Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/_GRmqkv9maXNcjX6afBxriIH6Pk.roa
File:                     _GRmqkv9maXNcjX6afBxriIH6Pk.roa (raw, json)
Hash identifier:          DyskTnDPOjJQ17p7msrmrd2miRCQ5ZYW0+p+NAKm4Dc=
Subject key identifier:   FC:64:66:AA:4B:FD:99:A5:CD:72:35:FA:69:F0:71:AE:22:07:E8:F9
Certificate issuer:       /CN=26c672da72a34cc282adc40f282676de75117654
Certificate serial:       019DCFFB4EAB07D3F3161B6A9E240E358A22
Authority key identifier: 26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/_GRmqkv9maXNcjX6afBxriIH6Pk.roa
Signing time:             Mon 27 Apr 2026 17:27:26 +0000
ROA not before:           Mon 27 Apr 2026 17:27:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8011
IP address blocks:        31.88.0.0/15 maxlen: 24
                          218.254.0.0/16 maxlen: 24
                          2a14:f180::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:fb:4e:ab:07:d3:f3:16:1b:6a:9e:24:0e:35:8a:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26c672da72a34cc282adc40f282676de75117654
        Validity
            Not Before: Apr 27 17:27:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc6466aa4bfd99a5cd7235fa69f071ae2207e8f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e3:22:92:39:c7:7d:f3:61:58:0a:2c:41:aa:
                    5d:f9:fa:82:d1:5a:bf:c9:c4:11:76:d2:f1:46:8a:
                    68:55:27:60:f7:79:66:0f:7b:5f:46:83:36:36:dc:
                    ab:5a:cd:5e:63:92:9d:3a:8d:63:0c:ce:a0:de:bf:
                    38:f5:f3:a4:b8:db:8b:2d:23:2e:ad:3a:35:8b:ae:
                    09:ab:c2:9d:39:03:db:57:a2:87:3f:bd:e1:45:49:
                    87:56:05:0c:9c:df:6d:b5:2f:56:48:4f:9c:f6:a7:
                    da:56:61:e7:45:be:a6:c5:30:d8:85:4f:f6:f0:1f:
                    8d:47:ba:9f:49:ff:2d:b2:42:02:55:f0:08:d5:33:
                    0a:4d:de:c7:d5:37:ae:9a:97:4f:1c:b1:1f:b9:f1:
                    a4:d5:53:2d:c2:0d:b5:4e:5a:1f:72:7a:40:de:d4:
                    04:22:2c:88:a1:de:86:de:2b:97:1b:7f:df:67:8b:
                    e0:55:aa:92:c6:90:5c:27:d2:2f:6f:f2:5b:de:fa:
                    a0:10:11:22:28:52:26:18:de:de:ea:eb:7b:f5:fb:
                    1d:00:f7:74:4b:08:9b:36:fb:e9:b0:e5:3a:f7:4b:
                    9e:2c:69:a1:64:77:d1:00:4a:7f:dc:10:f0:88:4d:
                    04:d8:fd:15:24:ef:ff:77:7e:77:56:14:20:3e:93:
                    e0:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:64:66:AA:4B:FD:99:A5:CD:72:35:FA:69:F0:71:AE:22:07:E8:F9
            X509v3 Authority Key Identifier:
                keyid:26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/_GRmqkv9maXNcjX6afBxriIH6Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.88.0.0/15
                  218.254.0.0/16
