Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/gGO6Wa2cmnZm74aqnOmfGcCtdwE.roa
File:                     gGO6Wa2cmnZm74aqnOmfGcCtdwE.roa (raw, json)
Hash identifier:          LpVwO5yCck4RFGeVX+quec5Pwk1/JEIhAM+kNuOtKSs=
Subject key identifier:   80:63:BA:59:AD:9C:9A:76:66:EF:86:AA:9C:E9:9F:19:C0:AD:77:01
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019D49008CCFAA2902B8F01CC2338756055A
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/gGO6Wa2cmnZm74aqnOmfGcCtdwE.roa
Signing time:             Wed 01 Apr 2026 12:24:25 +0000
ROA not before:           Wed 01 Apr 2026 12:24:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21840
IP address blocks:        95.173.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:49:00:8c:cf:aa:29:02:b8:f0:1c:c2:33:87:56:05:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Apr  1 12:24:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8063ba59ad9c9a7666ef86aa9ce99f19c0ad7701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:da:b2:d4:ed:f2:73:e7:17:9e:9a:a4:26:8b:
                    be:ea:e7:e5:7c:9c:ce:20:71:0f:93:50:68:db:39:
                    0a:f2:92:a9:7d:d3:ed:94:48:3f:58:83:d0:18:a3:
                    0a:56:f7:2c:54:05:2b:c8:56:9f:84:31:12:76:ab:
                    00:b5:4d:e9:16:70:65:79:e2:dd:72:c9:d3:e4:ad:
                    8a:be:b7:ac:4a:f5:a7:7b:f4:2f:88:9e:c1:3c:bd:
                    7c:79:28:a9:3f:64:ad:18:6c:7a:fe:bd:ef:9d:6b:
                    15:b0:92:6e:76:88:a3:1f:c9:75:4e:1c:d2:36:d5:
                    ed:bb:c6:b7:f4:de:40:b2:4b:a9:99:25:88:a9:33:
                    34:e0:34:a3:b1:24:2e:74:7d:1b:6f:73:0c:a7:67:
                    74:9d:ab:1d:4b:92:cf:38:d2:84:2d:9c:d1:cb:db:
                    6f:63:05:6d:20:ce:88:a8:e1:ff:57:d4:76:bc:d4:
                    c6:dd:1c:f6:a2:3e:59:fa:69:0a:20:41:35:30:a4:
                    28:39:5d:8e:77:c3:ba:26:16:8e:85:65:35:fe:d4:
                    79:33:86:e0:1f:6a:4a:61:4e:b9:33:58:d4:e1:64:
                    79:c7:4d:ff:b0:d3:84:2c:1a:9e:6c:a8:dc:54:30:
                    0c:ae:eb:87:3a:2a:81:8a:a8:9c:40:ba:5f:36:0b:
                    e7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:63:BA:59:AD:9C:9A:76:66:EF:86:AA:9C:E9:9F:19:C0:AD:77:01
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/gGO6Wa2cmnZm74aqnOmfGcCtdwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:b1:9b:0d:a2:f5:c3:b2:ad:0e:ac:ad:04:54:96:08:a9:be:
         13:2c:3d:a7:f4:34:f6:3e:9d:b1:64:ec:5b:9d:ad:2b:d5:9f:
         c2:21:f7:92:a8:87:d5:5a:8e:ba:96:0d:f7:16:9f:75:e4:6b:
         e6:30:a5:b0:13:44:9b:de:1c:c4:83:c1:55:7a:01:71:f4:93:
         05:cd:c5:83:4a:90:2a:bf:21:f9:ec:5c:11:7e:b7:c0:74:a5:
         67:9d:31:c7:5e:40:24:62:56:18:b0:9c:ec:c3:67:ec:bc:06:
         75:96:3b:4b:b8:42:d0:ad:e9:21:2e:e9:38:41:3f:72:30:51:
         f5:2f:86:99:ac:f3:95:23:ec:46:a5:47:64:51:63:c7:ab:74:
         e3:7b:ca:51:d9:14:fb:b5:bb:83:9e:5b:de:4a:04:de:5d:b5:
         64:d0:ce:61:d3:3a:de:1e:53:d0:bf:26:36:a1:d5:0c:ef:56:
         71:79:53:a2:f5:1a:70:80:83:bf:a9:fd:a0:65:ea:b1:29:cd:
         f5:ec:74:80:0a:e5:40:d1:a5:ec:e9:99:e1:d8:90:5e:2a:7b:
         bc:d1:21:8c:de:b2:fe:85:d0:3c:b4:d4:ba:f5:e2:ba:a5:2a:
         d8:2b:cf:d0:48:31:70:a5:44:54:6d:be:d2:d5:da:6e:e6:ba:
         a8:22:cd:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1JAIzPqikCuPAcwjOHVgVaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwNDAxMTIyNDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDYzYmE1OWFkOWM5YTc2NjZlZjg2YWE5Y2U5OWYxOWMwYWQ3NzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtqy1O3yc+cXnpqkJou+6uflfJzO
IHEPk1Bo2zkK8pKpfdPtlEg/WIPQGKMKVvcsVAUryFafhDESdqsAtU3pFnBleeLd
csnT5K2KvresSvWne/QviJ7BPL18eSipP2StGGx6/r3vnWsVsJJudoijH8l1ThzS
NtXtu8a39N5AskupmSWIqTM04DSjsSQudH0bb3MMp2d0nasdS5LPONKELZzRy9tv
YwVtIM6IqOH/V9R2vNTG3Rz2oj5Z+mkKIEE1MKQoOV2Od8O6JhaOhWU1/tR5M4bg
H2pKYU65M1jU4WR5x03/sNOELBqebKjcVDAMruuHOiqBiqicQLpfNgvnaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBjulmtnJp2Zu+GqpzpnxnArXcBMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvZ0dPNldhMmNtblptNzRhcW5PbWZHY0N0ZHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX606MA0G
CSqGSIb3DQEBCwUAA4IBAQASsZsNovXDsq0OrK0EVJYIqb4TLD2n9DT2Pp2xZOxb
na0r1Z/CIfeSqIfVWo66lg33Fp915GvmMKWwE0Sb3hzEg8FVegFx9JMFzcWDSpAq
vyH57FwRfrfAdKVnnTHHXkAkYlYYsJzsw2fsvAZ1ljtLuELQrekhLuk4QT9yMFH1
L4aZrPOVI+xGpUdkUWPHq3Tje8pR2RT7tbuDnlveSgTeXbVk0M5h0zreHlPQvyY2
odUM71ZxeVOi9RpwgIO/qf2gZeqxKc317HSACuVA0aXs6Znh2JBeKnu80SGM3rL+
hdA8tNS69eK6pSrYK8/QSDFwpURUbb7S1dpu5rqoIs1x
-----END CERTIFICATE-----