Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/f630a8-7179-4005-85ef-9b6db1e72088/1/GlhmPCyy1FDf_YTiqeYgVfiC97w.roa
File:                     GlhmPCyy1FDf_YTiqeYgVfiC97w.roa (raw, json)
Hash identifier:          aM5XCtKjHw7PII1T2KGsCatDptMXLc32zqDWbo5CqIM=
Subject key identifier:   1A:58:66:3C:2C:B2:D4:50:DF:FD:84:E2:A9:E6:20:55:F8:82:F7:BC
Certificate issuer:       /CN=0ca51990ce0c89f0d210609e67e9e807565c131f
Certificate serial:       019B7C129C2404DAF273FB6E5C53F87E236C
Authority key identifier: 0C:A5:19:90:CE:0C:89:F0:D2:10:60:9E:67:E9:E8:07:56:5C:13:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DKUZkM4MifDSEGCeZ-noB1ZcEx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/f630a8-7179-4005-85ef-9b6db1e72088/1/GlhmPCyy1FDf_YTiqeYgVfiC97w.roa
Signing time:             Fri 02 Jan 2026 00:19:12 +0000
ROA not before:           Fri 02 Jan 2026 00:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49432
IP address blocks:        195.128.231.0/24 maxlen: 24
                          2001:678:118c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/f630a8-7179-4005-85ef-9b6db1e72088/1/DKUZkM4MifDSEGCeZ-noB1ZcEx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/f630a8-7179-4005-85ef-9b6db1e72088/1/DKUZkM4MifDSEGCeZ-noB1ZcEx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DKUZkM4MifDSEGCeZ-noB1ZcEx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:9c:24:04:da:f2:73:fb:6e:5c:53:f8:7e:23:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ca51990ce0c89f0d210609e67e9e807565c131f
        Validity
            Not Before: Jan  2 00:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a58663c2cb2d450dffd84e2a9e62055f882f7bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ea:f2:e9:99:d0:a5:68:cb:af:75:3c:fc:be:
                    24:79:9c:0e:13:38:6f:0b:9e:6c:8e:25:b9:09:1d:
                    65:db:74:62:66:2e:07:13:56:31:1e:16:c5:c0:c2:
                    cb:d4:96:cd:65:28:e2:61:92:e7:26:94:17:6e:8e:
                    a9:d8:5d:29:1a:de:b5:85:8b:9b:ff:5a:ff:99:65:
                    8e:16:67:5d:d3:3d:19:4c:66:8b:77:98:c0:3b:12:
                    26:9b:67:4d:9d:1f:ec:db:ac:fb:a6:3f:d1:f0:e5:
                    53:3f:11:d1:b3:44:40:56:21:bf:c6:3f:55:2d:58:
                    28:6f:13:8c:f0:f0:f5:08:30:d3:9e:ad:9b:98:69:
                    02:82:2b:e8:e6:1c:6e:a1:95:64:d5:ed:09:92:ea:
                    a7:8e:83:3b:5b:d3:ca:24:c6:ca:b7:7d:0d:92:73:
                    c2:5e:df:03:3a:29:94:f6:36:e8:3b:99:b4:bf:e4:
                    ab:ec:a8:66:5a:ff:b6:7f:e1:8b:fb:25:57:49:9c:
                    75:63:62:a6:f0:a7:90:1a:33:db:f6:df:b6:ef:d5:
                    32:fc:30:7c:9a:d4:e0:ce:8a:4c:83:0e:92:59:e2:
                    bf:5e:88:72:37:8a:a8:f9:0b:49:bc:ad:0b:7a:38:
                    47:a4:c6:5d:ef:ae:a7:b1:be:90:f6:55:00:07:21:
                    4d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:58:66:3C:2C:B2:D4:50:DF:FD:84:E2:A9:E6:20:55:F8:82:F7:BC
            X509v3 Authority Key Identifier:
                keyid:0C:A5:19:90:CE:0C:89:F0:D2:10:60:9E:67:E9:E8:07:56:5C:13:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DKUZkM4MifDSEGCeZ-noB1ZcEx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/f630a8-7179-4005-85ef-9b6db1e72088/1/GlhmPCyy1FDf_YTiqeYgVfiC97w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/f630a8-7179-4005-85ef-9b6db1e72088/1/DKUZkM4MifDSEGCeZ-noB1ZcEx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.231.0/24
                IPv6:
                  2001:678:118c::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:b9:c3:e3:1d:53:a2:81:01:75:56:de:87:f3:fb:72:e9:80:
         f2:b2:90:f7:85:99:88:ac:7d:62:f7:02:55:c8:30:86:c7:e6:
         bb:fa:32:74:4c:92:a5:07:3d:b3:95:68:d8:d1:aa:fb:12:f0:
         ac:81:c2:35:a4:fd:2d:20:80:22:09:34:d6:7c:a9:58:c9:b6:
         e6:97:9a:e6:a8:2e:2c:10:a8:0c:ef:5c:58:12:fb:5b:31:f7:
         fd:a0:e7:14:d2:a4:22:2d:00:ed:1f:95:6b:ac:d2:de:71:06:
         b1:1b:aa:ef:83:4b:c9:9b:83:d5:62:e1:48:8b:fe:48:a7:75:
         9a:67:64:62:a9:40:62:3b:cb:7f:40:1a:f2:fc:d3:ac:bc:47:
         bf:95:44:68:5b:72:92:55:6b:e4:ca:7e:43:8c:58:5b:e9:c2:
         6d:9e:f3:f9:b0:7d:b5:d9:43:ed:16:ac:1c:dd:db:07:37:d9:
         e6:85:aa:7f:46:b2:32:2f:95:e9:4e:20:ed:6a:85:56:35:f8:
         f4:59:4e:58:c6:cc:34:b0:b2:c8:1d:74:19:ed:cf:b6:a0:53:
         08:95:5d:00:25:0c:82:79:ed:ab:4d:ac:b3:a7:b8:49:f9:45:
         90:34:90:8e:4b:a2:02:1d:43:9a:60:42:66:c5:cc:e0:2d:4c:
         55:86:bb:74
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt8EpwkBNryc/tuXFP4fiNsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYTUxOTkwY2UwYzg5ZjBkMjEwNjA5ZTY3ZTllODA3NTY1
YzEzMWYwHhcNMjYwMTAyMDAxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTU4NjYzYzJjYjJkNDUwZGZmZDg0ZTJhOWU2MjA1NWY4ODJmN2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyury6ZnQpWjLr3U8/L4keZwOEzhv
C55sjiW5CR1l23RiZi4HE1YxHhbFwMLL1JbNZSjiYZLnJpQXbo6p2F0pGt61hYub
/1r/mWWOFmdd0z0ZTGaLd5jAOxImm2dNnR/s26z7pj/R8OVTPxHRs0RAViG/xj9V
LVgobxOM8PD1CDDTnq2bmGkCgivo5hxuoZVk1e0JkuqnjoM7W9PKJMbKt30NknPC
Xt8DOimU9jboO5m0v+Sr7KhmWv+2f+GL+yVXSZx1Y2Km8KeQGjPb9t+279Uy/DB8
mtTgzopMgw6SWeK/XohyN4qo+QtJvK0LejhHpMZd766nsb6Q9lUAByFN1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBpYZjwsstRQ3/2E4qnmIFX4gve8MB8GA1UdIwQY
MBaAFAylGZDODInw0hBgnmfp6AdWXBMfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREtVWmtNNE1pZkRTRUdDZVotbm9CMVpjRXg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9mNjMwYTgtNzE3OS00MDA1LTg1ZWYt
OWI2ZGIxZTcyMDg4LzEvR2xobVBDeXkxRkRmX1lUaXFlWWdWZmlDOTd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9mNjMwYTgtNzE3OS00MDA1LTg1ZWYtOWI2ZGIxZTcyMDg4
LzEvREtVWmtNNE1pZkRTRUdDZVotbm9CMVpjRXg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw4DnMA8E
AgACMAkDBwAgAQZ4EYwwDQYJKoZIhvcNAQELBQADggEBAHO5w+MdU6KBAXVW3ofz
+3LpgPKykPeFmYisfWL3AlXIMIbH5rv6MnRMkqUHPbOVaNjRqvsS8KyBwjWk/S0g
gCIJNNZ8qVjJtuaXmuaoLiwQqAzvXFgS+1sx9/2g5xTSpCItAO0flWus0t5xBrEb
qu+DS8mbg9Vi4UiL/kindZpnZGKpQGI7y39AGvL806y8R7+VRGhbcpJVa+TKfkOM
WFvpwm2e8/mwfbXZQ+0WrBzd2wc32eaFqn9GsjIvlelOIO1qhVY1+PRZTljGzDSw
ssgddBntz7agUwiVXQAlDIJ57atNrLOnuEn5RZA0kI5LogIdQ5pgQmbFzOAtTFWG
u3Q=
-----END CERTIFICATE-----