Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/6f110e-3eda-45aa-bd80-5c709d20c304/1/GoKLvdRqpzhQ5LjAkf1CdFno6ZA.roa
File:                     GoKLvdRqpzhQ5LjAkf1CdFno6ZA.roa (raw, json)
Hash identifier:          CO8aNhlB1Y64wW1MQUT5+bJ7ilSYr6RPdzylnCF/3KY=
Subject key identifier:   1A:82:8B:BD:D4:6A:A7:38:50:E4:B8:C0:91:FD:42:74:59:E8:E9:90
Certificate issuer:       /CN=913fed247c66d042e73940d2b4712f3bed9451ee
Certificate serial:       019DAEE6ADE0A01EFC23CDBBCEDE4147A17D
Authority key identifier: 91:3F:ED:24:7C:66:D0:42:E7:39:40:D2:B4:71:2F:3B:ED:94:51:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kT_tJHxm0ELnOUDStHEvO-2UUe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/6f110e-3eda-45aa-bd80-5c709d20c304/1/GoKLvdRqpzhQ5LjAkf1CdFno6ZA.roa
Signing time:             Tue 21 Apr 2026 07:17:26 +0000
ROA not before:           Tue 21 Apr 2026 07:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213678
IP address blocks:        117.55.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/6f110e-3eda-45aa-bd80-5c709d20c304/1/kT_tJHxm0ELnOUDStHEvO-2UUe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/6f110e-3eda-45aa-bd80-5c709d20c304/1/kT_tJHxm0ELnOUDStHEvO-2UUe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kT_tJHxm0ELnOUDStHEvO-2UUe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ae:e6:ad:e0:a0:1e:fc:23:cd:bb:ce:de:41:47:a1:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=913fed247c66d042e73940d2b4712f3bed9451ee
        Validity
            Not Before: Apr 21 07:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a828bbdd46aa73850e4b8c091fd427459e8e990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:60:72:c5:86:d6:32:30:35:97:7d:11:aa:38:
                    ed:56:40:45:91:56:a5:9c:05:c7:2e:92:ca:08:79:
                    68:e2:9f:32:bd:65:21:53:9e:57:2d:44:7f:32:98:
                    02:14:99:bb:7c:1d:c0:1f:b1:cc:a2:bb:1f:fa:1b:
                    05:8d:43:db:7f:00:96:9c:96:43:9f:5b:90:92:d7:
                    08:53:e3:e6:8e:90:46:e3:11:cc:b2:c0:c0:f8:b4:
                    39:b4:76:f0:99:f0:26:a3:d3:0b:cb:42:69:47:50:
                    89:f3:13:7f:e0:27:85:9b:cf:ee:d8:a1:71:09:4d:
                    c8:22:c8:74:e6:75:65:9a:3d:1e:96:c6:43:4f:c2:
                    75:e1:fc:b3:dc:2c:b8:17:01:f7:cc:49:cc:87:fd:
                    0c:9d:29:bc:e0:1d:fb:c0:ad:a5:35:f3:7b:54:11:
                    31:3a:8c:b2:52:b1:cf:b7:bd:3d:bf:15:67:da:ff:
                    12:db:d7:22:60:b8:25:1f:88:99:00:bd:d3:d7:48:
                    98:c4:ca:2f:55:95:f2:80:0a:82:e6:69:6c:5d:c0:
                    3e:be:c0:d1:de:58:cc:d0:c6:23:a2:64:cc:f5:2c:
                    fe:21:0a:a1:a0:8b:c0:6d:ec:a4:2e:74:22:37:d9:
                    1d:43:e2:7c:37:1d:4b:f9:05:d9:7d:0d:e8:52:a0:
                    0f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:82:8B:BD:D4:6A:A7:38:50:E4:B8:C0:91:FD:42:74:59:E8:E9:90
            X509v3 Authority Key Identifier:
