Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/570d93-696d-47eb-93b1-77836e2fcbdd/1/GHKMa_KSipTSmf3pI2wnkS6Tr20.roa
File:                     GHKMa_KSipTSmf3pI2wnkS6Tr20.roa (raw, json)
Hash identifier:          OnS7nAX4PtptEhEkwUT11ufA7pPlMC3cHL0kMdeoeW8=
Subject key identifier:   18:72:8C:6B:F2:92:8A:94:D2:99:FD:E9:23:6C:27:91:2E:93:AF:6D
Certificate issuer:       /CN=4cea66adda9df9625a3d78d628fb05e2484dd878
Certificate serial:       019B7C11A51A16B70F8FE0E74DDD0068F572
Authority key identifier: 4C:EA:66:AD:DA:9D:F9:62:5A:3D:78:D6:28:FB:05:E2:48:4D:D8:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TOpmrdqd-WJaPXjWKPsF4khN2Hg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/570d93-696d-47eb-93b1-77836e2fcbdd/1/GHKMa_KSipTSmf3pI2wnkS6Tr20.roa
Signing time:             Fri 02 Jan 2026 00:18:09 +0000
ROA not before:           Fri 02 Jan 2026 00:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56721
IP address blocks:        91.227.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/570d93-696d-47eb-93b1-77836e2fcbdd/1/TOpmrdqd-WJaPXjWKPsF4khN2Hg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/570d93-696d-47eb-93b1-77836e2fcbdd/1/TOpmrdqd-WJaPXjWKPsF4khN2Hg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TOpmrdqd-WJaPXjWKPsF4khN2Hg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:a5:1a:16:b7:0f:8f:e0:e7:4d:dd:00:68:f5:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cea66adda9df9625a3d78d628fb05e2484dd878
        Validity
            Not Before: Jan  2 00:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=18728c6bf2928a94d299fde9236c27912e93af6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:9b:30:73:85:e2:7d:7e:13:87:da:09:5a:3a:
                    44:d0:94:da:36:a6:79:3d:a3:3f:57:90:88:4f:33:
                    a1:25:74:ec:82:14:99:c8:58:fd:c0:11:ef:72:01:
                    ba:23:b1:82:51:cc:10:20:d8:f9:3b:d6:ee:a8:e3:
                    0a:ba:7b:fd:b8:79:eb:b1:fa:e7:15:b1:a4:f4:84:
                    a1:98:44:3a:96:99:3e:17:c5:4d:2c:0c:2b:0a:39:
                    b0:dc:17:1b:58:5a:56:46:05:d3:e2:57:2d:50:70:
                    05:f5:e3:a2:ed:2a:dc:fb:1b:46:68:16:ff:a2:d6:
                    04:db:06:6c:a7:7d:14:3e:94:16:e2:ae:97:2c:e2:
                    e2:df:f0:14:a9:55:cf:39:06:12:33:1e:07:6e:4f:
                    bf:da:57:42:f3:02:69:ce:80:54:61:09:ed:dc:69:
                    79:1b:fd:3f:31:91:da:1b:ff:fa:9a:a5:21:e9:9f:
                    b5:10:0c:36:cb:ce:01:a1:62:b8:6d:6d:5d:80:11:
                    bb:d8:2b:56:26:12:10:db:9c:11:ee:af:0a:95:b5:
                    18:59:ce:77:39:02:cc:bc:1e:dd:71:f2:94:bd:01:
                    30:3d:fc:49:2b:db:23:a2:24:d9:74:9d:d7:ad:ba:
                    b7:72:77:50:fa:05:97:29:1a:3a:5b:5c:87:84:09:
                    5b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:72:8C:6B:F2:92:8A:94:D2:99:FD:E9:23:6C:27:91:2E:93:AF:6D
            X509v3 Authority Key Identifier:
