Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/9b7340-7bbd-4c87-a38d-6038cac0693b/1/GCbuRd6csJQHzpB8lvnWZve0UIs.roa
File:                     GCbuRd6csJQHzpB8lvnWZve0UIs.roa (raw, json)
Hash identifier:          auu2xsjWmwNZtuETF+y7lmmBrOPk6zT22UOZl16juME=
Subject key identifier:   18:26:EE:45:DE:9C:B0:94:07:CE:90:7C:96:F9:D6:66:F7:B4:50:8B
Certificate issuer:       /CN=a9aa7caaf9a7ca379d696d1add57c0edd0553ff9
Certificate serial:       019D522A2071E5928C6BD2E22DC36C0E1AEF
Authority key identifier: A9:AA:7C:AA:F9:A7:CA:37:9D:69:6D:1A:DD:57:C0:ED:D0:55:3F:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qap8qvmnyjedaW0a3VfA7dBVP_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/9b7340-7bbd-4c87-a38d-6038cac0693b/1/GCbuRd6csJQHzpB8lvnWZve0UIs.roa
Signing time:             Fri 03 Apr 2026 07:06:25 +0000
ROA not before:           Fri 03 Apr 2026 07:06:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212702
IP address blocks:        213.163.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/9b7340-7bbd-4c87-a38d-6038cac0693b/1/qap8qvmnyjedaW0a3VfA7dBVP_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/9b7340-7bbd-4c87-a38d-6038cac0693b/1/qap8qvmnyjedaW0a3VfA7dBVP_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qap8qvmnyjedaW0a3VfA7dBVP_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:2a:20:71:e5:92:8c:6b:d2:e2:2d:c3:6c:0e:1a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9aa7caaf9a7ca379d696d1add57c0edd0553ff9
        Validity
            Not Before: Apr  3 07:06:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1826ee45de9cb09407ce907c96f9d666f7b4508b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:df:7d:46:7a:f8:7e:e6:58:48:ed:be:e5:66:
                    1a:f9:a3:ef:30:9f:be:a7:e3:c0:9f:e1:81:cc:6d:
                    ab:9b:10:93:ff:9e:4e:44:79:b5:4f:d5:5d:90:b3:
                    fb:c2:b1:5c:0a:a2:ae:18:92:cb:cf:13:7c:2c:cc:
                    0d:9f:48:5a:bb:63:c3:6b:4e:a8:92:62:10:67:4a:
                    d0:89:63:f4:07:bf:46:2e:27:87:1d:49:50:4d:2f:
                    0e:e4:a3:03:3b:cf:2a:98:d5:08:f8:3d:66:80:bb:
                    14:9f:73:d0:bf:51:7c:54:c5:64:11:c1:c7:46:a1:
                    99:85:fb:f3:27:8b:7c:56:39:11:8c:10:d5:28:34:
                    09:fe:91:d3:c7:58:2b:bc:99:74:dc:81:b7:17:c5:
                    4b:17:6c:06:6a:01:8a:39:ce:6b:78:2a:90:3f:1e:
                    fd:1f:ce:6e:43:d9:0b:cc:3a:b2:27:bb:03:f5:ff:
                    98:cc:af:61:a4:f1:9c:87:1a:81:68:31:3e:3c:31:
                    85:38:73:2c:16:d5:1d:93:ac:b8:dc:87:28:a9:8c:
                    c5:ee:80:8f:ef:91:e6:1d:07:bd:56:fc:8a:c7:4b:
                    0f:8a:74:e3:84:d0:45:e0:6b:d0:b9:93:7e:61:29:
                    d8:d1:95:6c:c9:76:c6:0c:e3:04:81:bd:73:38:2b:
                    e8:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:26:EE:45:DE:9C:B0:94:07:CE:90:7C:96:F9:D6:66:F7:B4:50:8B
            X509v3 Authority Key Identifier:
