Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/gfUQxZf716-HSp7xPfSbqE7VvUQ.roa
File:                     gfUQxZf716-HSp7xPfSbqE7VvUQ.roa (raw, json)
Hash identifier:          r1nBveRpIdnYjv06tCcb1Umx8XxX6zqSuPOa3WYDsmA=
Subject key identifier:   81:F5:10:C5:97:FB:D7:AF:87:4A:9E:F1:3D:F4:9B:A8:4E:D5:BD:44
Certificate issuer:       /CN=586b0182105bb27b0c8bcf2842bd3c1a85164bd1
Certificate serial:       01982EC16FC17A7935027F9E1CC08322B347
Authority key identifier: 58:6B:01:82:10:5B:B2:7B:0C:8B:CF:28:42:BD:3C:1A:85:16:4B:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGsBghBbsnsMi88oQr08GoUWS9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/gfUQxZf716-HSp7xPfSbqE7VvUQ.roa
Signing time:             Mon 21 Jul 2025 20:51:25 +0000
ROA not before:           Mon 21 Jul 2025 20:51:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        194.179.160.0/19 maxlen: 24
                          194.179.192.0/19 maxlen: 24
                          194.179.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/WGsBghBbsnsMi88oQr08GoUWS9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/WGsBghBbsnsMi88oQr08GoUWS9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WGsBghBbsnsMi88oQr08GoUWS9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2e:c1:6f:c1:7a:79:35:02:7f:9e:1c:c0:83:22:b3:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=586b0182105bb27b0c8bcf2842bd3c1a85164bd1
        Validity
            Not Before: Jul 21 20:51:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81f510c597fbd7af874a9ef13df49ba84ed5bd44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:66:58:39:d0:23:d8:96:69:e1:03:ed:6f:e9:
                    37:d8:62:16:12:4e:78:cb:e4:34:69:ff:89:79:88:
                    a0:0c:0b:15:bb:52:97:22:1b:cd:f8:d4:a1:64:ef:
                    0a:24:63:95:0a:83:02:3c:df:9c:31:cd:03:06:a0:
                    79:89:2f:a8:c4:84:19:c7:e4:ab:32:63:2c:95:08:
                    80:4e:40:00:2c:17:b3:7e:1d:0a:db:80:35:98:f5:
                    b3:33:82:d7:39:2e:b1:78:89:7f:09:6b:1d:a5:61:
                    63:1d:94:75:63:74:a6:50:b7:f7:65:d4:62:c7:c5:
                    c6:47:ed:90:91:e1:bd:02:7f:42:a3:cc:0d:0b:35:
                    f4:94:5a:6e:09:c8:82:6d:9c:12:a0:a6:9d:17:be:
                    8d:71:9c:aa:4c:71:fa:bb:47:ab:64:97:67:a7:f1:
                    59:7f:89:1b:52:39:0e:64:f4:e9:c8:8d:d5:64:94:
                    af:e4:14:37:a6:e6:cf:5f:c1:42:d8:5b:47:2b:b4:
                    fd:76:0e:4a:1d:02:c8:c0:bc:58:5c:09:e0:b7:33:
                    f0:56:5a:83:5a:8e:6a:84:05:50:7e:1a:2a:cf:f6:
                    26:a7:fe:e4:00:08:a0:f0:d2:c9:68:79:f9:ce:2f:
                    d2:ef:a9:ec:0a:12:a4:d5:91:c6:10:b3:08:76:b8:
                    b9:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:F5:10:C5:97:FB:D7:AF:87:4A:9E:F1:3D:F4:9B:A8:4E:D5:BD:44
            X509v3 Authority Key Identifier:
                keyid:58:6B:01:82:10:5B:B2:7B:0C:8B:CF:28:42:BD:3C:1A:85:16:4B:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGsBghBbsnsMi88oQr08GoUWS9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/gfUQxZf716-HSp7xPfSbqE7VvUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/WGsBghBbsnsMi88oQr08GoUWS9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.179.160.0-194.179.255.255

    Signature Algorithm: sha256WithRSAEncryption
         ec:ba:5b:7e:35:69:a1:8b:79:67:03:ba:d1:cb:3e:7c:61:89:
         c5:69:98:2a:08:d5:df:55:46:ce:b9:d5:39:02:21:89:31:09:
         b9:76:4b:20:31:76:45:9f:d7:93:2a:67:88:1f:84:6a:12:1a:
         75:ac:2f:f5:76:06:16:e7:6e:be:f3:c5:8a:17:b4:0a:1f:1f:
         03:b8:53:5b:6f:ae:10:4a:2c:b6:b7:d9:07:8b:ea:d4:70:eb:
         42:6f:09:36:7d:68:6e:89:b5:eb:c4:e8:11:23:29:80:97:16:
         04:b6:66:60:de:d4:12:0c:a6:c8:81:f0:d7:a5:34:aa:9d:40:
         97:5e:b8:bd:7c:1d:2d:fd:77:7e:a3:c0:59:1f:15:3f:ce:33:
         89:91:93:5d:89:b9:18:59:70:1a:1d:be:3b:a7:54:20:42:db:
         e7:1c:27:5f:02:d2:28:3a:ae:2f:d2:3f:1f:b8:70:ef:56:dd:
         68:bd:fe:2e:37:9d:f7:a5:90:86:b9:88:8b:c1:1a:ad:ee:34:
         fc:54:3c:9b:75:19:ae:b9:0a:90:1d:e7:20:49:08:cd:ed:87:
         1b:8e:3a:ca:72:59:aa:c2:d4:a6:33:d2:66:af:e7:9d:f3:1d:
         37:6b:9c:f8:49:c0:d8:b7:d7:18:54:4f:58:2b:3c:a5:7e:ae:
         fe:30:d4:7b
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZguwW/Benk1An+eHMCDIrNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NmIwMTgyMTA1YmIyN2IwYzhiY2YyODQyYmQzYzFhODUx
NjRiZDEwHhcNMjUwNzIxMjA1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWY1MTBjNTk3ZmJkN2FmODc0YTllZjEzZGY0OWJhODRlZDViZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGZYOdAj2JZp4QPtb+k32GIWEk54
y+Q0af+JeYigDAsVu1KXIhvN+NShZO8KJGOVCoMCPN+cMc0DBqB5iS+oxIQZx+Sr
MmMslQiATkAALBezfh0K24A1mPWzM4LXOS6xeIl/CWsdpWFjHZR1Y3SmULf3ZdRi
x8XGR+2QkeG9An9Co8wNCzX0lFpuCciCbZwSoKadF76NcZyqTHH6u0erZJdnp/FZ
f4kbUjkOZPTpyI3VZJSv5BQ3pubPX8FC2FtHK7T9dg5KHQLIwLxYXAngtzPwVlqD
Wo5qhAVQfhoqz/Ymp/7kAAig8NLJaHn5zi/S76nsChKk1ZHGELMIdri5lwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIH1EMWX+9evh0qe8T30m6hO1b1EMB8GA1UdIwQY
MBaAFFhrAYIQW7J7DIvPKEK9PBqFFkvRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0dzQmdoQmJzbnNNaTg4b1FyMDhHb1VXUzlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81MmI0ODEtZjMwMy00YTk2LTk3ZGQt
NzM3MGZkODBkZjZjLzEvZ2ZVUXhaZjcxNi1IU3A3eFBmU2JxRTdWdlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81MmI0ODEtZjMwMy00YTk2LTk3ZGQtNzM3MGZkODBkZjZj
LzEvV0dzQmdoQmJzbnNNaTg4b1FyMDhHb1VXUzlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDBAXCs6AD
AwLCsDANBgkqhkiG9w0BAQsFAAOCAQEA7LpbfjVpoYt5ZwO60cs+fGGJxWmYKgjV
31VGzrnVOQIhiTEJuXZLIDF2RZ/XkypniB+EahIadawv9XYGFuduvvPFihe0Ch8f
A7hTW2+uEEostrfZB4vq1HDrQm8JNn1obom168ToESMpgJcWBLZmYN7UEgymyIHw
16U0qp1Al164vXwdLf13fqPAWR8VP84ziZGTXYm5GFlwGh2+O6dUIELb5xwnXwLS
KDquL9I/H7hw71bdaL3+Ljed96WQhrmIi8Eare40/FQ8m3UZrrkKkB3nIEkIze2H
G446ynJZqsLUpjPSZq/nnfMdN2uc+EnA2LfXGFRPWCs8pX6u/jDUew==
-----END CERTIFICATE-----