Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GgjhTN_HhbIcDkAvfAiVqTnitTo.roa
File:                     GgjhTN_HhbIcDkAvfAiVqTnitTo.roa (raw, json)
Hash identifier:          7vuvVm2KD5X9rnPsMynuPprld2JpqO0dbKjW8m75VGY=
Subject key identifier:   1A:08:E1:4C:DF:C7:85:B2:1C:0E:40:2F:7C:08:95:A9:39:E2:B5:3A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019DCDB5F65ECF4D608178EBB768D39FB201
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GgjhTN_HhbIcDkAvfAiVqTnitTo.roa
Signing time:             Mon 27 Apr 2026 06:52:27 +0000
ROA not before:           Mon 27 Apr 2026 06:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199639
IP address blocks:        194.48.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cd:b5:f6:5e:cf:4d:60:81:78:eb:b7:68:d3:9f:b2:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 27 06:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a08e14cdfc785b21c0e402f7c0895a939e2b53a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a0:09:b7:91:99:f9:23:31:31:7f:db:f1:6f:
                    33:dd:42:68:e4:c3:51:26:35:f0:b5:08:33:fd:08:
                    ee:39:97:6b:48:63:b7:69:d0:15:6c:18:a8:14:45:
                    d6:34:7d:c3:35:23:f1:4b:f9:75:05:98:52:31:29:
                    7f:eb:d9:45:86:25:4a:8b:f9:70:a2:30:8e:8e:18:
                    f3:8a:e3:eb:06:b6:ab:ab:1f:3a:5d:35:12:f1:5d:
                    26:2b:cf:46:7f:64:00:37:28:62:e9:52:63:f4:80:
                    53:f0:d5:80:02:de:3c:8d:0b:d8:9d:1a:72:b1:92:
                    6a:a0:1b:7b:2b:ee:68:c5:65:49:66:cb:5a:26:01:
                    9c:4b:2b:e0:d9:ae:94:0d:8c:38:95:1e:ae:18:74:
                    e3:90:6e:e9:14:f9:0d:b9:ed:c8:b6:dd:db:29:ae:
                    6f:9f:a8:e5:57:27:d3:71:69:ad:33:0f:4b:70:df:
                    9b:ef:8a:e6:12:7f:c5:21:26:42:10:f0:95:29:c8:
                    e6:fd:96:85:b8:99:1b:ed:86:f4:27:d7:fb:fe:8e:
                    f9:7d:18:25:be:9d:aa:fd:16:c9:03:64:55:2c:91:
                    ec:9a:d8:1c:af:36:3b:44:ea:1c:dd:3c:2c:43:86:
                    ea:ad:c0:4b:83:e0:55:25:ee:be:eb:45:fd:13:9b:
                    c7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:08:E1:4C:DF:C7:85:B2:1C:0E:40:2F:7C:08:95:A9:39:E2:B5:3A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GgjhTN_HhbIcDkAvfAiVqTnitTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f1:2b:4d:44:f3:74:79:45:53:91:ce:13:f1:da:c8:4c:00:
         89:44:0b:5f:8f:1e:16:42:dc:b1:1c:39:fd:ba:34:9e:ea:3b:
         c6:c8:42:17:1e:4b:ed:07:0c:13:29:33:0c:68:d5:88:f7:00:
         a0:a4:6e:b1:70:f9:91:db:fc:85:4d:23:35:b3:fe:c9:7a:af:
         e0:be:d7:d6:59:ff:bf:a8:71:cf:1a:6f:6f:17:ff:9f:40:2f:
         02:f0:fe:31:ba:ff:8d:1d:73:39:17:df:8d:f3:a9:f9:82:f4:
         ad:54:82:09:4d:79:11:b1:c5:9c:2a:56:54:ed:d1:13:9c:1c:
         0a:c9:5d:f9:e5:4f:69:2f:be:bc:6c:36:c0:0e:2c:36:2a:f8:
         f6:b5:b5:61:f7:ca:a4:db:2f:54:48:23:ba:6b:ba:2c:31:6e:
         1a:f9:62:ee:94:4b:f5:34:09:69:cd:3c:31:06:f8:4d:2b:45:
         f7:b0:6f:aa:09:84:e6:fe:54:af:2a:75:41:bf:a3:b8:af:9d:
         a0:49:db:28:e0:e7:f9:2e:a4:e4:32:26:a9:23:0c:b2:c6:d1:
         00:e4:d3:2e:80:ca:37:e4:ec:5f:55:6b:dc:ff:09:8e:86:4c:
         54:a8:e2:aa:08:06:7a:46:4e:15:7c:fc:43:77:88:68:85:92:
         12:a9:2a:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3NtfZez01ggXjrt2jTn7IBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNDI3MDY1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTA4ZTE0Y2RmYzc4NWIyMWMwZTQwMmY3YzA4OTVhOTM5ZTJiNTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6AJt5GZ+SMxMX/b8W8z3UJo5MNR
JjXwtQgz/QjuOZdrSGO3adAVbBioFEXWNH3DNSPxS/l1BZhSMSl/69lFhiVKi/lw
ojCOjhjziuPrBrarqx86XTUS8V0mK89Gf2QANyhi6VJj9IBT8NWAAt48jQvYnRpy
sZJqoBt7K+5oxWVJZstaJgGcSyvg2a6UDYw4lR6uGHTjkG7pFPkNue3Itt3bKa5v
n6jlVyfTcWmtMw9LcN+b74rmEn/FISZCEPCVKcjm/ZaFuJkb7Yb0J9f7/o75fRgl
vp2q/RbJA2RVLJHsmtgcrzY7ROoc3TwsQ4bqrcBLg+BVJe6+60X9E5vHEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoI4Uzfx4WyHA5AL3wIlak54rU6MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR2dqaFROX0hoYkljRGtBdmZBaVZxVG5pdFRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjD7MA0G
CSqGSIb3DQEBCwUAA4IBAQB/8StNRPN0eUVTkc4T8drITACJRAtfjx4WQtyxHDn9
ujSe6jvGyEIXHkvtBwwTKTMMaNWI9wCgpG6xcPmR2/yFTSM1s/7Jeq/gvtfWWf+/
qHHPGm9vF/+fQC8C8P4xuv+NHXM5F9+N86n5gvStVIIJTXkRscWcKlZU7dETnBwK
yV355U9pL768bDbADiw2Kvj2tbVh98qk2y9USCO6a7osMW4a+WLulEv1NAlpzTwx
BvhNK0X3sG+qCYTm/lSvKnVBv6O4r52gSdso4Of5LqTkMiapIwyyxtEA5NMugMo3
5OxfVWvc/wmOhkxUqOKqCAZ6Rk4VfPxDd4hohZISqSpI
-----END CERTIFICATE-----