                keyid:A9:AA:7C:AA:F9:A7:CA:37:9D:69:6D:1A:DD:57:C0:ED:D0:55:3F:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qap8qvmnyjedaW0a3VfA7dBVP_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/9b7340-7bbd-4c87-a38d-6038cac0693b/1/GCbuRd6csJQHzpB8lvnWZve0UIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/9b7340-7bbd-4c87-a38d-6038cac0693b/1/qap8qvmnyjedaW0a3VfA7dBVP_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.163.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:b0:7d:7e:cd:f4:fc:2f:fc:37:ae:5c:35:c3:bb:ad:7b:3d:
         99:2b:f9:fa:25:7b:16:a8:2f:f0:70:ae:b8:3b:c3:77:ec:f4:
         74:eb:22:39:69:72:1d:0c:31:70:9c:85:05:26:f8:9e:49:27:
         54:71:d4:a2:5c:b0:cc:d4:6c:2a:da:01:9e:f4:22:17:f0:23:
         ad:9d:4b:e6:2f:0a:4e:b8:97:76:35:1e:17:b3:ef:39:55:6b:
         ae:51:25:fc:72:b4:a8:11:6d:27:9b:c3:03:5a:02:40:d2:82:
         ea:c2:d1:e0:a1:d0:68:4a:88:49:bb:84:ad:6f:08:a7:53:4e:
         f5:b1:34:9f:ee:1b:1a:40:7e:b5:cd:24:1a:9e:ca:72:6e:be:
         07:76:12:fc:9a:2a:76:10:bb:87:27:31:4c:cd:00:1b:c6:af:
         0c:25:32:5c:0c:b8:f6:59:04:68:6f:91:97:e3:c0:80:e8:2a:
         7f:1c:27:50:0a:13:0b:8f:38:7c:40:e1:76:a2:b6:f6:1a:0c:
         50:e4:56:9f:59:21:a2:ae:37:15:43:2f:31:9e:38:b3:f6:23:
         78:8f:be:1d:f4:8d:05:21:82:08:30:b6:66:c6:8f:29:6a:64:
         03:43:48:45:1e:a9:d0:fd:8a:98:fb:dc:50:f5:7f:0f:65:5a:
         db:d4:97:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1SKiBx5ZKMa9LiLcNsDhrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YWE3Y2FhZjlhN2NhMzc5ZDY5NmQxYWRkNTdjMGVkZDA1
NTNmZjkwHhcNMjYwNDAzMDcwNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODI2ZWU0NWRlOWNiMDk0MDdjZTkwN2M5NmY5ZDY2NmY3YjQ1MDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmt99Rnr4fuZYSO2+5WYa+aPvMJ++
p+PAn+GBzG2rmxCT/55ORHm1T9VdkLP7wrFcCqKuGJLLzxN8LMwNn0hau2PDa06o
kmIQZ0rQiWP0B79GLieHHUlQTS8O5KMDO88qmNUI+D1mgLsUn3PQv1F8VMVkEcHH
RqGZhfvzJ4t8VjkRjBDVKDQJ/pHTx1grvJl03IG3F8VLF2wGagGKOc5reCqQPx79
H85uQ9kLzDqyJ7sD9f+YzK9hpPGchxqBaDE+PDGFOHMsFtUdk6y43IcoqYzF7oCP
75HmHQe9VvyKx0sPinTjhNBF4GvQuZN+YSnY0ZVsyXbGDOMEgb1zOCvosQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgm7kXenLCUB86QfJb51mb3tFCLMB8GA1UdIwQY
MBaAFKmqfKr5p8o3nWltGt1XwO3QVT/5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWFwOHF2bW55amVkYVcwYTNWZkE3ZEJWUF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy85YjczNDAtN2JiZC00Yzg3LWEzOGQt
NjAzOGNhYzA2OTNiLzEvR0NidVJkNmNzSlFIenBCOGx2bldadmUwVUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy85YjczNDAtN2JiZC00Yzg3LWEzOGQtNjAzOGNhYzA2OTNi
LzEvcWFwOHF2bW55amVkYVcwYTNWZkE3ZEJWUF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aP5MA0G
CSqGSIb3DQEBCwUAA4IBAQCNsH1+zfT8L/w3rlw1w7utez2ZK/n6JXsWqC/wcK64
O8N37PR06yI5aXIdDDFwnIUFJvieSSdUcdSiXLDM1Gwq2gGe9CIX8COtnUvmLwpO
uJd2NR4Xs+85VWuuUSX8crSoEW0nm8MDWgJA0oLqwtHgodBoSohJu4StbwinU071
sTSf7hsaQH61zSQanspybr4HdhL8mip2ELuHJzFMzQAbxq8MJTJcDLj2WQRob5GX
48CA6Cp/HCdQChMLjzh8QOF2orb2GgxQ5FafWSGirjcVQy8xnjiz9iN4j74d9I0F
IYIIMLZmxo8pamQDQ0hFHqnQ/YqY+9xQ9X8PZVrb1JdC
-----END CERTIFICATE-----