Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/gxYBa5PVU9v9YoR3nT1e_I5ZLaQ.roa
File:                     gxYBa5PVU9v9YoR3nT1e_I5ZLaQ.roa (raw, json)
Hash identifier:          LUNLKTLF0jU435zgccL4QRfdTZFRAvMjstkjVzOvR40=
Subject key identifier:   83:16:01:6B:93:D5:53:DB:FD:62:84:77:9D:3D:5E:FC:8E:59:2D:A4
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019D47F44D84BDA1633347459BA19ABEF462
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/gxYBa5PVU9v9YoR3nT1e_I5ZLaQ.roa
Signing time:             Wed 01 Apr 2026 07:31:26 +0000
ROA not before:           Wed 01 Apr 2026 07:31:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200131
IP address blocks:        213.220.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:47:f4:4d:84:bd:a1:63:33:47:45:9b:a1:9a:be:f4:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Apr  1 07:31:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8316016b93d553dbfd6284779d3d5efc8e592da4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:5b:ac:3c:f6:72:08:3f:ae:1a:a2:0c:a4:b8:
                    87:0b:45:c6:08:67:44:1e:b7:e4:76:67:58:ea:a6:
                    83:89:85:ca:0a:8a:96:a8:44:7a:16:33:47:18:96:
                    e3:1f:a4:dc:72:31:06:e3:05:5c:24:96:4e:5c:29:
                    b1:26:2a:9f:66:b7:d3:a9:01:c5:a1:51:1c:d1:5b:
                    fb:ac:d2:2e:62:e9:35:59:16:0a:53:1d:e4:c3:58:
                    0d:2c:c6:70:9c:3c:15:d6:88:d9:5f:23:08:77:c1:
                    5b:8c:f1:20:c9:6d:e3:67:2b:85:64:51:c0:05:b3:
                    1f:07:44:d3:e5:ae:7c:f8:23:ba:11:b5:94:bd:e4:
                    96:67:ca:29:4b:8b:92:9f:0d:4c:11:38:60:19:22:
                    69:ac:4b:52:ab:5c:bc:3f:21:b3:39:38:7b:8a:53:
                    2a:ae:92:7f:9f:31:2f:7b:26:7c:32:cf:ff:ae:e5:
                    9e:2e:f0:68:a7:4c:e7:89:49:4d:73:d5:12:84:bc:
                    92:4b:51:cd:ed:84:ad:5b:22:d0:f3:2c:e8:88:41:
                    ed:22:e3:97:f7:10:59:3b:94:fa:94:9a:20:34:56:
                    5b:04:cb:d6:44:21:97:ec:81:bd:25:5e:85:5a:8c:
                    3e:83:fa:4e:e4:9b:53:2d:b2:a7:18:df:56:5b:a4:
                    8c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:16:01:6B:93:D5:53:DB:FD:62:84:77:9D:3D:5E:FC:8E:59:2D:A4
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/gxYBa5PVU9v9YoR3nT1e_I5ZLaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:13:a0:f0:f2:b6:59:ce:25:3d:5d:71:4e:57:fd:64:3e:4f:
         5d:83:e3:bf:6a:7b:9b:ab:5c:33:17:68:d0:ad:0e:5d:73:ed:
         22:f0:34:2a:53:1d:bf:f0:ab:9c:1c:42:a6:b9:79:37:be:b8:
         b4:c2:f1:b6:f8:86:b9:6e:63:22:53:ab:cf:17:95:c3:17:4d:
         bb:76:39:ee:d6:06:f9:f5:d0:f0:eb:03:54:0b:54:0f:8a:ba:
         82:f8:95:9c:82:ef:dc:ca:b4:ad:57:ed:63:81:76:19:4c:34:
         5b:3a:7e:d8:d4:36:60:fa:bb:a1:30:cd:d4:97:74:3e:60:72:
         17:62:5d:16:cc:cf:ff:cc:d3:19:db:6a:33:e6:f4:f3:3d:97:
         f7:e4:d8:d5:bf:bf:78:31:6c:e5:d4:5e:c9:f6:be:00:79:9c:
         0b:be:e2:96:24:05:53:df:f3:2c:c2:d5:c0:a0:b4:e1:81:0a:
         07:da:08:8c:7f:68:47:1e:c1:26:f1:7d:2c:44:2b:39:bc:d1:
         38:c5:b8:f6:fe:da:4a:d1:40:b9:3f:0f:62:28:32:84:51:f1:
         62:08:2c:f1:7a:fd:e2:1e:6c:e0:09:2d:09:af:90:1d:40:58:
         da:0d:4a:2b:94:bd:c9:b9:ba:27:a6:04:3b:9a:50:0a:4b:e1:
         ae:fe:35:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1H9E2EvaFjM0dFm6GavvRiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwNDAxMDczMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzE2MDE2YjkzZDU1M2RiZmQ2Mjg0Nzc5ZDNkNWVmYzhlNTkyZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlusPPZyCD+uGqIMpLiHC0XGCGdE
HrfkdmdY6qaDiYXKCoqWqER6FjNHGJbjH6TccjEG4wVcJJZOXCmxJiqfZrfTqQHF
oVEc0Vv7rNIuYuk1WRYKUx3kw1gNLMZwnDwV1ojZXyMId8FbjPEgyW3jZyuFZFHA
BbMfB0TT5a58+CO6EbWUveSWZ8opS4uSnw1METhgGSJprEtSq1y8PyGzOTh7ilMq
rpJ/nzEveyZ8Ms//ruWeLvBop0zniUlNc9UShLySS1HN7YStWyLQ8yzoiEHtIuOX
9xBZO5T6lJogNFZbBMvWRCGX7IG9JV6FWow+g/pO5JtTLbKnGN9WW6SMkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMWAWuT1VPb/WKEd509XvyOWS2kMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvZ3hZQmE1UFZVOXY5WW9SM25UMWVfSTVaTGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwDMA0G
CSqGSIb3DQEBCwUAA4IBAQCDE6Dw8rZZziU9XXFOV/1kPk9dg+O/anubq1wzF2jQ
rQ5dc+0i8DQqUx2/8KucHEKmuXk3vri0wvG2+Ia5bmMiU6vPF5XDF027djnu1gb5
9dDw6wNUC1QPirqC+JWcgu/cyrStV+1jgXYZTDRbOn7Y1DZg+ruhMM3Ul3Q+YHIX
Yl0WzM//zNMZ22oz5vTzPZf35NjVv794MWzl1F7J9r4AeZwLvuKWJAVT3/MswtXA
oLThgQoH2giMf2hHHsEm8X0sRCs5vNE4xbj2/tpK0UC5Pw9iKDKEUfFiCCzxev3i
HmzgCS0Jr5AdQFjaDUorlL3JubonpgQ7mlAKS+Gu/jUi
-----END CERTIFICATE-----