Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/GG3QiT3L8y2-6K509vuWf-CfKL0.roa
File:                     GG3QiT3L8y2-6K509vuWf-CfKL0.roa (raw, json)
Hash identifier:          0l/LpwFeQpYG65cH+t5aLrBuln2/gPSbbnRKosRRf2s=
Subject key identifier:   18:6D:D0:89:3D:CB:F3:2D:BE:E8:AE:74:F6:FB:96:7F:E0:9F:28:BD
Certificate issuer:       /CN=e4d608e0f7a1086c8451de5d637847b52217abb4
Certificate serial:       019A06B2A8EF9137225DB59100B108A5C245
Authority key identifier: E4:D6:08:E0:F7:A1:08:6C:84:51:DE:5D:63:78:47:B5:22:17:AB:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5NYI4PehCGyEUd5dY3hHtSIXq7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/GG3QiT3L8y2-6K509vuWf-CfKL0.roa
Signing time:             Tue 21 Oct 2025 12:16:03 +0000
ROA not before:           Tue 21 Oct 2025 12:16:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214977
IP address blocks:        91.228.249.0/24 maxlen: 24
                          194.11.239.0/24 maxlen: 24
                          2a14:4800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/5NYI4PehCGyEUd5dY3hHtSIXq7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/5NYI4PehCGyEUd5dY3hHtSIXq7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5NYI4PehCGyEUd5dY3hHtSIXq7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:06:b2:a8:ef:91:37:22:5d:b5:91:00:b1:08:a5:c2:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4d608e0f7a1086c8451de5d637847b52217abb4
        Validity
            Not Before: Oct 21 12:16:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=186dd0893dcbf32dbee8ae74f6fb967fe09f28bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:93:fb:57:f8:eb:24:41:4c:0f:a9:58:0c:1d:
                    a7:3c:35:9d:97:86:71:44:e7:f0:28:70:61:a9:8a:
                    f7:f5:83:c7:ba:c5:53:21:26:f4:d3:a0:39:bc:5a:
                    91:00:60:4f:fc:e0:b2:30:65:74:d2:aa:01:1f:7e:
                    98:3c:a5:60:23:1b:ee:58:91:41:00:d2:e6:df:06:
                    d0:96:36:ae:ca:ac:62:56:f2:dc:05:a1:5e:62:d6:
                    82:0e:59:65:b7:22:d4:7e:02:71:fd:7d:d2:66:4d:
                    2e:ae:77:47:30:3c:7c:bd:3a:63:21:bf:f5:72:4e:
                    18:d2:27:d0:bb:26:c4:0b:e0:7c:76:b0:85:f2:25:
                    e2:8b:39:cb:1b:6a:5c:cd:e6:18:04:61:ff:22:24:
                    dd:96:47:be:60:cb:2f:17:7e:1d:2a:c4:4c:9f:cf:
                    13:4f:e8:aa:0a:59:a8:72:dd:9f:46:0a:cf:aa:bc:
                    b8:74:6e:66:d7:24:c4:b5:0b:c6:ce:a6:b2:e2:a7:
                    6e:33:24:ff:f0:9f:8f:84:b5:5e:95:e0:d3:44:49:
                    9d:b4:df:cf:91:9e:1b:87:a8:34:3c:92:e1:d8:e9:
                    6f:ed:8b:92:da:3f:cc:f5:16:b3:6a:37:e2:54:67:
                    e2:bf:90:a9:24:79:05:91:6e:5f:a3:b4:7d:24:b4:
                    44:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:6D:D0:89:3D:CB:F3:2D:BE:E8:AE:74:F6:FB:96:7F:E0:9F:28:BD
            X509v3 Authority Key Identifier:
