Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GgqlqEEvXYr_fHC9mE-FLAYxSjo.roa
File:                     GgqlqEEvXYr_fHC9mE-FLAYxSjo.roa (raw, json)
Hash identifier:          Cu51sHiySIxXLKFRkqLxHwEO6ND+TX2RconKqTWtrOo=
Subject key identifier:   1A:0A:A5:A8:41:2F:5D:8A:FF:7C:70:BD:98:4F:85:2C:06:31:4A:3A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019EF50092FC710191ACC0A2CE877174BB68
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GgqlqEEvXYr_fHC9mE-FLAYxSjo.roa
Signing time:             Tue 23 Jun 2026 15:01:56 +0000
ROA not before:           Tue 23 Jun 2026 15:01:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395793
IP address blocks:        185.176.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 24 Jun 2026 19:47:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f5:00:92:fc:71:01:91:ac:c0:a2:ce:87:71:74:bb:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 23 15:01:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a0aa5a8412f5d8aff7c70bd984f852c06314a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c4:45:6f:80:87:48:39:b0:61:c1:0c:f1:58:
                    cb:34:02:3f:b0:fd:b6:0a:60:b7:11:aa:a0:e0:68:
                    f5:7c:82:be:bd:31:ad:23:48:44:ef:4a:b2:45:d7:
                    36:bb:26:21:96:34:27:c9:e2:14:29:c1:07:49:27:
                    27:b7:b7:ec:c4:ea:2b:48:c7:ac:a9:0c:e7:8a:00:
                    b2:54:da:c2:ea:6a:34:dd:16:eb:5f:48:03:aa:d4:
                    13:88:53:15:b1:84:d5:de:e8:2d:dc:c2:e1:3c:46:
                    69:d1:7d:29:bb:37:0f:f3:b2:b9:e9:ef:7a:11:4e:
                    70:99:71:47:8e:26:6c:95:25:9e:48:c6:8c:c0:6a:
                    89:5c:bd:c4:6d:77:64:4f:7f:69:fc:57:bb:54:8c:
                    d0:90:56:a5:91:0d:f7:74:f7:94:87:06:9f:bb:b4:
                    b9:6b:51:ac:8f:de:c3:6c:47:68:af:58:87:5e:d7:
                    93:d4:14:48:e0:cd:7e:c8:99:75:19:51:2a:c1:d8:
                    88:1a:83:1e:d3:13:3e:5a:b2:51:1a:11:68:75:de:
                    94:a7:37:a8:71:87:fa:42:91:fe:79:61:e4:96:42:
                    a7:ce:31:08:b6:69:22:fd:36:6a:e3:a8:14:d4:2e:
                    cb:74:df:81:a0:a2:c4:69:8f:db:42:5e:90:3e:87:
                    a5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:0A:A5:A8:41:2F:5D:8A:FF:7C:70:BD:98:4F:85:2C:06:31:4A:3A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GgqlqEEvXYr_fHC9mE-FLAYxSjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:a4:f1:e2:7d:26:70:f4:57:2b:34:9f:6a:ad:c9:f3:54:d3:
         c6:6c:5d:4d:cc:4f:c8:16:b0:4e:eb:de:a4:63:aa:1c:b8:28:
         73:2d:f9:cb:53:68:4d:15:c0:ca:34:96:cc:bf:ec:3b:92:39:
         9a:26:d0:fc:22:ab:f3:71:7f:4a:0f:a0:48:72:19:c9:15:1c:
         bf:92:58:33:8f:27:78:bd:1a:c1:a4:72:21:03:fe:7c:29:69:
         9a:48:c6:fb:35:6b:1a:11:44:88:be:2c:f1:6a:b8:93:c3:d1:
         5c:ed:68:b4:2b:c9:41:a6:cf:f6:08:08:42:00:35:0c:4d:7a:
         a9:9f:e4:02:42:e6:e3:27:fb:08:4d:e6:ae:4c:7c:b1:97:6d:
         5a:2c:5f:f7:91:04:f9:55:12:02:aa:b0:b1:28:b3:72:f0:f4:
         d6:78:07:cd:06:63:c8:a0:96:ec:32:4e:e0:f7:39:5f:a2:d9:
         a1:84:62:5f:58:e4:94:97:de:c3:83:a9:58:71:8e:af:12:45:
         5b:e2:d2:1a:8a:a8:a3:f8:cf:39:f2:66:20:db:30:99:ed:62:
         a6:74:35:e9:cc:fc:23:9c:4f:c1:a6:0d:eb:c1:a7:76:6b:bd:
         52:c7:ce:d2:b7:77:f0:cd:b7:84:51:1d:3b:2d:3f:aa:3b:ac:
         b3:6d:8a:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ71AJL8cQGRrMCizodxdLtoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjIzMTUwMTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTBhYTVhODQxMmY1ZDhhZmY3YzcwYmQ5ODRmODUyYzA2MzE0YTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MRFb4CHSDmwYcEM8VjLNAI/sP22
CmC3Eaqg4Gj1fIK+vTGtI0hE70qyRdc2uyYhljQnyeIUKcEHSScnt7fsxOorSMes
qQznigCyVNrC6mo03RbrX0gDqtQTiFMVsYTV3ugt3MLhPEZp0X0puzcP87K56e96
EU5wmXFHjiZslSWeSMaMwGqJXL3EbXdkT39p/Fe7VIzQkFalkQ33dPeUhwafu7S5
a1Gsj97DbEdor1iHXteT1BRI4M1+yJl1GVEqwdiIGoMe0xM+WrJRGhFodd6Upzeo
cYf6QpH+eWHklkKnzjEItmki/TZq46gU1C7LdN+BoKLEaY/bQl6QPoelhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoKpahBL12K/3xwvZhPhSwGMUo6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR2dxbHFFRXZYWXJfZkhDOW1FLUZMQVl4U2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubCGMA0G
CSqGSIb3DQEBCwUAA4IBAQBrpPHifSZw9FcrNJ9qrcnzVNPGbF1NzE/IFrBO696k
Y6ocuChzLfnLU2hNFcDKNJbMv+w7kjmaJtD8IqvzcX9KD6BIchnJFRy/klgzjyd4
vRrBpHIhA/58KWmaSMb7NWsaEUSIvizxariTw9Fc7Wi0K8lBps/2CAhCADUMTXqp
n+QCQubjJ/sITeauTHyxl21aLF/3kQT5VRICqrCxKLNy8PTWeAfNBmPIoJbsMk7g
9zlfotmhhGJfWOSUl97Dg6lYcY6vEkVb4tIaiqij+M858mYg2zCZ7WKmdDXpzPwj
nE/Bpg3rwad2a71Sx87St3fwzbeEUR07LT+qO6yzbYrS
-----END CERTIFICATE-----