Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/gwCH9GLXGCnZns3qWKqCmFzlIWg.roa
File:                     gwCH9GLXGCnZns3qWKqCmFzlIWg.roa (raw, json)
Hash identifier:          rZPGiKhO5/50u9tZCvUrEnomMG8/J8HxsNUpm4xgd7o=
Subject key identifier:   83:00:87:F4:62:D7:18:29:D9:9E:CD:EA:58:AA:82:98:5C:E5:21:68
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019D525AA9DB044DF0105623EAE783D88BAD
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/gwCH9GLXGCnZns3qWKqCmFzlIWg.roa
Signing time:             Fri 03 Apr 2026 07:59:26 +0000
ROA not before:           Fri 03 Apr 2026 07:59:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56322
IP address blocks:        93.114.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:5a:a9:db:04:4d:f0:10:56:23:ea:e7:83:d8:8b:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Apr  3 07:59:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=830087f462d71829d99ecdea58aa82985ce52168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:10:ca:bd:30:78:08:dd:2b:8b:ed:42:b8:b6:
                    33:a3:52:45:18:de:bf:3b:d8:e3:d9:1f:2d:b0:ce:
                    41:63:8f:3a:7e:ed:a7:6e:f3:7c:44:69:c5:27:81:
                    eb:72:96:53:32:60:c8:7c:db:ae:67:2a:4e:55:72:
                    ad:22:10:86:1e:4c:c7:f1:3a:20:05:b3:51:ab:35:
                    9e:5a:13:90:5e:a0:5d:f0:32:c0:ae:ee:a0:2e:64:
                    e3:15:d6:18:26:c8:7d:c6:de:d7:88:9f:65:81:aa:
                    67:c8:22:55:24:6c:2e:1c:9d:e6:fc:6b:c7:a4:b9:
                    b1:e8:33:eb:9a:aa:49:72:76:30:f4:91:31:dc:11:
                    3f:38:94:8c:a0:7f:0a:d6:81:4d:ed:7d:b9:17:9c:
                    1b:f9:f5:c4:4b:9c:24:c8:98:c1:8d:cc:ce:0e:ec:
                    c8:41:dd:92:21:43:48:41:14:f9:d3:5e:f6:0c:39:
                    bd:dd:9b:d5:59:ce:a0:aa:0a:1b:a8:e6:d8:5c:be:
                    47:15:bb:f1:92:27:5e:84:0f:ab:60:9b:4b:48:78:
                    3d:e0:e1:56:78:28:4e:a3:58:ba:3b:13:94:9a:40:
                    b5:da:70:17:43:07:c0:fb:d5:7a:e4:73:2c:9f:fe:
                    d2:46:ef:ef:12:ff:0c:cb:a3:39:2e:54:57:19:bd:
                    c2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:00:87:F4:62:D7:18:29:D9:9E:CD:EA:58:AA:82:98:5C:E5:21:68
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/gwCH9GLXGCnZns3qWKqCmFzlIWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:8e:2c:f2:4c:dd:f8:1b:58:99:21:a7:0f:d1:7b:e8:24:ea:
         da:af:62:f7:a0:3a:1c:28:25:12:dc:b2:49:1e:ab:05:89:25:
         cd:ff:d5:5b:eb:79:a8:cb:76:59:9e:6e:35:c9:2b:34:e0:09:
         b6:a3:25:f5:fc:ff:cd:01:15:32:70:c4:60:4c:1d:92:c7:15:
         7d:2b:7a:dc:5c:e9:79:57:ea:22:1a:46:7a:45:e5:fc:e5:7c:
         f5:b1:89:5b:66:13:6f:02:76:4e:fc:73:7d:4f:b1:3a:3b:af:
         1c:f2:47:6c:66:92:db:6c:c1:9f:e1:9c:92:c3:08:e2:88:f4:
         1c:c7:6f:c2:0f:bd:f2:39:09:a4:03:27:5e:08:e2:6b:8c:9d:
         31:39:72:6b:11:77:1e:fa:ee:29:35:8d:46:03:ef:db:4e:54:
         9e:f1:dc:13:02:ca:42:e2:18:d9:ae:8a:f1:94:16:c4:13:5f:
         e5:7d:2f:71:ef:09:bd:69:ba:a2:40:97:93:d9:2c:91:86:82:
         2a:fb:38:51:b2:22:7f:07:b1:5b:1b:72:3b:a7:9a:38:47:41:
         af:89:49:23:a7:a3:fd:16:09:f8:da:8c:a2:bd:c5:49:2f:cf:
         b3:e7:ac:08:12:cb:e0:5a:0b:83:7c:cb:42:b8:f3:78:e0:25:
         0a:19:e5:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1SWqnbBE3wEFYj6ueD2IutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNDAzMDc1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzAwODdmNDYyZDcxODI5ZDk5ZWNkZWE1OGFhODI5ODVjZTUyMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhDKvTB4CN0ri+1CuLYzo1JFGN6/
O9jj2R8tsM5BY486fu2nbvN8RGnFJ4HrcpZTMmDIfNuuZypOVXKtIhCGHkzH8Tog
BbNRqzWeWhOQXqBd8DLAru6gLmTjFdYYJsh9xt7XiJ9lgapnyCJVJGwuHJ3m/GvH
pLmx6DPrmqpJcnYw9JEx3BE/OJSMoH8K1oFN7X25F5wb+fXES5wkyJjBjczODuzI
Qd2SIUNIQRT50172DDm93ZvVWc6gqgobqObYXL5HFbvxkidehA+rYJtLSHg94OFW
eChOo1i6OxOUmkC12nAXQwfA+9V65HMsn/7SRu/vEv8My6M5LlRXGb3CFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMAh/Ri1xgp2Z7N6liqgphc5SFoMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvZ3dDSDlHTFhHQ25abnMzcVdLcUNtRnpsSVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXJIMA0G
CSqGSIb3DQEBCwUAA4IBAQA/jizyTN34G1iZIacP0XvoJOrar2L3oDocKCUS3LJJ
HqsFiSXN/9Vb63moy3ZZnm41ySs04Am2oyX1/P/NARUycMRgTB2SxxV9K3rcXOl5
V+oiGkZ6ReX85Xz1sYlbZhNvAnZO/HN9T7E6O68c8kdsZpLbbMGf4ZySwwjiiPQc
x2/CD73yOQmkAydeCOJrjJ0xOXJrEXce+u4pNY1GA+/bTlSe8dwTAspC4hjZrorx
lBbEE1/lfS9x7wm9abqiQJeT2SyRhoIq+zhRsiJ/B7FbG3I7p5o4R0GviUkjp6P9
Fgn42oyivcVJL8+z56wIEsvgWguDfMtCuPN44CUKGeVJ
-----END CERTIFICATE-----