                IPv6:
                  2a14:f180::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:37:ed:1f:48:58:d4:96:53:8c:50:d4:46:80:e0:ec:8e:e4:
         4b:3b:45:55:7b:01:e7:5c:47:f9:2f:a0:93:b3:cd:ac:9f:32:
         3a:13:b0:4f:0c:9c:3c:0d:ba:89:2b:22:ca:e0:c3:9d:f7:33:
         24:44:79:e4:6a:a3:8c:2e:73:65:7d:28:66:29:ff:97:1a:7e:
         61:7d:83:4a:bb:ee:43:48:19:6a:99:f2:cf:34:72:8a:3e:83:
         22:e8:64:83:93:b8:b5:ed:f0:17:89:7c:65:25:a4:98:cf:60:
         61:0d:5c:07:3b:b3:81:28:59:62:e8:aa:49:40:d7:19:c6:dd:
         b2:97:5a:73:3a:7f:eb:5e:e7:49:2f:98:04:28:9d:b5:b0:5a:
         8c:b4:05:43:f6:37:19:3b:22:71:01:21:3d:2e:3e:2c:47:41:
         85:f8:60:d6:31:ea:80:70:ac:59:3b:19:6f:b2:a7:55:0e:c6:
         9c:39:60:12:9f:09:cf:fe:d3:1c:0c:79:10:2b:bb:89:50:3c:
         44:f0:cf:73:6a:58:27:c3:8c:13:50:2f:f1:12:8a:b1:f2:e1:
         c1:ad:4c:ad:ec:56:c6:ce:35:c3:ca:32:67:fa:69:f7:34:1b:
         b2:e9:ef:47:23:2b:e4:e1:c1:16:92:49:b1:ff:75:8a:cd:79:
         1c:07:01:4b
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZ3P+06rB9PzFhtqniQONYoiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YzY3MmRhNzJhMzRjYzI4MmFkYzQwZjI4MjY3NmRlNzUx
MTc2NTQwHhcNMjYwNDI3MTcyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzY0NjZhYTRiZmQ5OWE1Y2Q3MjM1ZmE2OWYwNzFhZTIyMDdlOGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreMikjnHffNhWAosQapd+fqC0Vq/
ycQRdtLxRopoVSdg93lmD3tfRoM2NtyrWs1eY5KdOo1jDM6g3r849fOkuNuLLSMu
rTo1i64Jq8KdOQPbV6KHP73hRUmHVgUMnN9ttS9WSE+c9qfaVmHnRb6mxTDYhU/2
8B+NR7qfSf8tskICVfAI1TMKTd7H1TeumpdPHLEfufGk1VMtwg21TlofcnpA3tQE
IiyIod6G3iuXG3/fZ4vgVaqSxpBcJ9Ivb/Jb3vqgEBEiKFImGN7e6ut79fsdAPd0
SwibNvvpsOU690ueLGmhZHfRAEp/3BDwiE0E2P0VJO//d353VhQgPpPgMwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPxkZqpL/ZmlzXI1+mnwca4iB+j5MB8GA1UdIwQY
MBaAFCbGctpyo0zCgq3EDygmdt51EXZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnNaeTJuS2pUTUtDcmNRUEtDWjIzblVSZGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83ZmUwMTUtNWNkNS00NDI5LThiN2Qt
MjJkMDI3MTk3NzEyLzEvX0dSbXFrdjltYVhOY2pYNmFmQnhyaUlINlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83ZmUwMTUtNWNkNS00NDI5LThiN2QtMjJkMDI3MTk3NzEy
LzEvSnNaeTJuS2pUTUtDcmNRUEtDWjIzblVSZGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAQBAIAATAKAwMBH1gDAwDa
/jANBAIAAjAHAwUDKhTxgDANBgkqhkiG9w0BAQsFAAOCAQEACzftH0hY1JZTjFDU
RoDg7I7kSztFVXsB51xH+S+gk7PNrJ8yOhOwTwycPA26iSsiyuDDnfczJER55Gqj
jC5zZX0oZin/lxp+YX2DSrvuQ0gZapnyzzRyij6DIuhkg5O4te3wF4l8ZSWkmM9g
YQ1cBzuzgShZYuiqSUDXGcbdspdaczp/617nSS+YBCidtbBajLQFQ/Y3GTsicQEh
PS4+LEdBhfhg1jHqgHCsWTsZb7KnVQ7GnDlgEp8Jz/7THAx5ECu7iVA8RPDPc2pY
J8OME1Av8RKKsfLhwa1MrexWxs41w8oyZ/pp9zQbsunvRyMr5OHBFpJJsf91is15
HAcBSw==
-----END CERTIFICATE-----