Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/Gvch_bJr2nV-poPwmDP6sk0LiFw.roa
File:                     Gvch_bJr2nV-poPwmDP6sk0LiFw.roa (raw, json)
Hash identifier:          o6xdLncvoFypfbFM0UMDCXDh4h79X+C1Yj3/KUcf/TQ=
Subject key identifier:   1A:F7:21:FD:B2:6B:DA:75:7E:A6:83:F0:98:33:FA:B2:4D:0B:88:5C
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019EB5DC434A25E08BFE2F1460F48B7B0780
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/Gvch_bJr2nV-poPwmDP6sk0LiFw.roa
Signing time:             Thu 11 Jun 2026 08:46:11 +0000
ROA not before:           Thu 11 Jun 2026 08:46:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200266
IP address blocks:        78.135.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:dc:43:4a:25:e0:8b:fe:2f:14:60:f4:8b:7b:07:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jun 11 08:46:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1af721fdb26bda757ea683f09833fab24d0b885c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:12:e9:a3:2e:be:36:eb:6e:bd:04:09:89:4e:
                    70:c0:20:6d:af:90:96:71:96:21:5a:e8:8f:5b:68:
                    79:0c:17:3b:57:b5:ce:34:9b:45:b8:a9:09:52:fc:
                    06:46:24:70:15:d4:a9:c3:74:75:2a:38:31:32:f8:
                    87:de:b7:2d:27:a7:b8:6a:01:5f:e2:45:f2:56:ab:
                    d7:f8:17:b7:eb:54:2c:18:58:5f:03:01:a3:96:a6:
                    af:17:de:1f:34:d1:82:6a:db:a9:e0:ee:f9:0b:5f:
                    ea:58:5a:05:11:8f:ff:f4:1c:56:d3:05:5a:19:c0:
                    03:8d:8a:8a:f9:87:b0:d4:14:7e:87:ec:2d:fe:a4:
                    56:81:f3:ca:75:b9:9b:2c:05:10:a8:50:60:86:ed:
                    1e:c3:52:ed:ae:42:f2:0a:f4:0a:35:51:31:01:64:
                    74:f3:65:27:0a:dd:5c:7e:7b:cd:2c:cf:ae:32:35:
                    72:c7:55:f8:55:43:1b:fc:db:ee:a2:0c:9f:df:ea:
                    ae:e2:18:95:23:3d:29:c9:b1:43:83:aa:00:07:70:
                    17:0d:45:89:28:07:06:b4:ae:d1:9a:73:51:2f:d7:
                    d7:51:65:49:a4:0a:dd:d6:99:5f:0e:a3:9a:63:b6:
                    44:a2:8e:c0:3b:95:62:3b:f9:62:62:ed:70:ed:96:
                    be:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:F7:21:FD:B2:6B:DA:75:7E:A6:83:F0:98:33:FA:B2:4D:0B:88:5C
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/Gvch_bJr2nV-poPwmDP6sk0LiFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:3a:de:e4:08:a4:3f:87:83:2a:f8:07:e5:22:63:b6:07:7f:
         f3:f7:68:c8:06:bd:26:97:1f:4d:58:b5:3f:64:4c:c6:0c:24:
         33:b0:1a:f1:f3:0c:c4:bd:41:fb:af:28:5e:c6:15:63:19:b3:
         e5:bb:29:a7:2c:35:84:2e:91:60:c6:d8:48:3d:84:c7:2b:8c:
         4f:80:8f:a4:63:29:bf:60:01:bb:0e:6f:d3:f7:35:65:fc:cf:
         63:f8:e0:c0:85:19:72:a7:43:27:df:ee:f4:9d:c1:48:78:de:
         85:d4:27:51:79:fb:38:c9:9c:30:ae:dc:58:59:e9:d0:65:54:
         52:c8:c3:c2:20:9e:e8:dc:fb:78:e9:cd:48:53:d7:78:64:d4:
         5e:7f:bf:7b:08:6a:32:8a:93:8e:c7:0f:46:9a:aa:0c:4a:e3:
         da:78:fe:00:92:07:1e:9c:82:d9:88:75:eb:fd:44:fd:11:47:
         1f:20:59:6c:32:89:6a:a5:57:f4:a6:d2:50:7b:6c:d7:17:f2:
         1b:6d:02:67:ac:fe:68:ed:cf:6f:be:8f:39:41:6e:bc:e8:ee:
         3b:67:d9:e7:f5:9d:1d:e6:84:04:05:cb:73:1a:46:21:b0:7b:
         84:d8:68:b7:29:e4:68:93:ab:6b:39:f0:6b:32:ca:4e:d0:a3:
         cc:93:21:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ613ENKJeCL/i8UYPSLeweAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwNjExMDg0NjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWY3MjFmZGIyNmJkYTc1N2VhNjgzZjA5ODMzZmFiMjRkMGI4ODVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhLpoy6+NutuvQQJiU5wwCBtr5CW
cZYhWuiPW2h5DBc7V7XONJtFuKkJUvwGRiRwFdSpw3R1KjgxMviH3rctJ6e4agFf
4kXyVqvX+Be361QsGFhfAwGjlqavF94fNNGCatup4O75C1/qWFoFEY//9BxW0wVa
GcADjYqK+Yew1BR+h+wt/qRWgfPKdbmbLAUQqFBghu0ew1LtrkLyCvQKNVExAWR0
82UnCt1cfnvNLM+uMjVyx1X4VUMb/Nvuogyf3+qu4hiVIz0pybFDg6oAB3AXDUWJ
KAcGtK7RmnNRL9fXUWVJpArd1plfDqOaY7ZEoo7AO5ViO/liYu1w7Za+OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBr3If2ya9p1fqaD8Jgz+rJNC4hcMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvR3ZjaF9iSnIyblYtcG9Qd21EUDZzazBMaUZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATodHMA0G
CSqGSIb3DQEBCwUAA4IBAQAQOt7kCKQ/h4Mq+AflImO2B3/z92jIBr0mlx9NWLU/
ZEzGDCQzsBrx8wzEvUH7ryhexhVjGbPluymnLDWELpFgxthIPYTHK4xPgI+kYym/
YAG7Dm/T9zVl/M9j+ODAhRlyp0Mn3+70ncFIeN6F1CdRefs4yZwwrtxYWenQZVRS
yMPCIJ7o3Pt46c1IU9d4ZNRef797CGoyipOOxw9GmqoMSuPaeP4AkgcenILZiHXr
/UT9EUcfIFlsMolqpVf0ptJQe2zXF/IbbQJnrP5o7c9vvo85QW686O47Z9nn9Z0d
5oQEBctzGkYhsHuE2Gi3KeRok6trOfBrMspO0KPMkyFU
-----END CERTIFICATE-----