Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/ghGc2Lv7TcfrmuH9YITRm12nsM0.roa
File:                     ghGc2Lv7TcfrmuH9YITRm12nsM0.roa (raw, json)
Hash identifier:          qhSH7nSb+oaxjGNhsFsYHQ6vShtNbUb1gAOSPr8PZts=
Subject key identifier:   82:11:9C:D8:BB:FB:4D:C7:EB:9A:E1:FD:60:84:D1:9B:5D:A7:B0:CD
Certificate issuer:       /CN=cbd95ead6d2a1daf2ef687acb4c29e76076b2809
Certificate serial:       019B7AC79FFB2EB03D4F15B6A7B8E0A087B2
Authority key identifier: CB:D9:5E:AD:6D:2A:1D:AF:2E:F6:87:AC:B4:C2:9E:76:07:6B:28:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9lerW0qHa8u9oestMKedgdrKAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/ghGc2Lv7TcfrmuH9YITRm12nsM0.roa
Signing time:             Thu 01 Jan 2026 18:17:41 +0000
ROA not before:           Thu 01 Jan 2026 18:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200259
IP address blocks:        195.189.176.0/24 maxlen: 24
                          2001:67c:2ebc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/y9lerW0qHa8u9oestMKedgdrKAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/y9lerW0qHa8u9oestMKedgdrKAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9lerW0qHa8u9oestMKedgdrKAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:9f:fb:2e:b0:3d:4f:15:b6:a7:b8:e0:a0:87:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd95ead6d2a1daf2ef687acb4c29e76076b2809
        Validity
            Not Before: Jan  1 18:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82119cd8bbfb4dc7eb9ae1fd6084d19b5da7b0cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:33:e8:2b:6c:28:de:ec:69:67:76:dd:9e:ab:
                    a0:6b:cd:98:d5:38:8c:d5:61:8a:c5:46:99:ed:05:
                    ab:cf:58:1a:08:76:83:8d:d9:52:f3:ab:b1:23:03:
                    db:9a:22:66:30:76:ab:b1:0e:b1:81:51:97:b5:a9:
                    7e:fc:bd:5c:c4:db:0a:4d:07:42:15:00:c2:39:5b:
                    2e:4d:56:9a:55:6c:22:40:1e:5e:c0:0f:fa:16:5b:
                    2a:6b:e1:93:55:81:ec:58:85:aa:11:d9:1b:51:66:
                    4c:53:36:dd:f1:22:3a:74:57:42:23:87:a8:04:a6:
                    0d:c3:1d:9d:78:62:1f:da:55:f7:8b:6b:b0:07:8f:
                    89:f9:fb:cd:2d:1d:2a:54:62:9e:e0:74:5f:51:a8:
                    c2:3f:34:22:4a:ef:9a:0f:ab:87:ed:0f:6a:43:6b:
                    4c:96:46:bc:33:1f:7c:3a:56:fa:f1:20:cb:3b:df:
                    b0:b7:69:90:12:30:7d:e0:f1:8a:30:c4:aa:72:de:
                    79:e0:e6:88:f8:ef:d4:52:9f:f3:15:d9:45:01:d5:
                    04:91:a0:eb:32:f4:90:e0:9b:c0:38:43:12:f8:95:
                    32:d9:77:f5:09:2a:20:0b:4f:f7:3e:95:d6:3e:c7:
                    90:61:22:73:07:3e:f2:0c:64:8e:9e:d0:b6:01:7a:
                    c5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:11:9C:D8:BB:FB:4D:C7:EB:9A:E1:FD:60:84:D1:9B:5D:A7:B0:CD
            X509v3 Authority Key Identifier:
                keyid:CB:D9:5E:AD:6D:2A:1D:AF:2E:F6:87:AC:B4:C2:9E:76:07:6B:28:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9lerW0qHa8u9oestMKedgdrKAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/ghGc2Lv7TcfrmuH9YITRm12nsM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/y9lerW0qHa8u9oestMKedgdrKAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.176.0/24
                IPv6:
                  2001:67c:2ebc::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:1f:7f:c1:6f:69:d1:75:31:24:0e:f7:60:f5:01:df:ca:29:
         d2:58:c1:bf:c0:8d:ea:3a:12:99:40:56:e2:e6:33:ae:17:57:
         2f:a6:d6:b6:19:2b:54:8f:b8:e9:41:01:1f:8c:80:5f:fb:b4:
         de:aa:1f:36:de:f9:f6:2d:0f:06:ec:6d:ee:39:ac:3d:8d:b6:
         19:c8:f5:46:74:b8:91:b1:be:27:b9:d6:75:96:d0:94:c3:f2:
         92:cd:e1:dd:6e:af:c5:c4:a2:28:9b:47:da:02:87:5b:e8:e3:
         2a:c2:e0:7c:7a:b7:08:d1:28:a6:55:55:e4:7f:86:e3:cd:ff:
         af:d1:ce:be:27:c6:a8:ce:51:39:e2:e3:0f:7b:13:a7:ad:38:
         f5:a4:92:f6:db:09:8c:ab:7a:23:ff:56:e4:ac:7c:fd:56:3b:
         dc:11:f9:cc:6d:fe:3f:b7:5d:8f:37:f2:48:b9:53:5e:fb:62:
         8e:f7:c6:dd:08:78:03:c0:81:ea:f0:7f:e7:6d:e8:9d:9a:8c:
         4b:df:80:d0:d3:f5:d1:b8:5c:1b:b8:fd:01:33:2d:52:6b:77:
         d8:be:5d:de:44:08:a9:52:83:00:79:5a:54:80:af:94:05:e2:
         7f:f6:4e:c4:95:47:53:3c:fc:b1:3f:57:76:93:83:88:fe:b8:
         13:ab:de:97
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt6x5/7LrA9TxW2p7jgoIeyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDk1ZWFkNmQyYTFkYWYyZWY2ODdhY2I0YzI5ZTc2MDc2
YjI4MDkwHhcNMjYwMTAxMTgxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjExOWNkOGJiZmI0ZGM3ZWI5YWUxZmQ2MDg0ZDE5YjVkYTdiMGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjPoK2wo3uxpZ3bdnquga82Y1TiM
1WGKxUaZ7QWrz1gaCHaDjdlS86uxIwPbmiJmMHarsQ6xgVGXtal+/L1cxNsKTQdC
FQDCOVsuTVaaVWwiQB5ewA/6Flsqa+GTVYHsWIWqEdkbUWZMUzbd8SI6dFdCI4eo
BKYNwx2deGIf2lX3i2uwB4+J+fvNLR0qVGKe4HRfUajCPzQiSu+aD6uH7Q9qQ2tM
lka8Mx98Olb68SDLO9+wt2mQEjB94PGKMMSqct554OaI+O/UUp/zFdlFAdUEkaDr
MvSQ4JvAOEMS+JUy2Xf1CSogC0/3PpXWPseQYSJzBz7yDGSOntC2AXrF3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIIRnNi7+03H65rh/WCE0Ztdp7DNMB8GA1UdIwQY
MBaAFMvZXq1tKh2vLvaHrLTCnnYHaygJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlsZXJXMHFIYTh1OW9lc3RNS2VkZ2RyS0FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9kMTY0NjMtODliZS00ZjViLWIyZjIt
YWNjNDFjYWNmN2UxLzEvZ2hHYzJMdjdUY2ZybXVIOVlJVFJtMTJuc00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9kMTY0NjMtODliZS00ZjViLWIyZjItYWNjNDFjYWNmN2Ux
LzEveTlsZXJXMHFIYTh1OW9lc3RNS2VkZ2RyS0FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw72wMA8E
AgACMAkDBwAgAQZ8LrwwDQYJKoZIhvcNAQELBQADggEBAHMff8FvadF1MSQO92D1
Ad/KKdJYwb/Ajeo6EplAVuLmM64XVy+m1rYZK1SPuOlBAR+MgF/7tN6qHzbe+fYt
Dwbsbe45rD2NthnI9UZ0uJGxvie51nWW0JTD8pLN4d1ur8XEoiibR9oCh1vo4yrC
4Hx6twjRKKZVVeR/huPN/6/Rzr4nxqjOUTni4w97E6etOPWkkvbbCYyreiP/VuSs
fP1WO9wR+cxt/j+3XY838ki5U177Yo73xt0IeAPAgerwf+dt6J2ajEvfgNDT9dG4
XBu4/QEzLVJrd9i+Xd5ECKlSgwB5WlSAr5QF4n/2TsSVR1M8/LE/V3aTg4j+uBOr
3pc=
-----END CERTIFICATE-----