Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/Gyy1MCCByROZBRXIY7QoJ1Lfx2Y.roa
File:                     Gyy1MCCByROZBRXIY7QoJ1Lfx2Y.roa (raw, json)
Hash identifier:          AjP6dUUnXVUHe2mbkVU2A0GKTeThVmR/SN82MGw/Wog=
Subject key identifier:   1B:2C:B5:30:20:81:C9:13:99:05:15:C8:63:B4:28:27:52:DF:C7:66
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       019C418137C1CC682832B3EA25E9E9C4095D
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/Gyy1MCCByROZBRXIY7QoJ1Lfx2Y.roa
Signing time:             Mon 09 Feb 2026 08:25:13 +0000
ROA not before:           Mon 09 Feb 2026 08:25:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46475
IP address blocks:        86.110.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:41:81:37:c1:cc:68:28:32:b3:ea:25:e9:e9:c4:09:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Feb  9 08:25:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1b2cb5302081c913990515c863b4282752dfc766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b9:8e:8e:e9:dd:1a:e8:28:04:8e:ac:be:8d:
                    cb:1d:32:11:d5:ec:43:c9:85:53:c2:3a:e0:6a:61:
                    0b:72:8c:e8:3a:c9:32:f6:4d:aa:ab:b2:97:b9:60:
                    ac:60:b1:62:4f:67:79:14:8a:d8:72:86:f7:6c:c5:
                    59:3f:dc:b5:91:13:9f:6b:ef:47:26:de:f2:2b:25:
                    3e:31:af:1f:cd:8b:d3:e4:0d:d2:72:42:66:07:9b:
                    84:14:68:29:03:84:d2:cd:81:9a:9f:ad:ab:46:24:
                    76:58:dc:d3:bf:d3:72:df:13:e6:fc:96:44:8c:9a:
                    b4:74:5b:51:44:3a:1f:2a:89:df:a7:70:bf:c6:ca:
                    eb:08:c4:13:8e:ac:48:bf:85:70:94:d1:60:cc:6e:
                    6f:11:ef:ab:c3:43:ac:79:b5:77:56:ef:ae:65:01:
                    20:4c:58:26:b6:3f:4f:93:73:c3:e5:d7:0b:27:b1:
                    da:6c:dd:d2:a0:5f:44:66:bc:79:3c:94:63:98:8a:
                    42:c8:69:af:8f:9d:95:28:43:47:74:03:a9:ad:39:
                    12:cd:ac:29:ca:9e:88:0e:54:55:e8:ef:c3:9d:b3:
                    d5:a6:92:cb:6b:c0:77:dc:33:c7:4b:df:61:92:69:
                    a3:e4:c7:d4:69:0a:03:dd:6e:8a:2d:27:d0:06:7e:
                    ae:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:2C:B5:30:20:81:C9:13:99:05:15:C8:63:B4:28:27:52:DF:C7:66
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/Gyy1MCCByROZBRXIY7QoJ1Lfx2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:0e:d5:68:74:b0:a4:5d:e1:f8:56:5b:92:b3:0b:43:3f:9f:
         9b:e2:fa:67:8f:33:81:5b:2b:65:be:8c:32:ea:10:42:73:75:
         f8:44:8e:89:ab:af:b4:2d:16:08:93:2a:d8:f7:c0:bf:b1:0b:
         26:51:ee:d5:13:c3:09:8a:52:7a:30:48:53:a1:21:f8:07:db:
         b0:69:ec:8c:f2:0c:d8:6b:5c:e0:9f:ea:ab:db:99:db:66:6d:
         99:9e:62:af:00:24:03:21:51:f0:6f:59:59:87:d7:89:ae:51:
         6e:1e:79:01:2b:36:13:5a:f5:d5:7f:16:c1:4c:e8:19:13:64:
         4a:51:36:6f:e4:d4:41:83:d4:bf:f1:b0:91:0e:f3:95:79:64:
         9c:96:a2:ce:8c:77:46:23:65:1b:00:8c:9f:de:5b:25:c5:ab:
         d1:24:97:bd:cb:1a:64:86:1c:a8:9d:90:c9:39:51:69:d8:69:
         c4:b2:77:3d:67:13:c0:55:4d:8f:d8:60:84:cf:ca:dd:13:f0:
         6a:fa:4a:7f:87:3d:17:ce:fb:6a:a7:25:68:70:19:02:64:01:
         f1:a8:2b:02:2e:05:9e:e7:ed:58:21:17:6d:dd:63:2b:ec:9f:
         ec:62:2f:7e:53:da:58:c1:d5:87:38:be:7d:1c:eb:9f:ef:a5:
         ef:da:4e:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxBgTfBzGgoMrPqJenpxAldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjYwMjA5MDgyNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjJjYjUzMDIwODFjOTEzOTkwNTE1Yzg2M2I0MjgyNzUyZGZjNzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LmOjundGugoBI6svo3LHTIR1exD
yYVTwjrgamELcozoOsky9k2qq7KXuWCsYLFiT2d5FIrYcob3bMVZP9y1kROfa+9H
Jt7yKyU+Ma8fzYvT5A3SckJmB5uEFGgpA4TSzYGan62rRiR2WNzTv9Ny3xPm/JZE
jJq0dFtRRDofKonfp3C/xsrrCMQTjqxIv4VwlNFgzG5vEe+rw0OsebV3Vu+uZQEg
TFgmtj9Pk3PD5dcLJ7HabN3SoF9EZrx5PJRjmIpCyGmvj52VKENHdAOprTkSzawp
yp6IDlRV6O/DnbPVppLLa8B33DPHS99hkmmj5MfUaQoD3W6KLSfQBn6u/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsstTAggckTmQUVyGO0KCdS38dmMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvR3l5MU1DQ0J5Uk9aQlJYSVk3UW9KMUxmeDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4zMA0G
CSqGSIb3DQEBCwUAA4IBAQBPDtVodLCkXeH4VluSswtDP5+b4vpnjzOBWytlvowy
6hBCc3X4RI6Jq6+0LRYIkyrY98C/sQsmUe7VE8MJilJ6MEhToSH4B9uwaeyM8gzY
a1zgn+qr25nbZm2ZnmKvACQDIVHwb1lZh9eJrlFuHnkBKzYTWvXVfxbBTOgZE2RK
UTZv5NRBg9S/8bCRDvOVeWSclqLOjHdGI2UbAIyf3lslxavRJJe9yxpkhhyonZDJ
OVFp2GnEsnc9ZxPAVU2P2GCEz8rdE/Bq+kp/hz0XzvtqpyVocBkCZAHxqCsCLgWe
5+1YIRdt3WMr7J/sYi9+U9pYwdWHOL59HOuf76Xv2k7O
-----END CERTIFICATE-----