                keyid:E4:D6:08:E0:F7:A1:08:6C:84:51:DE:5D:63:78:47:B5:22:17:AB:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5NYI4PehCGyEUd5dY3hHtSIXq7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/GG3QiT3L8y2-6K509vuWf-CfKL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/5NYI4PehCGyEUd5dY3hHtSIXq7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.249.0/24
                  194.11.239.0/24
                IPv6:
                  2a14:4800::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:8a:24:c6:be:1c:2d:a0:08:6d:54:5c:ba:98:cf:d2:b7:7a:
         68:42:b3:fd:e1:97:3c:6f:ae:44:fc:94:03:b1:67:8a:87:4f:
         20:98:12:e0:a9:22:82:f3:38:39:ba:be:c2:35:fa:88:1e:c3:
         23:ba:6a:5d:73:07:31:ff:c0:05:e2:d3:b4:d6:20:9f:41:da:
         91:be:b6:ba:78:a6:02:58:14:a6:fd:34:5c:77:8e:6f:e5:b0:
         3d:26:98:57:e3:a8:8f:30:e5:a0:82:0a:b7:8a:c8:4d:22:4f:
         52:c5:bb:f3:55:ca:c9:68:a6:4d:34:1e:c0:a1:9c:0f:fa:7a:
         32:d7:21:ec:f9:a4:f8:14:bb:8e:ab:f2:be:00:dd:de:44:a4:
         be:ca:6a:83:38:ee:70:c4:50:b6:bc:a3:2f:d1:03:44:12:48:
         dd:ec:8b:64:79:1a:ed:1f:a7:30:36:01:8f:5f:fb:dd:d1:1b:
         cb:d0:39:04:0c:6c:8a:6c:31:7e:bf:71:13:cc:73:f5:98:e5:
         fa:82:3f:33:03:46:c0:37:69:c6:02:8a:0c:29:ef:2a:48:96:
         9d:16:92:42:be:3b:7b:02:91:f1:b6:b9:f0:07:ec:d2:c8:00:
         66:b4:d8:26:fc:b7:b5:89:5e:e0:e4:6d:45:fd:25:dc:6e:fe:
         f0:3b:f5:dc
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZoGsqjvkTciXbWRALEIpcJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZDYwOGUwZjdhMTA4NmM4NDUxZGU1ZDYzNzg0N2I1MjIx
N2FiYjQwHhcNMjUxMDIxMTIxNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODZkZDA4OTNkY2JmMzJkYmVlOGFlNzRmNmZiOTY3ZmUwOWYyOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZP7V/jrJEFMD6lYDB2nPDWdl4Zx
ROfwKHBhqYr39YPHusVTISb006A5vFqRAGBP/OCyMGV00qoBH36YPKVgIxvuWJFB
ANLm3wbQljauyqxiVvLcBaFeYtaCDllltyLUfgJx/X3SZk0urndHMDx8vTpjIb/1
ck4Y0ifQuybEC+B8drCF8iXiiznLG2pczeYYBGH/IiTdlke+YMsvF34dKsRMn88T
T+iqClmoct2fRgrPqry4dG5m1yTEtQvGzqay4qduMyT/8J+PhLVeleDTREmdtN/P
kZ4bh6g0PJLh2Olv7YuS2j/M9RazajfiVGfiv5CpJHkFkW5fo7R9JLREmQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBht0Ik9y/MtvuiudPb7ln/gnyi9MB8GA1UdIwQY
MBaAFOTWCOD3oQhshFHeXWN4R7UiF6u0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU5ZSTRQZWhDR3lFVWQ1ZFkzaEh0U0lYcTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lZWM3MGEtYWE5Zi00MmFlLThhZDYt
YjdiYmY1YTFhYzczLzEvR0czUWlUM0w4eTItNks1MDl2dVdmLUNmS0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lZWM3MGEtYWE5Zi00MmFlLThhZDYtYjdiYmY1YTFhYzcz
LzEvNU5ZSTRQZWhDR3lFVWQ1ZFkzaEh0U0lYcTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+T5AwQA
wgvvMA0EAgACMAcDBQMqFEgAMA0GCSqGSIb3DQEBCwUAA4IBAQAViiTGvhwtoAht
VFy6mM/St3poQrP94Zc8b65E/JQDsWeKh08gmBLgqSKC8zg5ur7CNfqIHsMjumpd
cwcx/8AF4tO01iCfQdqRvra6eKYCWBSm/TRcd45v5bA9JphX46iPMOWgggq3ishN
Ik9SxbvzVcrJaKZNNB7AoZwP+noy1yHs+aT4FLuOq/K+AN3eRKS+ymqDOO5wxFC2
vKMv0QNEEkjd7ItkeRrtH6cwNgGPX/vd0RvL0DkEDGyKbDF+v3ETzHP1mOX6gj8z
A0bAN2nGAooMKe8qSJadFpJCvjt7ApHxtrnwB+zSyABmtNgm/Le1iV7g5G1F/SXc
bv7wO/Xc
-----END CERTIFICATE-----