Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/GncCV8dgTUVbY24x3mdknqzuxo4.roa
File:                     GncCV8dgTUVbY24x3mdknqzuxo4.roa (raw, json)
Hash identifier:          o/kk/cTaqZtbmM6P1+RTVFyqYG8fEQJocGdfkavOgMU=
Subject key identifier:   1A:77:02:57:C7:60:4D:45:5B:63:6E:31:DE:67:64:9E:AC:EE:C6:8E
Certificate issuer:       /CN=000d0fee2cd566965ca08db550663cb20b412343
Certificate serial:       019B7F1573AED830B426C4636AE5971A877C
Authority key identifier: 00:0D:0F:EE:2C:D5:66:96:5C:A0:8D:B5:50:66:3C:B2:0B:41:23:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AA0P7izVZpZcoI21UGY8sgtBI0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/GncCV8dgTUVbY24x3mdknqzuxo4.roa
Signing time:             Fri 02 Jan 2026 14:21:10 +0000
ROA not before:           Fri 02 Jan 2026 14:21:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208623
IP address blocks:        83.138.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/AA0P7izVZpZcoI21UGY8sgtBI0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/AA0P7izVZpZcoI21UGY8sgtBI0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AA0P7izVZpZcoI21UGY8sgtBI0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:73:ae:d8:30:b4:26:c4:63:6a:e5:97:1a:87:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=000d0fee2cd566965ca08db550663cb20b412343
        Validity
            Not Before: Jan  2 14:21:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a770257c7604d455b636e31de67649eaceec68e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:13:68:cc:4e:8f:77:6a:85:93:81:45:f7:7d:
                    51:56:86:31:93:61:66:57:87:20:8a:d3:05:10:0b:
                    41:1e:61:b8:5a:9b:09:8f:7b:19:13:45:3c:83:26:
                    e5:91:26:11:f2:11:fe:ba:7f:32:e0:46:dc:d6:bd:
                    08:72:a5:d2:d8:33:2b:81:80:40:7f:7c:34:5a:ce:
                    b7:86:c8:a6:65:13:06:17:c8:a1:aa:87:f5:1c:71:
                    8c:be:4c:7a:6b:82:3d:92:60:0d:a2:2d:c1:e7:b9:
                    31:e3:0d:73:a3:30:8c:7a:93:2d:c8:83:e4:84:7f:
                    69:95:bb:d3:23:17:ac:d6:94:c8:07:09:3b:dd:1e:
                    32:ff:c7:8b:f1:c3:63:19:73:46:84:d4:d3:45:0d:
                    db:da:96:3c:76:c6:e3:05:d2:73:8d:bc:d1:31:34:
                    78:4f:b7:aa:55:8d:05:6a:43:b1:18:ae:5a:a6:bc:
                    10:12:e0:f7:51:50:77:af:5e:80:68:70:1a:64:26:
                    62:3a:fa:55:73:1b:95:d7:30:fd:f0:db:0b:3e:a0:
                    bb:9a:ef:40:ad:d9:37:1a:f1:67:a3:e7:5c:06:39:
                    de:d6:9a:c1:c3:c1:84:37:2b:31:50:22:8d:bf:85:
                    2a:27:e4:4c:38:19:f4:0f:46:23:53:c8:b2:44:24:
                    e1:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:77:02:57:C7:60:4D:45:5B:63:6E:31:DE:67:64:9E:AC:EE:C6:8E
            X509v3 Authority Key Identifier:
                keyid:00:0D:0F:EE:2C:D5:66:96:5C:A0:8D:B5:50:66:3C:B2:0B:41:23:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AA0P7izVZpZcoI21UGY8sgtBI0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/GncCV8dgTUVbY24x3mdknqzuxo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/AA0P7izVZpZcoI21UGY8sgtBI0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.138.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:71:fe:46:d1:46:aa:57:49:f8:2e:d8:69:9b:5f:f3:f3:f3:
         3f:7b:b0:a3:f6:a2:38:2d:23:40:28:a7:89:f5:ad:9e:61:a9:
         b5:89:9d:1c:b2:56:f0:3a:19:79:db:03:d2:6b:15:1a:84:6c:
         1e:9f:ff:1a:78:28:f5:69:14:4b:e6:12:3f:c9:2a:5b:da:a6:
         88:21:57:d4:67:be:57:3d:c9:91:8e:d2:d3:67:de:05:85:fb:
         be:62:47:5d:1d:7b:c4:14:42:29:90:39:0a:be:a4:80:89:54:
         ec:0c:c3:14:c8:42:36:e9:b8:0b:e1:8a:a5:b9:31:5e:c9:2b:
         b3:c0:ff:73:d7:d1:11:d8:26:7b:b5:7e:c4:dd:4e:2c:04:0e:
         dd:ec:46:4d:56:ec:53:63:05:89:a5:11:3e:3e:1b:88:50:dd:
         a7:e6:e0:7d:1e:ec:17:53:b7:39:99:6e:77:96:1e:35:08:9e:
         02:8b:cc:5e:ed:81:aa:e0:4f:0a:5f:77:fa:dd:e6:c0:1b:bc:
         d4:6e:56:8c:19:00:c1:da:ae:b8:50:9c:68:8e:eb:2b:83:66:
         62:aa:92:7e:d3:3d:66:f5:39:29:74:bf:ec:ad:2b:dd:18:ea:
         d0:72:44:94:a0:17:24:f3:18:65:d0:54:83:93:42:fd:1a:c7:
         57:c9:3f:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FXOu2DC0JsRjauWXGod8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMGQwZmVlMmNkNTY2OTY1Y2EwOGRiNTUwNjYzY2IyMGI0
MTIzNDMwHhcNMjYwMTAyMTQyMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTc3MDI1N2M3NjA0ZDQ1NWI2MzZlMzFkZTY3NjQ5ZWFjZWVjNjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxNozE6Pd2qFk4FF931RVoYxk2Fm
V4cgitMFEAtBHmG4WpsJj3sZE0U8gyblkSYR8hH+un8y4Ebc1r0IcqXS2DMrgYBA
f3w0Ws63hsimZRMGF8ihqof1HHGMvkx6a4I9kmANoi3B57kx4w1zozCMepMtyIPk
hH9plbvTIxes1pTIBwk73R4y/8eL8cNjGXNGhNTTRQ3b2pY8dsbjBdJzjbzRMTR4
T7eqVY0FakOxGK5aprwQEuD3UVB3r16AaHAaZCZiOvpVcxuV1zD98NsLPqC7mu9A
rdk3GvFno+dcBjne1prBw8GENysxUCKNv4UqJ+RMOBn0D0YjU8iyRCThqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBp3AlfHYE1FW2NuMd5nZJ6s7saOMB8GA1UdIwQY
MBaAFAAND+4s1WaWXKCNtVBmPLILQSNDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUEwUDdpelZacFpjb0kyMVVHWThzZ3RCSTBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9lNmZlMDktYzIyZC00NWI3LWE1OTkt
Yjk0MWJhOTIxYjNmLzEvR25jQ1Y4ZGdUVVZiWTI0eDNtZGtucXp1eG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9lNmZlMDktYzIyZC00NWI3LWE1OTktYjk0MWJhOTIxYjNm
LzEvQUEwUDdpelZacFpjb0kyMVVHWThzZ3RCSTBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4oSMA0G
CSqGSIb3DQEBCwUAA4IBAQB9cf5G0UaqV0n4Lthpm1/z8/M/e7Cj9qI4LSNAKKeJ
9a2eYam1iZ0cslbwOhl52wPSaxUahGwen/8aeCj1aRRL5hI/ySpb2qaIIVfUZ75X
PcmRjtLTZ94Fhfu+YkddHXvEFEIpkDkKvqSAiVTsDMMUyEI26bgL4YqluTFeySuz
wP9z19ER2CZ7tX7E3U4sBA7d7EZNVuxTYwWJpRE+PhuIUN2n5uB9HuwXU7c5mW53
lh41CJ4Ci8xe7YGq4E8KX3f63ebAG7zUblaMGQDB2q64UJxojusrg2ZiqpJ+0z1m
9TkpdL/srSvdGOrQckSUoBck8xhl0FSDk0L9GsdXyT8v
-----END CERTIFICATE-----