                keyid:4C:EA:66:AD:DA:9D:F9:62:5A:3D:78:D6:28:FB:05:E2:48:4D:D8:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TOpmrdqd-WJaPXjWKPsF4khN2Hg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/570d93-696d-47eb-93b1-77836e2fcbdd/1/GHKMa_KSipTSmf3pI2wnkS6Tr20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/570d93-696d-47eb-93b1-77836e2fcbdd/1/TOpmrdqd-WJaPXjWKPsF4khN2Hg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:b9:bc:53:aa:d2:10:01:4b:df:b5:56:64:74:00:b3:26:34:
         aa:2d:26:f2:f4:67:94:dd:81:21:39:88:8b:c9:a7:48:04:5b:
         4c:36:9f:b5:6a:cd:ac:44:62:30:d3:14:9c:8b:af:37:0b:0e:
         bf:81:12:a6:58:82:ca:cf:b1:8b:9e:25:06:45:68:0d:21:0a:
         36:a7:f5:c8:ab:53:bf:9b:76:fc:75:7e:24:a1:3c:11:97:cd:
         03:ba:ea:01:48:a3:23:84:3e:bb:c1:1d:45:83:89:b7:e6:fd:
         c1:10:ed:03:ac:f8:f4:74:63:68:98:a9:c9:f3:02:a9:0b:41:
         dd:53:f4:f8:63:fa:76:20:1a:77:93:ba:2a:81:ab:ce:2c:a7:
         60:c7:07:95:f3:8d:cd:af:1d:2c:4b:3e:fd:5a:0a:72:ca:ad:
         b2:9b:ba:3d:07:7c:9b:32:53:0a:dd:98:47:19:b9:04:55:95:
         25:07:bb:6c:2d:94:b7:a0:2c:b0:84:87:fd:99:76:db:e1:79:
         a4:19:33:cd:42:a0:70:d9:95:41:b0:ba:4e:5e:61:0d:bd:d7:
         f4:3e:6e:a6:fb:5d:82:af:40:40:a8:a7:7f:bf:97:26:c0:55:
         69:fe:59:6e:29:23:d7:df:1c:81:5e:ee:59:cc:84:f1:78:23:
         93:35:29:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EaUaFrcPj+DnTd0AaPVyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZWE2NmFkZGE5ZGY5NjI1YTNkNzhkNjI4ZmIwNWUyNDg0
ZGQ4NzgwHhcNMjYwMTAyMDAxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODcyOGM2YmYyOTI4YTk0ZDI5OWZkZTkyMzZjMjc5MTJlOTNhZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Jswc4XifX4Th9oJWjpE0JTaNqZ5
PaM/V5CITzOhJXTsghSZyFj9wBHvcgG6I7GCUcwQINj5O9buqOMKunv9uHnrsfrn
FbGk9IShmEQ6lpk+F8VNLAwrCjmw3BcbWFpWRgXT4lctUHAF9eOi7Src+xtGaBb/
otYE2wZsp30UPpQW4q6XLOLi3/AUqVXPOQYSMx4Hbk+/2ldC8wJpzoBUYQnt3Gl5
G/0/MZHaG//6mqUh6Z+1EAw2y84BoWK4bW1dgBG72CtWJhIQ25wR7q8KlbUYWc53
OQLMvB7dcfKUvQEwPfxJK9sjoiTZdJ3Xrbq3cndQ+gWXKRo6W1yHhAlbsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhyjGvykoqU0pn96SNsJ5Euk69tMB8GA1UdIwQY
MBaAFEzqZq3anfliWj141ij7BeJITdh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE9wbXJkcWQtV0phUFhqV0tQc0Y0a2hOMkhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi81NzBkOTMtNjk2ZC00N2ViLTkzYjEt
Nzc4MzZlMmZjYmRkLzEvR0hLTWFfS1NpcFRTbWYzcEkyd25rUzZUcjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi81NzBkOTMtNjk2ZC00N2ViLTkzYjEtNzc4MzZlMmZjYmRk
LzEvVE9wbXJkcWQtV0phUFhqV0tQc0Y0a2hOMkhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+MXMA0G
CSqGSIb3DQEBCwUAA4IBAQB8ubxTqtIQAUvftVZkdACzJjSqLSby9GeU3YEhOYiL
yadIBFtMNp+1as2sRGIw0xSci683Cw6/gRKmWILKz7GLniUGRWgNIQo2p/XIq1O/
m3b8dX4koTwRl80DuuoBSKMjhD67wR1Fg4m35v3BEO0DrPj0dGNomKnJ8wKpC0Hd
U/T4Y/p2IBp3k7oqgavOLKdgxweV843Nrx0sSz79Wgpyyq2ym7o9B3ybMlMK3ZhH
GbkEVZUlB7tsLZS3oCywhIf9mXbb4XmkGTPNQqBw2ZVBsLpOXmENvdf0Pm6m+12C
r0BAqKd/v5cmwFVp/lluKSPX3xyBXu5ZzITxeCOTNSnK
-----END CERTIFICATE-----