Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/_gsGL-B9RVPmZ8KV3L1onLgBXUM.roa
File:                     _gsGL-B9RVPmZ8KV3L1onLgBXUM.roa (raw, json)
Hash identifier:          DuQOokoDtx/Sr1I5G25Dbz5S4cMPDJl6Eekbtm5+ywA=
Subject key identifier:   FE:0B:06:2F:E0:7D:45:53:E6:67:C2:95:DC:BD:68:9C:B8:01:5D:43
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019D8A85D76C05580473C9C243074FFC4EE8
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/_gsGL-B9RVPmZ8KV3L1onLgBXUM.roa
Signing time:             Tue 14 Apr 2026 05:45:20 +0000
ROA not before:           Tue 14 Apr 2026 05:45:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        5.172.36.0/24 maxlen: 24
                          89.23.91.0/24 maxlen: 24
                          185.157.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8a:85:d7:6c:05:58:04:73:c9:c2:43:07:4f:fc:4e:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Apr 14 05:45:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe0b062fe07d4553e667c295dcbd689cb8015d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ec:0a:d9:d8:3e:64:95:0a:8b:87:d3:87:91:
                    b9:28:0d:ae:c1:ef:bb:8e:f3:a7:a8:b2:de:83:5a:
                    48:8b:59:d6:b4:ed:1e:5f:48:b9:d8:cf:f2:a9:16:
                    73:44:5e:90:e9:a6:d5:92:20:69:cd:8c:db:93:eb:
                    8e:08:14:52:4a:35:b9:3f:a1:4a:b8:7c:42:85:87:
                    7b:a3:7b:b5:c7:fe:62:4b:95:bf:a8:82:1f:8a:b9:
                    06:c8:8e:7e:c1:97:aa:8c:49:1a:cd:b6:a1:0a:e0:
                    5b:5f:57:2c:39:53:71:ad:43:5f:7b:40:92:5d:d4:
                    0a:86:32:eb:11:5f:1a:24:8f:d0:fa:b6:9b:e5:fe:
                    25:88:7b:6a:96:1a:9f:b9:7d:72:67:34:7a:cf:9c:
                    9d:69:77:9c:ea:9c:65:e2:5f:7a:7e:20:26:78:32:
                    4e:8a:ff:54:7a:d9:f9:0f:1c:5d:c1:f0:39:4b:37:
                    74:40:f8:ab:63:b2:3d:30:0c:77:46:c1:53:47:22:
                    71:5e:4b:8c:6a:47:29:b6:f5:ad:39:22:cc:53:05:
                    5e:a1:70:e5:a3:cb:bb:b8:82:ac:70:9c:97:91:e0:
                    15:34:90:f8:90:ca:1b:de:0e:b8:b8:01:76:31:75:
                    42:49:46:b1:23:cc:af:5d:5b:78:2c:48:80:72:7a:
                    b1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:0B:06:2F:E0:7D:45:53:E6:67:C2:95:DC:BD:68:9C:B8:01:5D:43
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/_gsGL-B9RVPmZ8KV3L1onLgBXUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.36.0/24
                  89.23.91.0/24
                  185.157.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:da:14:c4:1a:82:3e:18:f0:57:35:08:d3:9b:ce:d9:5a:48:
         ee:12:25:04:53:c0:0e:90:a7:9c:8d:80:0f:33:c4:3f:da:f8:
         aa:b9:ec:07:e2:68:e4:b4:d8:a2:69:7d:58:2a:bd:9b:a4:fe:
         8f:a3:da:c5:a9:b7:e8:d7:b2:28:39:74:81:40:17:15:8a:58:
         1e:1a:ec:b2:42:28:3a:1f:3a:dc:eb:a0:a3:d5:49:ad:41:7a:
         33:c1:f9:32:14:97:c5:27:23:9c:d9:f7:5b:71:d3:01:f1:df:
         b5:bc:75:33:4f:9c:37:f0:fd:04:9d:81:75:8f:07:8a:77:6d:
         9f:2a:4c:b5:9e:d2:4e:fe:f6:aa:6c:33:14:81:29:9e:ca:8d:
         e0:b1:4f:d4:0f:2b:7e:94:3c:09:27:15:8c:ff:57:40:f3:83:
         21:b2:1a:20:34:63:a0:24:e7:e0:aa:a0:f6:14:ca:d0:cd:b6:
         69:ae:db:7d:37:c1:fc:ea:62:16:8e:6f:a3:08:4d:57:3c:83:
         fb:19:12:19:3e:5e:2f:cf:15:66:9f:84:e5:f3:81:10:43:4a:
         1b:62:b5:d0:5c:4a:83:bd:dd:7d:d5:da:44:45:81:fe:85:20:
         30:ce:31:ce:25:e1:bc:7b:a5:03:29:67:30:0a:d3:f8:e3:12:
         21:8e:da:2b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2KhddsBVgEc8nCQwdP/E7oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNDE0MDU0NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTBiMDYyZmUwN2Q0NTUzZTY2N2MyOTVkY2JkNjg5Y2I4MDE1ZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwewK2dg+ZJUKi4fTh5G5KA2uwe+7
jvOnqLLeg1pIi1nWtO0eX0i52M/yqRZzRF6Q6abVkiBpzYzbk+uOCBRSSjW5P6FK
uHxChYd7o3u1x/5iS5W/qIIfirkGyI5+wZeqjEkazbahCuBbX1csOVNxrUNfe0CS
XdQKhjLrEV8aJI/Q+rab5f4liHtqlhqfuX1yZzR6z5ydaXec6pxl4l96fiAmeDJO
iv9Uetn5DxxdwfA5Szd0QPirY7I9MAx3RsFTRyJxXkuMakcptvWtOSLMUwVeoXDl
o8u7uIKscJyXkeAVNJD4kMob3g64uAF2MXVCSUaxI8yvXVt4LEiAcnqxUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP4LBi/gfUVT5mfCldy9aJy4AV1DMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvX2dzR0wtQjlSVlBtWjhLVjNMMW9uTGdCWFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABawkAwQA
WRdbAwQAuZ0uMA0GCSqGSIb3DQEBCwUAA4IBAQA72hTEGoI+GPBXNQjTm87ZWkju
EiUEU8AOkKecjYAPM8Q/2viquewH4mjktNiiaX1YKr2bpP6Po9rFqbfo17IoOXSB
QBcVilgeGuyyQig6Hzrc66Cj1UmtQXozwfkyFJfFJyOc2fdbcdMB8d+1vHUzT5w3
8P0EnYF1jweKd22fKky1ntJO/vaqbDMUgSmeyo3gsU/UDyt+lDwJJxWM/1dA84Mh
shogNGOgJOfgqqD2FMrQzbZprtt9N8H86mIWjm+jCE1XPIP7GRIZPl4vzxVmn4Tl
84EQQ0obYrXQXEqDvd191dpERYH+hSAwzjHOJeG8e6UDKWcwCtP44xIhjtor
-----END CERTIFICATE-----