Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/gb7ZNrNCCSbmUu64yI_p2Td_ryY.roa
File:                     gb7ZNrNCCSbmUu64yI_p2Td_ryY.roa (raw, json)
Hash identifier:          Qahs8UxIAXs5YiBBp2E7+t7tlVXGy2a3LYlpO4lt3yM=
Subject key identifier:   81:BE:D9:36:B3:42:09:26:E6:52:EE:B8:C8:8F:E9:D9:37:7F:AF:26
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       019A4ABBA67D738142037FDD15025782B10F
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/gb7ZNrNCCSbmUu64yI_p2Td_ryY.roa
Signing time:             Mon 03 Nov 2025 17:20:03 +0000
ROA not before:           Mon 03 Nov 2025 17:20:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150315
IP address blocks:        109.205.193.0/24 maxlen: 24
                          158.94.220.0/23 maxlen: 24
                          158.94.220.0/24 maxlen: 24
                          158.94.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:bb:a6:7d:73:81:42:03:7f:dd:15:02:57:82:b1:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Nov  3 17:20:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81bed936b3420926e652eeb8c88fe9d9377faf26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4c:54:04:37:4c:80:3a:0f:f8:03:83:5a:ee:
                    e1:44:62:33:ab:32:10:08:e9:0b:04:34:9d:a9:9a:
                    ca:3b:07:01:ed:90:59:1e:35:9c:33:58:44:72:19:
                    e5:d3:a3:96:21:96:5f:cd:27:01:9c:2a:5b:46:9d:
                    cb:a3:a9:7c:fb:3b:00:40:48:0e:97:e3:40:56:a9:
                    6c:39:7a:8c:ba:77:ac:40:af:07:f4:63:f5:7d:3d:
                    0e:62:88:6e:68:a9:70:72:28:3d:28:63:4f:6f:c9:
                    06:4c:40:a6:cf:e6:f7:f8:75:9a:54:62:93:19:26:
                    65:c1:21:41:a8:e5:38:34:11:3e:48:0e:20:62:c9:
                    f2:79:cb:8d:b5:1e:0c:83:61:6d:b5:87:a9:55:7b:
                    b0:51:51:02:af:06:e2:e1:b7:86:17:67:c8:bd:33:
                    1a:9c:0c:97:48:d8:5e:5c:e4:c4:0f:be:2a:78:5e:
                    2f:04:a6:a0:24:6a:65:a7:45:58:bf:75:e8:81:66:
                    7a:28:c6:b4:2c:f7:eb:c8:ba:3b:4d:24:a3:cb:be:
                    7c:9c:d7:fc:b1:9a:7f:8e:4e:a1:5d:9a:cd:2a:e4:
                    cc:29:f6:c1:77:ac:7f:5e:e8:89:a6:87:2f:15:75:
                    67:1a:4e:17:db:78:4b:6c:99:4d:e2:a0:e4:5f:d8:
                    20:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:BE:D9:36:B3:42:09:26:E6:52:EE:B8:C8:8F:E9:D9:37:7F:AF:26
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/gb7ZNrNCCSbmUu64yI_p2Td_ryY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.193.0/24
                  158.94.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:a3:67:9e:b5:6c:01:2a:e4:41:03:c0:9e:7e:b9:85:08:98:
         3a:cd:25:7e:cf:f3:ba:de:ae:ef:37:63:68:98:68:95:f1:43:
         e8:a9:bc:8d:c6:c9:33:21:4d:12:7a:93:a9:2c:da:55:20:e7:
         3c:91:ab:34:75:de:30:ae:c3:17:04:3a:ff:8e:e3:06:3d:72:
         b1:cb:3d:d7:21:f9:dc:4f:b7:84:a3:97:30:c5:f6:8e:01:ac:
         64:30:85:31:fe:fd:7a:7b:3f:36:b1:21:89:55:fc:e9:2b:b0:
         6d:37:24:8c:0a:ca:b6:0a:43:f6:a6:54:6b:44:d2:dc:9b:dd:
         9c:be:f5:e2:28:ff:ca:24:18:4f:7d:3e:3f:ef:34:9f:70:8f:
         db:6e:d3:33:78:88:da:06:51:dc:75:2c:a4:df:e1:00:6b:ec:
         8f:9d:27:89:27:21:1c:e2:a6:d5:8d:74:d6:a4:72:35:2e:26:
         40:e9:37:ec:0a:08:4c:cd:49:a5:64:62:59:51:94:e1:36:7a:
         a1:ca:2c:b0:4e:b8:3d:06:4a:73:d3:e1:28:b4:63:73:e9:e5:
         d1:7c:3a:08:25:06:e1:74:44:5b:79:90:f2:00:15:00:32:4d:
         16:73:39:c6:3e:d0:da:72:ab:c2:85:52:b7:30:94:28:05:e6:
         7d:d0:9f:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpKu6Z9c4FCA3/dFQJXgrEPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMTAzMTcyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWJlZDkzNmIzNDIwOTI2ZTY1MmVlYjhjODhmZTlkOTM3N2ZhZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkxUBDdMgDoP+AODWu7hRGIzqzIQ
COkLBDSdqZrKOwcB7ZBZHjWcM1hEchnl06OWIZZfzScBnCpbRp3Lo6l8+zsAQEgO
l+NAVqlsOXqMunesQK8H9GP1fT0OYohuaKlwcig9KGNPb8kGTECmz+b3+HWaVGKT
GSZlwSFBqOU4NBE+SA4gYsnyecuNtR4Mg2FttYepVXuwUVECrwbi4beGF2fIvTMa
nAyXSNheXOTED74qeF4vBKagJGplp0VYv3XogWZ6KMa0LPfryLo7TSSjy758nNf8
sZp/jk6hXZrNKuTMKfbBd6x/XuiJpocvFXVnGk4X23hLbJlN4qDkX9ggCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIG+2TazQgkm5lLuuMiP6dk3f68mMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvZ2I3Wk5yTkNDU2JtVXU2NHlJX3AyVGRfcnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbc3BAwQB
nl7cMA0GCSqGSIb3DQEBCwUAA4IBAQBJo2eetWwBKuRBA8CefrmFCJg6zSV+z/O6
3q7vN2NomGiV8UPoqbyNxskzIU0SepOpLNpVIOc8kas0dd4wrsMXBDr/juMGPXKx
yz3XIfncT7eEo5cwxfaOAaxkMIUx/v16ez82sSGJVfzpK7BtNySMCsq2CkP2plRr
RNLcm92cvvXiKP/KJBhPfT4/7zSfcI/bbtMzeIjaBlHcdSyk3+EAa+yPnSeJJyEc
4qbVjXTWpHI1LiZA6TfsCghMzUmlZGJZUZThNnqhyiywTrg9Bkpz0+EotGNz6eXR
fDoIJQbhdERbeZDyABUAMk0WcznGPtDacqvChVK3MJQoBeZ90J8N
-----END CERTIFICATE-----