Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/gsac_hujsl4V25neoCYlP-goXZA.roa
File:                     gsac_hujsl4V25neoCYlP-goXZA.roa (raw, json)
Hash identifier:          f0Llg36q6UkTqWjndQ3byQjqzCK5X7ul+OGUwbOgVPo=
Subject key identifier:   82:C6:9C:FE:1B:A3:B2:5E:15:DB:99:DE:A0:26:25:3F:E8:28:5D:90
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019D79AAF59B3FD81FB67AFD8EC3B45B5919
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/gsac_hujsl4V25neoCYlP-goXZA.roa
Signing time:             Fri 10 Apr 2026 23:12:20 +0000
ROA not before:           Fri 10 Apr 2026 23:12:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153671
IP address blocks:        83.147.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:79:aa:f5:9b:3f:d8:1f:b6:7a:fd:8e:c3:b4:5b:59:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr 10 23:12:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82c69cfe1ba3b25e15db99dea026253fe8285d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c9:ab:49:58:d7:e0:f2:50:82:3f:69:9c:64:
                    6c:82:56:27:cd:26:1d:cd:2d:7a:60:c8:60:72:3d:
                    93:68:77:fe:3b:83:79:09:a1:0a:b4:2e:39:55:27:
                    ba:89:6f:31:0e:36:f3:aa:3e:ee:eb:4f:5c:67:e2:
                    a9:4c:65:d0:b0:57:63:56:40:f4:4d:f1:59:5b:78:
                    a2:27:6d:2b:ab:da:71:d8:b6:56:47:0a:2d:0f:b0:
                    5d:51:ed:2f:3a:52:1e:1d:7d:fd:56:fb:4b:9c:d7:
                    85:de:34:85:e3:9a:8d:d5:b5:e4:20:10:44:54:e3:
                    28:c5:e0:22:15:ec:86:bd:69:5a:1d:89:96:b9:63:
                    b4:d1:3e:15:2e:86:3c:d5:ca:99:1f:ac:49:d1:d0:
                    53:d3:71:29:f8:87:65:d2:26:d6:6a:94:30:ae:cd:
                    a5:2d:15:ed:fa:6c:e6:29:94:e0:b7:9a:97:4c:16:
                    92:3f:49:5f:be:5e:68:3c:8d:b7:e1:7c:f5:90:eb:
                    9b:51:28:93:fb:52:ee:95:85:b8:c4:31:ae:73:ca:
                    71:e7:0f:db:66:5c:ae:03:8e:93:59:6f:e9:d0:f4:
                    e7:48:92:ab:4d:40:62:13:40:27:40:ee:4f:e1:8d:
                    2b:23:ad:5e:45:1a:39:f1:64:57:10:bd:60:d2:66:
                    44:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C6:9C:FE:1B:A3:B2:5E:15:DB:99:DE:A0:26:25:3F:E8:28:5D:90
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/gsac_hujsl4V25neoCYlP-goXZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:75:8a:7d:0a:65:9a:1f:6b:9a:41:9a:14:f7:20:97:e1:76:
         3b:96:11:f9:de:f1:7c:f1:be:1a:7c:c8:81:ee:16:72:f2:73:
         cb:f6:8f:ea:e1:44:17:b7:3d:02:fc:fa:ca:7e:39:d2:1f:c0:
         66:88:e6:5d:8e:14:8e:ee:52:ad:f3:b7:d7:dd:4f:00:58:9b:
         b0:a1:c8:ec:12:a9:a2:4e:3c:7a:0f:51:97:48:d5:07:21:5d:
         7b:7d:0a:79:bf:bf:08:dd:50:23:bd:4d:c8:08:0c:3b:fe:39:
         37:81:c3:b3:5d:fb:d1:65:3c:d9:74:d5:49:5b:9d:59:ba:dc:
         3f:78:e3:71:31:45:be:51:9a:dd:da:e3:18:e6:28:01:a2:5d:
         62:88:54:88:76:25:30:fa:e7:62:40:00:62:fc:35:05:59:84:
         df:7d:77:fd:e4:55:42:da:55:7e:32:c2:05:38:78:c8:c5:c1:
         40:c9:b1:fe:33:c4:38:6f:47:14:e4:16:07:cc:c9:2a:ab:7c:
         e4:c1:b1:0e:9b:ee:34:1a:0a:dc:37:d3:b1:2e:1b:1d:ff:b6:
         9e:a2:9c:65:06:03:eb:ac:28:a0:b1:0f:c8:91:71:7b:f3:8f:
         4c:a7:32:a5:83:e1:4d:88:8c:8b:4e:41:eb:b6:a7:c3:b2:9e:
         5d:eb:4d:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ15qvWbP9gftnr9jsO0W1kZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDEwMjMxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmM2OWNmZTFiYTNiMjVlMTVkYjk5ZGVhMDI2MjUzZmU4Mjg1ZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsmrSVjX4PJQgj9pnGRsglYnzSYd
zS16YMhgcj2TaHf+O4N5CaEKtC45VSe6iW8xDjbzqj7u609cZ+KpTGXQsFdjVkD0
TfFZW3iiJ20rq9px2LZWRwotD7BdUe0vOlIeHX39VvtLnNeF3jSF45qN1bXkIBBE
VOMoxeAiFeyGvWlaHYmWuWO00T4VLoY81cqZH6xJ0dBT03Ep+Idl0ibWapQwrs2l
LRXt+mzmKZTgt5qXTBaSP0lfvl5oPI234Xz1kOubUSiT+1LulYW4xDGuc8px5w/b
ZlyuA46TWW/p0PTnSJKrTUBiE0AnQO5P4Y0rI61eRRo58WRXEL1g0mZEHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILGnP4bo7JeFduZ3qAmJT/oKF2QMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvZ3NhY19odWpzbDRWMjVuZW9DWWxQLWdvWFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5PCMA0G
CSqGSIb3DQEBCwUAA4IBAQADdYp9CmWaH2uaQZoU9yCX4XY7lhH53vF88b4afMiB
7hZy8nPL9o/q4UQXtz0C/PrKfjnSH8BmiOZdjhSO7lKt87fX3U8AWJuwocjsEqmi
Tjx6D1GXSNUHIV17fQp5v78I3VAjvU3ICAw7/jk3gcOzXfvRZTzZdNVJW51Zutw/
eONxMUW+UZrd2uMY5igBol1iiFSIdiUw+udiQABi/DUFWYTffXf95FVC2lV+MsIF
OHjIxcFAybH+M8Q4b0cU5BYHzMkqq3zkwbEOm+40GgrcN9OxLhsd/7aeopxlBgPr
rCigsQ/IkXF7849MpzKlg+FNiIyLTkHrtqfDsp5d601s
-----END CERTIFICATE-----