                keyid:91:3F:ED:24:7C:66:D0:42:E7:39:40:D2:B4:71:2F:3B:ED:94:51:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kT_tJHxm0ELnOUDStHEvO-2UUe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/6f110e-3eda-45aa-bd80-5c709d20c304/1/GoKLvdRqpzhQ5LjAkf1CdFno6ZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/6f110e-3eda-45aa-bd80-5c709d20c304/1/kT_tJHxm0ELnOUDStHEvO-2UUe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.55.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:23:24:c6:e0:2c:e7:9d:3f:e1:14:b7:7c:f3:39:2e:b9:d9:
         fc:30:aa:38:8f:32:b7:80:9a:f4:59:f8:52:42:04:74:77:2c:
         a5:03:5f:1c:18:34:03:d9:7a:8b:f9:4b:0d:d3:58:31:d4:bd:
         d9:92:bd:92:52:b1:4d:7c:f2:04:25:0f:8f:d3:96:3c:36:94:
         f0:df:99:fd:a6:53:cc:a4:c5:13:15:ec:76:d3:ac:8f:a3:57:
         cb:26:4a:5d:7b:fb:cb:68:2f:e4:f2:ca:71:a5:d8:2a:d1:90:
         9f:92:f5:3a:5c:23:bd:ce:b0:59:fc:1b:b2:b4:e5:d3:07:55:
         fe:de:62:3e:22:cd:50:96:85:ce:51:c8:6a:25:9a:65:54:b3:
         80:3b:21:1f:2d:4c:8d:49:5f:db:38:7a:9c:bb:00:eb:74:e5:
         e3:17:c1:99:dc:9e:02:e8:dd:cc:69:b9:c7:55:16:78:97:04:
         74:c8:3a:8b:0b:07:54:d8:6b:14:c6:ca:d0:cd:21:f3:43:0a:
         46:4d:29:0e:94:4e:47:48:61:5e:8a:52:b8:7f:75:62:de:2f:
         e8:8b:88:01:f1:90:1c:63:18:b8:af:04:18:19:6f:a6:35:69:
         a4:cd:eb:b3:a3:1c:dd:69:b8:36:5a:97:a0:ed:62:23:26:2a:
         86:73:fa:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2u5q3goB78I827zt5BR6F9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxM2ZlZDI0N2M2NmQwNDJlNzM5NDBkMmI0NzEyZjNiZWQ5
NDUxZWUwHhcNMjYwNDIxMDcxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTgyOGJiZGQ0NmFhNzM4NTBlNGI4YzA5MWZkNDI3NDU5ZThlOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomByxYbWMjA1l30RqjjtVkBFkVal
nAXHLpLKCHlo4p8yvWUhU55XLUR/MpgCFJm7fB3AH7HMorsf+hsFjUPbfwCWnJZD
n1uQktcIU+PmjpBG4xHMssDA+LQ5tHbwmfAmo9MLy0JpR1CJ8xN/4CeFm8/u2KFx
CU3IIsh05nVlmj0elsZDT8J14fyz3Cy4FwH3zEnMh/0MnSm84B37wK2lNfN7VBEx
OoyyUrHPt709vxVn2v8S29ciYLglH4iZAL3T10iYxMovVZXygAqC5mlsXcA+vsDR
3ljM0MYjomTM9Sz+IQqhoIvAbeykLnQiN9kdQ+J8Nx1L+QXZfQ3oUqAPIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqCi73Uaqc4UOS4wJH9QnRZ6OmQMB8GA1UdIwQY
MBaAFJE/7SR8ZtBC5zlA0rRxLzvtlFHuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1RfdEpIeG0wRUxuT1VEU3RIRXZPLTJVVWU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi82ZjExMGUtM2VkYS00NWFhLWJkODAt
NWM3MDlkMjBjMzA0LzEvR29LTHZkUnFwemhRNUxqQWtmMUNkRm5vNlpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi82ZjExMGUtM2VkYS00NWFhLWJkODAtNWM3MDlkMjBjMzA0
LzEva1RfdEpIeG0wRUxuT1VEU3RIRXZPLTJVVWU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAdTfGMA0G
CSqGSIb3DQEBCwUAA4IBAQB6IyTG4CznnT/hFLd88zkuudn8MKo4jzK3gJr0WfhS
QgR0dyylA18cGDQD2XqL+UsN01gx1L3Zkr2SUrFNfPIEJQ+P05Y8NpTw35n9plPM
pMUTFex206yPo1fLJkpde/vLaC/k8spxpdgq0ZCfkvU6XCO9zrBZ/BuytOXTB1X+
3mI+Is1QloXOUchqJZplVLOAOyEfLUyNSV/bOHqcuwDrdOXjF8GZ3J4C6N3MabnH
VRZ4lwR0yDqLCwdU2GsUxsrQzSHzQwpGTSkOlE5HSGFeilK4f3Vi3i/oi4gB8ZAc
Yxi4rwQYGW+mNWmkzeuzoxzdabg2Wpeg7WIjJiqGc/rr
-----END CERTIFICATE-----