Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/xGGCf6Hil4Mo0C8TJDJWoZKOtQY.roa
File:                     xGGCf6Hil4Mo0C8TJDJWoZKOtQY.roa (raw, json)
Hash identifier:          OSJabINQbvYIP/JxqMQjPh9E61hQf/o/MtFixqbU+Rk=
Subject key identifier:   C4:61:82:7F:A1:E2:97:83:28:D0:2F:13:24:32:56:A1:92:8E:B5:06
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       019D9A31AFAC7C7A74C8CDB213F1A26DEAEC
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/xGGCf6Hil4Mo0C8TJDJWoZKOtQY.roa
Signing time:             Fri 17 Apr 2026 06:47:20 +0000
ROA not before:           Fri 17 Apr 2026 06:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        213.178.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:31:af:ac:7c:7a:74:c8:cd:b2:13:f1:a2:6d:ea:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Apr 17 06:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c461827fa1e2978328d02f13243256a1928eb506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1f:f7:3b:0c:1f:5e:59:8f:0b:7c:56:78:af:
                    ce:df:5a:5d:c5:1f:99:4b:1c:7c:f2:9d:fc:bc:9c:
                    4b:f0:cb:0c:e8:ea:90:96:c1:8e:0e:19:71:0a:82:
                    f8:f0:67:e3:ce:86:35:a8:33:27:b3:f4:8e:ce:37:
                    1d:7f:ec:bf:5c:33:68:82:42:ff:72:fd:4a:a0:54:
                    1e:7d:29:f6:55:0a:b0:d1:73:8e:6f:23:21:d4:40:
                    8a:ab:d8:b0:ff:cb:2b:31:f1:54:e2:1c:26:8f:46:
                    60:b9:0b:b2:4a:0f:ef:40:89:76:32:90:f6:8d:fc:
                    a1:8d:2d:83:3c:6c:f9:96:8e:d9:ac:a5:c5:70:ae:
                    77:7e:56:ec:61:db:c5:62:dc:9e:41:32:c9:5d:28:
                    f2:4c:9e:4a:af:14:05:38:b2:da:f4:1c:7d:0a:14:
                    13:cd:d9:b4:a4:eb:83:11:4f:3c:18:96:30:9f:39:
                    d2:db:e6:2a:47:25:b4:4b:2c:9a:a7:5c:7d:0e:af:
                    1b:20:f4:0e:70:82:cc:99:1a:cb:7e:8a:2d:fd:a7:
                    24:b5:cc:a2:f7:82:56:39:bd:02:3d:1b:09:4e:c4:
                    4b:f2:06:8a:3c:48:92:53:40:1b:a2:17:72:5c:12:
                    25:8c:0a:32:1d:0f:3f:51:4c:bb:12:72:e6:6f:8a:
                    92:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:61:82:7F:A1:E2:97:83:28:D0:2F:13:24:32:56:A1:92:8E:B5:06
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/xGGCf6Hil4Mo0C8TJDJWoZKOtQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:f5:33:a6:46:45:0d:9d:21:f5:ae:74:98:5e:f6:35:ee:61:
         b9:63:1d:d6:a8:57:28:aa:42:59:9d:a9:32:22:23:ac:12:5d:
         42:5f:f2:a6:83:44:92:d6:f6:45:30:5f:06:1c:ae:54:67:92:
         8f:3f:57:4b:75:f5:d7:53:15:78:1c:f0:e0:44:80:34:55:96:
         39:6c:12:b3:25:6d:97:7e:29:37:5a:3f:91:1a:17:a6:4c:55:
         9a:51:d4:25:a6:de:52:6a:79:59:a4:f0:0c:e5:80:84:8b:1f:
         42:1e:40:8e:33:e7:23:aa:bd:3a:bf:98:63:0f:65:51:91:05:
         c0:58:51:3b:b5:49:e0:a5:1d:ee:2b:98:96:c7:d4:42:34:82:
         3a:ac:b7:6a:04:d6:58:45:ec:e6:d7:0f:4a:22:1b:77:09:8e:
         52:45:f6:b4:e9:06:6a:03:07:b3:65:bf:b8:e9:a6:ff:74:f6:
         60:68:0d:9c:07:31:44:38:4b:b9:5d:27:fc:a9:6b:b3:a1:f3:
         7a:bf:be:c3:cf:f7:15:6a:23:11:c1:7f:78:81:4f:c7:f7:e1:
         2d:c9:f3:37:2a:fa:59:07:b5:01:d3:a8:8b:9d:2d:21:7a:b8:
         95:f8:9b:10:66:4f:89:30:84:09:ed:51:98:d4:55:89:cc:d5:
         e6:44:6c:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2aMa+sfHp0yM2yE/GibersMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjYwNDE3MDY0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDYxODI3ZmExZTI5NzgzMjhkMDJmMTMyNDMyNTZhMTkyOGViNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoB/3OwwfXlmPC3xWeK/O31pdxR+Z
Sxx88p38vJxL8MsM6OqQlsGODhlxCoL48GfjzoY1qDMns/SOzjcdf+y/XDNogkL/
cv1KoFQefSn2VQqw0XOObyMh1ECKq9iw/8srMfFU4hwmj0ZguQuySg/vQIl2MpD2
jfyhjS2DPGz5lo7ZrKXFcK53flbsYdvFYtyeQTLJXSjyTJ5KrxQFOLLa9Bx9ChQT
zdm0pOuDEU88GJYwnznS2+YqRyW0Syyap1x9Dq8bIPQOcILMmRrLfoot/acktcyi
94JWOb0CPRsJTsRL8gaKPEiSU0AbohdyXBIljAoyHQ8/UUy7EnLmb4qSzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRhgn+h4peDKNAvEyQyVqGSjrUGMB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEveEdHQ2Y2SGlsNE1vMEM4VEpESldvWktPdFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bKMMA0G
CSqGSIb3DQEBCwUAA4IBAQAH9TOmRkUNnSH1rnSYXvY17mG5Yx3WqFcoqkJZnaky
IiOsEl1CX/Kmg0SS1vZFMF8GHK5UZ5KPP1dLdfXXUxV4HPDgRIA0VZY5bBKzJW2X
fik3Wj+RGhemTFWaUdQlpt5SanlZpPAM5YCEix9CHkCOM+cjqr06v5hjD2VRkQXA
WFE7tUngpR3uK5iWx9RCNII6rLdqBNZYRezm1w9KIht3CY5SRfa06QZqAwezZb+4
6ab/dPZgaA2cBzFEOEu5XSf8qWuzofN6v77Dz/cVaiMRwX94gU/H9+EtyfM3KvpZ
B7UB06iLnS0heriV+JsQZk+JMIQJ7VGY1FWJzNXmRGwV
-----END CERTIFICATE-----