Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/gcwfnwMXccijXueCfus_UIdnYd0.roa
File:                     gcwfnwMXccijXueCfus_UIdnYd0.roa (raw, json)
Hash identifier:          i2xiD21/UIa94XBj8Nd/Y8XxmNrLpZmqGwxGwLORsHI=
Subject key identifier:   81:CC:1F:9F:03:17:71:C8:A3:5E:E7:82:7E:EB:3F:50:87:67:61:DD
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019BFA49AB9382DAF4B4742BADA26C91C2DA
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/gcwfnwMXccijXueCfus_UIdnYd0.roa
Signing time:             Mon 26 Jan 2026 12:31:30 +0000
ROA not before:           Mon 26 Jan 2026 12:31:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206119
IP address blocks:        213.238.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:fa:49:ab:93:82:da:f4:b4:74:2b:ad:a2:6c:91:c2:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan 26 12:31:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81cc1f9f031771c8a35ee7827eeb3f50876761dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:32:a6:7a:5c:09:8e:23:9a:a0:0f:b4:d8:f7:
                    69:8c:06:14:40:c0:0d:b6:24:84:6e:6a:6f:0b:c0:
                    19:10:cc:49:be:75:b0:9c:0c:ad:c1:79:34:06:21:
                    68:2f:35:3b:31:be:c7:38:49:30:56:b6:79:ee:10:
                    fa:b1:4b:87:54:d8:f4:19:28:b6:34:d3:88:b5:0a:
                    8f:84:f4:26:d2:fd:05:dc:91:a1:b8:17:78:7e:d4:
                    06:3c:b1:8b:c5:f3:61:91:01:5b:70:e8:70:a4:42:
                    d3:e2:1c:d0:b6:c4:d9:3f:7c:34:8b:68:b3:79:06:
                    76:f2:47:ca:c7:c7:41:31:61:b8:0d:73:d9:80:37:
                    b5:08:8d:cc:42:f1:96:60:8a:b2:8b:7c:29:df:cd:
                    eb:2c:bb:08:fb:27:d6:d5:97:b0:3a:bc:77:11:20:
                    09:89:fa:90:32:72:f7:3b:a2:c7:8c:c6:96:9f:75:
                    31:e0:03:d5:77:20:34:2e:fd:30:dc:3e:0c:4e:20:
                    6f:6d:d4:15:c7:9a:ff:da:49:6c:3d:f8:9f:2b:35:
                    df:8f:2b:78:18:a8:35:4d:c0:d9:75:6e:d5:6d:59:
                    74:42:0a:b6:27:1e:15:d4:c9:79:ad:af:44:0f:2b:
                    24:4c:de:6e:9a:f6:0b:80:81:2c:db:49:69:58:d2:
                    4b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:CC:1F:9F:03:17:71:C8:A3:5E:E7:82:7E:EB:3F:50:87:67:61:DD
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/gcwfnwMXccijXueCfus_UIdnYd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:55:9a:df:3d:bd:a7:95:85:ab:86:0b:36:7f:c1:bf:0b:7f:
         78:23:0a:2b:c5:2c:c9:a8:f9:4e:a7:29:32:62:99:4f:67:16:
         99:ef:c4:f2:4e:bc:a0:5f:c6:26:34:45:22:4e:ff:39:8a:e5:
         84:70:d1:3a:3e:47:6e:68:b6:0d:ce:81:17:e7:9f:17:6d:19:
         d1:16:8f:71:fd:e5:46:46:47:3e:55:c7:c7:3a:f9:77:21:19:
         cc:13:22:e4:b1:fd:54:a2:b3:fb:c2:fa:dc:ee:55:82:9a:e4:
         c1:6d:72:f2:4d:20:6a:d9:80:18:37:7b:e6:dc:4e:c0:47:42:
         a6:5f:27:52:53:de:26:b9:5b:66:c5:e8:46:cd:07:f0:89:8e:
         14:96:c8:95:bb:b3:40:50:60:67:46:fb:fc:82:28:cc:02:38:
         70:44:f1:98:cd:fc:94:0b:8d:39:95:da:33:8d:1a:da:64:4e:
         a2:79:7e:d7:a5:57:5b:8a:dc:bc:3d:d1:c5:cd:c1:d4:4d:1b:
         1a:60:63:35:07:b3:51:6c:e7:bf:10:83:ae:b4:7b:1e:50:52:
         a5:a6:7b:64:09:63:eb:5d:2c:3e:e4:96:42:36:bf:2f:94:4c:
         ec:cf:b3:f7:1d:e8:2a:38:c1:25:36:45:81:78:95:7d:22:ae:
         01:53:d4:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv6SauTgtr0tHQrraJskcLaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjYwMTI2MTIzMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWNjMWY5ZjAzMTc3MWM4YTM1ZWU3ODI3ZWViM2Y1MDg3Njc2MWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTKmelwJjiOaoA+02PdpjAYUQMAN
tiSEbmpvC8AZEMxJvnWwnAytwXk0BiFoLzU7Mb7HOEkwVrZ57hD6sUuHVNj0GSi2
NNOItQqPhPQm0v0F3JGhuBd4ftQGPLGLxfNhkQFbcOhwpELT4hzQtsTZP3w0i2iz
eQZ28kfKx8dBMWG4DXPZgDe1CI3MQvGWYIqyi3wp383rLLsI+yfW1ZewOrx3ESAJ
ifqQMnL3O6LHjMaWn3Ux4APVdyA0Lv0w3D4MTiBvbdQVx5r/2klsPfifKzXfjyt4
GKg1TcDZdW7VbVl0Qgq2Jx4V1Ml5ra9EDyskTN5umvYLgIEs20lpWNJL4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHMH58DF3HIo17ngn7rP1CHZ2HdMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvZ2N3Zm53TVhjY2lqWHVlQ2Z1c19VSWRuWWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6xMA0G
CSqGSIb3DQEBCwUAA4IBAQAIVZrfPb2nlYWrhgs2f8G/C394IworxSzJqPlOpyky
YplPZxaZ78TyTrygX8YmNEUiTv85iuWEcNE6PkduaLYNzoEX558XbRnRFo9x/eVG
Rkc+VcfHOvl3IRnMEyLksf1UorP7wvrc7lWCmuTBbXLyTSBq2YAYN3vm3E7AR0Km
XydSU94muVtmxehGzQfwiY4UlsiVu7NAUGBnRvv8gijMAjhwRPGYzfyUC405ldoz
jRraZE6ieX7XpVdbity8PdHFzcHUTRsaYGM1B7NRbOe/EIOutHseUFKlpntkCWPr
XSw+5JZCNr8vlEzsz7P3HegqOMElNkWBeJV9Iq4BU9RB
-----END CERTIFICATE-----