Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/GtbbhuAgxIMOTcLA7g_lLVRgFcI.roa
File:                     GtbbhuAgxIMOTcLA7g_lLVRgFcI.roa (raw, json)
Hash identifier:          DhxOYndKLHQ7AqrRXxJKeCisAr8S273Qur2if7m09Wc=
Subject key identifier:   1A:D6:DB:86:E0:20:C4:83:0E:4D:C2:C0:EE:0F:E5:2D:54:60:15:C2
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D525D67B4942A81AF6A5D5C3207764C0B
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/GtbbhuAgxIMOTcLA7g_lLVRgFcI.roa
Signing time:             Fri 03 Apr 2026 08:02:26 +0000
ROA not before:           Fri 03 Apr 2026 08:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401783
IP address blocks:        93.115.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:5d:67:b4:94:2a:81:af:6a:5d:5c:32:07:76:4c:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr  3 08:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ad6db86e020c4830e4dc2c0ee0fe52d546015c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:69:c6:69:2b:7f:d8:8e:9a:e3:e2:26:54:5e:
                    47:19:37:a3:b5:52:5a:d3:83:4c:82:6a:8e:5c:c2:
                    e4:03:42:4f:b3:e9:b2:1a:50:e0:80:7c:37:dd:0d:
                    1f:ba:e4:75:5b:0d:85:6a:0d:bc:0e:22:a0:fc:e8:
                    39:7d:b8:5f:d8:99:b1:e3:6e:34:84:3a:fe:e2:e5:
                    22:2c:90:e6:3f:84:4c:08:96:e5:c2:9e:5a:14:29:
                    a8:fd:70:5f:f3:16:5e:10:6a:bf:a4:63:87:fc:01:
                    4a:26:29:d0:de:b5:c3:2a:56:ac:65:0b:3f:04:76:
                    e0:05:68:5a:5e:8a:cf:ec:a3:58:aa:9a:e0:56:02:
                    8f:56:83:a5:a7:a3:9d:3b:f6:9c:5c:d3:35:98:a2:
                    b7:9b:53:55:a1:7d:29:fc:68:18:c4:b7:05:c7:9f:
                    b9:d1:4d:a9:6f:30:4f:14:a9:87:9a:bd:29:7f:ec:
                    17:da:92:1b:12:45:1f:0c:e1:0f:2c:5b:27:44:6b:
                    20:67:d1:6f:56:96:0e:25:17:e1:30:d4:42:bb:4a:
                    dc:94:61:4b:31:a1:91:b8:c3:67:9e:2f:13:e9:27:
                    60:32:76:ac:cb:39:91:db:43:9e:b5:2f:c0:7c:68:
                    1e:3a:98:33:3f:cb:1d:ec:a0:74:db:c4:ea:b4:7f:
                    a6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:D6:DB:86:E0:20:C4:83:0E:4D:C2:C0:EE:0F:E5:2D:54:60:15:C2
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/GtbbhuAgxIMOTcLA7g_lLVRgFcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:b8:0b:0c:cb:3a:97:b3:b5:f6:4e:b1:5c:48:da:17:87:60:
         e8:50:8a:0e:79:6d:6d:87:08:ae:36:2b:73:be:39:3d:4a:e1:
         f5:90:f2:44:af:26:53:57:12:71:48:db:fe:05:6e:0c:10:38:
         05:d8:08:bc:12:c6:ff:41:f5:f1:cf:f4:ca:26:ff:a0:c2:e1:
         a2:b8:94:95:a4:84:53:c1:9b:41:97:9b:ab:16:74:bc:f6:4e:
         5b:2c:d2:88:e0:e2:a4:25:c1:e8:87:54:e3:3a:84:d5:76:28:
         f8:cf:ec:e4:53:52:4c:22:07:5c:37:0a:ed:88:5b:c1:a9:05:
         f8:75:80:ad:cd:0e:b4:9e:6b:26:af:ee:0b:52:d9:9d:51:f4:
         28:f4:66:57:9c:2d:05:7c:93:b9:92:65:51:e4:50:64:f1:59:
         a8:2e:98:f3:9e:2d:9a:29:e0:64:38:9f:9a:92:2e:f3:4c:9a:
         5f:3c:be:00:6f:0f:f4:cf:03:54:67:f1:bd:4d:ef:66:7b:52:
         d2:2e:68:88:88:9b:71:20:bc:71:54:ed:3b:77:5c:e1:78:42:
         46:ac:db:85:0f:e5:7d:e6:7a:95:d5:17:f3:38:b2:cf:97:12:
         ff:f2:80:05:92:c3:61:3f:e3:4e:84:6a:a8:87:f5:cd:98:ff:
         06:55:dd:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1SXWe0lCqBr2pdXDIHdkwLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDAzMDgwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWQ2ZGI4NmUwMjBjNDgzMGU0ZGMyYzBlZTBmZTUyZDU0NjAxNWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12nGaSt/2I6a4+ImVF5HGTejtVJa
04NMgmqOXMLkA0JPs+myGlDggHw33Q0fuuR1Ww2Fag28DiKg/Og5fbhf2Jmx4240
hDr+4uUiLJDmP4RMCJblwp5aFCmo/XBf8xZeEGq/pGOH/AFKJinQ3rXDKlasZQs/
BHbgBWhaXorP7KNYqprgVgKPVoOlp6OdO/acXNM1mKK3m1NVoX0p/GgYxLcFx5+5
0U2pbzBPFKmHmr0pf+wX2pIbEkUfDOEPLFsnRGsgZ9FvVpYOJRfhMNRCu0rclGFL
MaGRuMNnni8T6SdgMnasyzmR20OetS/AfGgeOpgzP8sd7KB028TqtH+mjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrW24bgIMSDDk3CwO4P5S1UYBXCMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvR3RiYmh1QWd4SU1PVGNMQTdnX2xMVlJnRmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXOtMA0G
CSqGSIb3DQEBCwUAA4IBAQAuuAsMyzqXs7X2TrFcSNoXh2DoUIoOeW1thwiuNitz
vjk9SuH1kPJEryZTVxJxSNv+BW4MEDgF2Ai8Esb/QfXxz/TKJv+gwuGiuJSVpIRT
wZtBl5urFnS89k5bLNKI4OKkJcHoh1TjOoTVdij4z+zkU1JMIgdcNwrtiFvBqQX4
dYCtzQ60nmsmr+4LUtmdUfQo9GZXnC0FfJO5kmVR5FBk8VmoLpjzni2aKeBkOJ+a
ki7zTJpfPL4Abw/0zwNUZ/G9Te9me1LSLmiIiJtxILxxVO07d1zheEJGrNuFD+V9
5nqV1RfzOLLPlxL/8oAFksNhP+NOhGqoh/XNmP8GVd1K
-----END CERTIFICATE-----