Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/GmtyRSwv03uFUm7JE5DndaUS8N0.roa
File:                     GmtyRSwv03uFUm7JE5DndaUS8N0.roa (raw, json)
Hash identifier:          zwVMLkSXFGqtFNoiz9XRyBWDIur2kpQPUKFiNSBy9R0=
Subject key identifier:   1A:6B:72:45:2C:2F:D3:7B:85:52:6E:C9:13:90:E7:75:A5:12:F0:DD
Certificate issuer:       /CN=cc275b217df1de988ca2192a83ae11ddf423a44f
Certificate serial:       019B7A5ADB634F16BF36379C8AE5F73FBF2F
Authority key identifier: CC:27:5B:21:7D:F1:DE:98:8C:A2:19:2A:83:AE:11:DD:F4:23:A4:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zCdbIX3x3piMohkqg64R3fQjpE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/GmtyRSwv03uFUm7JE5DndaUS8N0.roa
Signing time:             Thu 01 Jan 2026 16:18:53 +0000
ROA not before:           Thu 01 Jan 2026 16:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42622
IP address blocks:        80.72.0.0/20 maxlen: 20
                          185.84.212.0/22 maxlen: 22
                          2a00:f4c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/zCdbIX3x3piMohkqg64R3fQjpE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/zCdbIX3x3piMohkqg64R3fQjpE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zCdbIX3x3piMohkqg64R3fQjpE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:db:63:4f:16:bf:36:37:9c:8a:e5:f7:3f:bf:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc275b217df1de988ca2192a83ae11ddf423a44f
        Validity
            Not Before: Jan  1 16:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a6b72452c2fd37b85526ec91390e775a512f0dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c8:65:3a:d4:6f:4e:fb:54:b3:c2:13:58:bf:
                    02:84:ef:71:9a:98:93:56:bb:75:9b:01:55:11:9a:
                    a1:46:a6:76:02:b7:b6:c8:a0:8a:73:6f:4e:79:77:
                    ed:2f:21:4b:70:bf:0f:f8:d3:9d:79:7e:5b:dd:40:
                    ac:ea:1a:c4:d0:b0:2b:a4:fc:eb:b4:bd:f7:7b:84:
                    04:d0:90:52:33:d7:15:14:99:0b:3c:ec:8e:a4:d9:
                    95:d9:93:44:c2:99:c0:6c:cd:9d:ad:db:87:8c:79:
                    c6:0f:c7:6c:61:4e:48:b0:75:40:e1:d5:c5:28:fd:
                    1c:18:c2:f7:ff:f1:a1:e1:67:7a:73:e0:ad:3e:46:
                    eb:fb:9a:8a:1d:39:12:35:7e:b3:19:b3:d2:68:07:
                    95:90:e5:56:da:df:2e:04:a8:f8:bf:5b:ca:d3:d0:
                    d0:8c:9b:57:51:5b:b6:4c:22:e1:e0:df:7c:94:82:
                    e7:1d:1b:44:d2:5d:9e:af:a0:ca:44:b5:b4:ee:20:
                    2f:f0:e8:20:47:10:f9:ab:b2:67:e3:80:6a:df:8f:
                    a9:1c:09:33:91:99:88:a8:fc:4a:72:a3:7a:a4:60:
                    77:ea:c0:57:10:98:64:d8:ed:03:c6:e3:42:24:a0:
                    29:75:47:e6:70:bf:06:51:fd:7f:05:73:d1:e6:17:
                    27:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:6B:72:45:2C:2F:D3:7B:85:52:6E:C9:13:90:E7:75:A5:12:F0:DD
            X509v3 Authority Key Identifier:
                keyid:CC:27:5B:21:7D:F1:DE:98:8C:A2:19:2A:83:AE:11:DD:F4:23:A4:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zCdbIX3x3piMohkqg64R3fQjpE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/GmtyRSwv03uFUm7JE5DndaUS8N0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/zCdbIX3x3piMohkqg64R3fQjpE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.72.0.0/20
                  185.84.212.0/22
                IPv6:
                  2a00:f4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:af:bd:38:36:82:0d:55:0b:c2:d2:56:96:fe:c4:7b:23:62:
         f9:0c:f8:ae:5e:3e:3c:6a:0a:f2:b4:db:f4:58:17:d3:a0:8b:
         ff:2e:0d:00:ee:55:44:34:3e:ea:9c:61:cb:8b:83:b6:9d:10:
         12:0d:81:25:f0:84:2a:57:a9:c2:33:38:a0:06:25:41:62:08:
         08:11:bc:c6:56:aa:09:24:48:9a:8c:79:86:ff:a5:b6:1a:27:
         df:fc:ce:89:76:81:5a:c6:4f:e6:9b:df:cc:3d:00:b6:c5:2d:
         c9:fa:77:ee:d6:8c:1d:2b:0a:5f:84:20:75:3e:6d:ff:63:5e:
         c5:12:4c:2b:08:cc:08:d7:b9:43:77:30:98:62:69:3b:fe:25:
         b0:3a:2f:7f:9f:33:2e:43:15:75:e8:b7:d2:3c:10:ae:8d:34:
         2b:6b:a4:33:f6:bc:40:dd:aa:f0:a8:47:2c:a2:fa:05:8f:ad:
         51:87:0e:20:3e:6e:d7:93:53:01:66:fe:76:96:52:ab:74:34:
         f5:67:11:b5:5f:77:96:88:73:86:9f:a4:35:94:01:43:79:98:
         1a:9a:9f:5c:46:37:58:fd:24:8c:54:67:d5:3c:d4:06:2a:1a:
         93:7e:83:72:17:79:c6:a6:9e:ef:76:a9:b5:38:ac:2e:2c:ac:
         26:ef:b7:21
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt6WttjTxa/NjeciuX3P78vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMjc1YjIxN2RmMWRlOTg4Y2EyMTkyYTgzYWUxMWRkZjQy
M2E0NGYwHhcNMjYwMTAxMTYxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTZiNzI0NTJjMmZkMzdiODU1MjZlYzkxMzkwZTc3NWE1MTJmMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyshlOtRvTvtUs8ITWL8ChO9xmpiT
Vrt1mwFVEZqhRqZ2Are2yKCKc29OeXftLyFLcL8P+NOdeX5b3UCs6hrE0LArpPzr
tL33e4QE0JBSM9cVFJkLPOyOpNmV2ZNEwpnAbM2drduHjHnGD8dsYU5IsHVA4dXF
KP0cGML3//Gh4Wd6c+CtPkbr+5qKHTkSNX6zGbPSaAeVkOVW2t8uBKj4v1vK09DQ
jJtXUVu2TCLh4N98lILnHRtE0l2er6DKRLW07iAv8OggRxD5q7Jn44Bq34+pHAkz
kZmIqPxKcqN6pGB36sBXEJhk2O0DxuNCJKApdUfmcL8GUf1/BXPR5hcngwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBprckUsL9N7hVJuyROQ53WlEvDdMB8GA1UdIwQY
MBaAFMwnWyF98d6YjKIZKoOuEd30I6RPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekNkYklYM3gzcGlNb2hrcWc2NFIzZlFqcEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS81MTI0ZDAtMmIzZi00ZGFiLTg1N2Qt
MmU2MzlmY2E0NjQwLzEvR210eVJTd3YwM3VGVW03SkU1RG5kYVVTOE4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS81MTI0ZDAtMmIzZi00ZGFiLTg1N2QtMmU2MzlmY2E0NjQw
LzEvekNkYklYM3gzcGlNb2hrcWc2NFIzZlFqcEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUEgAAwQC
uVTUMA0EAgACMAcDBQAqAPTAMA0GCSqGSIb3DQEBCwUAA4IBAQBer704NoINVQvC
0laW/sR7I2L5DPiuXj48agrytNv0WBfToIv/Lg0A7lVEND7qnGHLi4O2nRASDYEl
8IQqV6nCMzigBiVBYggIEbzGVqoJJEiajHmG/6W2Giff/M6JdoFaxk/mm9/MPQC2
xS3J+nfu1owdKwpfhCB1Pm3/Y17FEkwrCMwI17lDdzCYYmk7/iWwOi9/nzMuQxV1
6LfSPBCujTQra6Qz9rxA3arwqEcsovoFj61Rhw4gPm7Xk1MBZv52llKrdDT1ZxG1
X3eWiHOGn6Q1lAFDeZgamp9cRjdY/SSMVGfVPNQGKhqTfoNyF3nGpp7vdqm1OKwu
LKwm77ch
-----END CERTIFICATE-----