Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/Gj_KMBJbJSrcc2TVvL9u56hzgdM.roa
File:                     Gj_KMBJbJSrcc2TVvL9u56hzgdM.roa (raw, json)
Hash identifier:          otqXS+JeceT68wkSJPWrG1/A/vyc30taCbvfR1CTCrc=
Subject key identifier:   1A:3F:CA:30:12:5B:25:2A:DC:73:64:D5:BC:BF:6E:E7:A8:73:81:D3
Certificate issuer:       /CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
Certificate serial:       019EBCAE2C127C14648CE69D807F895CCB1F
Authority key identifier: 84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/Gj_KMBJbJSrcc2TVvL9u56hzgdM.roa
Signing time:             Fri 12 Jun 2026 16:33:11 +0000
ROA not before:           Fri 12 Jun 2026 16:33:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219450
IP address blocks:        185.179.24.0/24 maxlen: 24
                          185.179.25.0/24 maxlen: 24
                          185.179.26.0/24 maxlen: 24
                          185.179.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:ae:2c:12:7c:14:64:8c:e6:9d:80:7f:89:5c:cb:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
        Validity
            Not Before: Jun 12 16:33:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a3fca30125b252adc7364d5bcbf6ee7a87381d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:19:02:61:27:57:62:dc:09:91:f0:7c:82:c4:
                    fa:58:73:ce:16:d3:d3:ca:f0:a3:08:30:d4:d4:a5:
                    ec:0e:67:a9:93:81:ae:bd:53:6d:6c:12:14:75:3c:
                    89:a5:5d:25:7e:1a:0d:46:7c:b4:17:15:52:da:21:
                    ec:12:89:8f:5c:65:87:9a:ad:b5:32:ce:a9:42:40:
                    1b:6b:88:6b:04:02:2b:92:0b:53:89:52:bc:9d:c8:
                    00:7d:19:be:f1:1c:02:1a:c2:5d:52:6c:74:21:14:
                    38:e4:b6:12:63:31:b9:21:86:02:00:d5:38:a6:e8:
                    ae:6f:bc:f8:92:03:57:39:2f:97:54:38:8f:b2:c9:
                    87:73:11:c0:68:54:63:17:95:fe:e2:ce:2f:09:ce:
                    f9:c6:43:58:e1:e5:a9:03:7a:55:38:a7:42:77:c5:
                    e0:cf:65:e9:84:51:84:b4:4c:c4:e1:23:91:b6:2c:
                    f8:d2:ed:1c:a9:fb:83:67:02:21:61:8c:92:8c:a9:
                    55:b1:77:40:1a:3b:f1:57:f9:a7:47:5a:74:7a:77:
                    fd:61:bf:e4:7e:6f:c2:d0:1d:e0:48:a2:5e:12:8c:
                    22:31:67:92:e0:a9:d1:15:74:4b:77:d1:20:eb:c4:
                    c3:37:44:be:20:3a:10:1c:e2:6d:55:d2:ab:23:8b:
                    1a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:3F:CA:30:12:5B:25:2A:DC:73:64:D5:BC:BF:6E:E7:A8:73:81:D3
            X509v3 Authority Key Identifier:
                keyid:84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/Gj_KMBJbJSrcc2TVvL9u56hzgdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:6d:c6:f6:87:e5:21:ea:d8:fc:0a:31:a1:35:3d:47:48:66:
         5b:17:12:26:9b:8a:b3:6d:88:2e:43:f9:80:b6:a3:a3:39:6e:
         7f:f3:60:d8:64:0b:f7:b2:84:85:b4:3f:31:20:2e:c4:1f:5e:
         24:c4:99:55:39:fa:23:d3:3a:2e:ec:a8:ba:74:ec:a1:d8:6c:
         06:71:64:36:91:3a:64:24:ff:12:5c:44:6f:9a:e5:8b:4c:6a:
         0e:7d:f8:7a:fc:80:86:b5:da:e5:23:63:76:c1:66:86:1e:52:
         e2:66:cb:8d:17:2d:e0:c1:f4:0d:2d:b4:69:c1:45:37:d7:6e:
         99:26:d5:87:44:ac:c2:3c:54:67:93:99:49:09:09:4b:ab:a3:
         18:a2:c6:b7:57:11:a2:3d:40:4d:1f:73:69:71:be:3a:5e:a3:
         ff:b4:8c:28:5d:e8:d6:32:e1:6b:9b:e0:9c:4f:65:2a:9f:50:
         0e:2f:00:6f:d5:33:05:65:ef:0e:15:64:a4:87:14:bd:d5:56:
         93:00:fe:9b:ed:e9:2c:5d:0e:9b:72:ea:29:e6:af:53:83:fc:
         ac:71:e9:7c:87:9d:b7:04:6b:b1:dd:38:e9:c7:c9:b5:2c:fc:
         58:2b:c3:c7:38:3d:a0:e1:1f:61:9c:8f:77:29:38:f8:5a:e5:
         ad:b5:26:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ68riwSfBRkjOadgH+JXMsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YmJhZWI3MGIzZjFkMDY3MTYzNThhZDlhMmVjZmVmN2Qy
MTI2ZmIwHhcNMjYwNjEyMTYzMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTNmY2EzMDEyNWIyNTJhZGM3MzY0ZDViY2JmNmVlN2E4NzM4MWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hkCYSdXYtwJkfB8gsT6WHPOFtPT
yvCjCDDU1KXsDmepk4GuvVNtbBIUdTyJpV0lfhoNRny0FxVS2iHsEomPXGWHmq21
Ms6pQkAba4hrBAIrkgtTiVK8ncgAfRm+8RwCGsJdUmx0IRQ45LYSYzG5IYYCANU4
puiub7z4kgNXOS+XVDiPssmHcxHAaFRjF5X+4s4vCc75xkNY4eWpA3pVOKdCd8Xg
z2XphFGEtEzE4SORtiz40u0cqfuDZwIhYYySjKlVsXdAGjvxV/mnR1p0enf9Yb/k
fm/C0B3gSKJeEowiMWeS4KnRFXRLd9Eg68TDN0S+IDoQHOJtVdKrI4salQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBo/yjASWyUq3HNk1by/bueoc4HTMB8GA1UdIwQY
MBaAFIS7rrcLPx0GcWNYrZouz+99ISb7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjct
OTc5MDJkOGE3ZmE2LzEvR2pfS01CSmJKU3JjYzJUVnZMOXU1Nmh6Z2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjctOTc5MDJkOGE3ZmE2
LzEvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubMYMA0G
CSqGSIb3DQEBCwUAA4IBAQAjbcb2h+Uh6tj8CjGhNT1HSGZbFxImm4qzbYguQ/mA
tqOjOW5/82DYZAv3soSFtD8xIC7EH14kxJlVOfoj0zou7Ki6dOyh2GwGcWQ2kTpk
JP8SXERvmuWLTGoOffh6/ICGtdrlI2N2wWaGHlLiZsuNFy3gwfQNLbRpwUU3126Z
JtWHRKzCPFRnk5lJCQlLq6MYosa3VxGiPUBNH3Npcb46XqP/tIwoXejWMuFrm+Cc
T2Uqn1AOLwBv1TMFZe8OFWSkhxS91VaTAP6b7eksXQ6bcuop5q9Tg/yscel8h523
BGux3Tjpx8m1LPxYK8PHOD2g4R9hnI93KTj4WuWttSZ/
-----END CERTIFICATE-----