nzo/5GSSRinF4gkGMD3ekCQwcaCl
QUFnoD7vC26xvsnN/uzmhb0I2zjHWBavjo+UibxXX9STwvON5QhIDhMOarpJYmE8
1k5NyQ8G9aZK1dRD2VvX0sZEK+Fm9ED/ScYNm+yczhlH7DnkWzVuhnOJ5WGr1dFE
tM1XRPuDNSQH7Svspwivpujev+thBwhublT03fmHSLL3d1+Ryo6ZXrkyMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDZpB0CsFY6A5hj+Atc/YsM5Bj+MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvZ05ta0hRS3dWam9EbUdQNEMxejlpd3prR1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IayMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ19FafFe5+i40O0Gl9O8ch54XaeoT7xrn7ZebXptW
m0iqCINpyPfN+j3m1Oonz8XMmwbqWX6iZtWK8T5OsH5FVJzZaBzX8s+AmJ8okkjm
+W0EmHjzIeWHxo2wHW+ie+oD5d9bVFwBeWZz6pgYhYDKymFR6xg6iMpv8lfH3Z3Y
tsvERgu5cWVwyWAp2n0a5GsXGw9i4UYC83ceDVW0gslt9fhDXr2TeWfSr9Chj8jh
s7hhZgIdF19eBdcrwhv3deh2NTlZ06ZPg8Y09Zr3OyJsAZe15Vbx+zldl6leVQrk
/CuWlP3d7HKdFt3kIP6P+TPC+GY6lE+Bc/vw6mSlCSVA
-----END CERTIFICATE-----