Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/gu3MqZ2ocF1EOI2WZ0taqdRf0PI.roa
File:                     gu3MqZ2ocF1EOI2WZ0taqdRf0PI.roa (raw, json)
Hash identifier:          iRZG9xbQvRXdn7VML+RCuhHTcT6gCS/wmP4OrVmqk2s=
Subject key identifier:   82:ED:CC:A9:9D:A8:70:5D:44:38:8D:96:67:4B:5A:A9:D4:5F:D0:F2
Certificate issuer:       /CN=26c672da72a34cc282adc40f282676de75117654
Certificate serial:       019E755DE045702568AC5C4982D1CFEF23CA
Authority key identifier: 26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/gu3MqZ2ocF1EOI2WZ0taqdRf0PI.roa
Signing time:             Fri 29 May 2026 20:12:26 +0000
ROA not before:           Fri 29 May 2026 20:12:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        2a14:f180::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:75:5d:e0:45:70:25:68:ac:5c:49:82:d1:cf:ef:23:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26c672da72a34cc282adc40f282676de75117654
        Validity
            Not Before: May 29 20:12:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82edcca99da8705d44388d96674b5aa9d45fd0f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:79:a4:01:a7:9f:49:f5:a6:75:ac:c7:6d:aa:
                    09:2a:28:e8:8a:0b:3f:73:fc:be:31:b9:55:f6:0d:
                    85:7e:7a:50:0e:e1:42:d9:57:11:f9:b4:d4:64:85:
                    18:f4:a7:fe:ef:3f:cb:28:f8:79:98:e4:69:8a:cb:
                    3a:ba:ee:19:6e:30:98:5f:75:ac:1e:48:a9:50:fd:
                    ef:f6:3b:c7:8c:3b:0d:ab:c8:69:d3:18:bd:0d:36:
                    7e:53:a2:a6:f3:bd:e1:be:80:69:0c:89:b7:2f:74:
                    4f:d1:f8:09:bc:f8:0b:4f:76:9a:52:c7:0f:9a:db:
                    84:8d:92:a7:e9:39:b5:d4:b1:c4:c8:77:2a:52:ec:
                    33:af:df:50:4e:4b:ce:bf:77:51:12:8c:62:68:06:
                    16:90:45:05:ec:8e:17:1c:26:5e:ff:d6:e6:04:24:
                    4c:85:90:f3:59:ba:c5:45:38:a0:0a:1f:49:ef:71:
                    fd:f4:e9:21:f7:1e:75:ec:66:77:19:30:3d:b0:ed:
                    2b:7a:65:96:b9:c5:2a:29:fb:dc:90:c8:8a:d3:e7:
                    f5:d0:b6:0b:a9:84:f9:7c:61:01:61:d1:51:9a:19:
                    a4:5a:4b:2a:71:43:22:13:c2:ae:32:18:7d:3c:fd:
                    40:62:96:5b:ff:57:c5:08:18:9b:14:05:ce:71:0e:
                    82:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:ED:CC:A9:9D:A8:70:5D:44:38:8D:96:67:4B:5A:A9:D4:5F:D0:F2
            X509v3 Authority Key Identifier:
                keyid:26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/gu3MqZ2ocF1EOI2WZ0taqdRf0PI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:f180::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:f6:ef:bf:b1:4f:de:99:c0:8c:e9:23:dc:d3:27:bd:cf:5a:
         21:dd:32:a0:4b:90:e8:c0:83:1b:29:d6:3d:09:2f:c1:0b:e5:
         24:b4:71:9c:00:30:fa:ec:cc:c6:b2:09:99:23:f5:78:da:89:
         d8:e6:02:c0:de:6a:1a:04:02:0d:f0:ac:4a:04:15:23:a3:5f:
         a7:2a:7e:ef:bb:78:38:1e:0b:8a:98:12:c9:6d:40:cb:7c:c5:
         ea:5b:0f:a0:03:75:06:f7:28:7b:13:0f:23:87:5e:d9:9a:8e:
         06:f8:5a:4c:39:0f:66:72:d8:8f:5c:2e:84:fc:fc:68:6a:94:
         a7:50:d9:69:74:2e:26:9f:1f:7d:a8:3a:74:f3:e3:d7:43:f3:
         a4:e0:c2:67:6f:99:e8:7a:03:39:ac:5c:4f:ff:d8:76:79:77:
         39:1a:e2:fe:99:9c:ae:94:b7:c8:7f:53:e4:85:09:57:83:9d:
         99:e3:4c:42:38:06:5d:a1:e6:0c:5e:8e:40:cb:fd:16:62:73:
         cc:cd:b3:56:f3:02:23:df:a1:00:af:be:27:a8:f7:b9:5c:fc:
         f2:4c:7f:de:e0:c9:bd:75:e8:51:5a:17:69:d4:71:61:af:1f:
         af:64:c6:84:e3:81:75:09:52:ca:26:39:92:00:3c:0f:19:fa:
         5e:f6:00:0c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ51XeBFcCVorFxJgtHP7yPKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YzY3MmRhNzJhMzRjYzI4MmFkYzQwZjI4MjY3NmRlNzUx
MTc2NTQwHhcNMjYwNTI5MjAxMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmVkY2NhOTlkYTg3MDVkNDQzODhkOTY2NzRiNWFhOWQ0NWZkMGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nmkAaefSfWmdazHbaoJKijoigs/
c/y+MblV9g2FfnpQDuFC2VcR+bTUZIUY9Kf+7z/LKPh5mORpiss6uu4ZbjCYX3Ws
HkipUP3v9jvHjDsNq8hp0xi9DTZ+U6Km873hvoBpDIm3L3RP0fgJvPgLT3aaUscP
mtuEjZKn6Tm11LHEyHcqUuwzr99QTkvOv3dREoxiaAYWkEUF7I4XHCZe/9bmBCRM
hZDzWbrFRTigCh9J73H99Okh9x517GZ3GTA9sO0remWWucUqKfvckMiK0+f10LYL
qYT5fGEBYdFRmhmkWksqcUMiE8KuMhh9PP1AYpZb/1fFCBibFAXOcQ6CpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFILtzKmdqHBdRDiNlmdLWqnUX9DyMB8GA1UdIwQY
MBaAFCbGctpyo0zCgq3EDygmdt51EXZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnNaeTJuS2pUTUtDcmNRUEtDWjIzblVSZGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83ZmUwMTUtNWNkNS00NDI5LThiN2Qt
MjJkMDI3MTk3NzEyLzEvZ3UzTXFaMm9jRjFFT0kyV1owdGFxZFJmMFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83ZmUwMTUtNWNkNS00NDI5LThiN2QtMjJkMDI3MTk3NzEy
LzEvSnNaeTJuS2pUTUtDcmNRUEtDWjIzblVSZGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhTxgDAN
BgkqhkiG9w0BAQsFAAOCAQEALPbvv7FP3pnAjOkj3NMnvc9aId0yoEuQ6MCDGynW
PQkvwQvlJLRxnAAw+uzMxrIJmSP1eNqJ2OYCwN5qGgQCDfCsSgQVI6Nfpyp+77t4
OB4LipgSyW1Ay3zF6lsPoAN1BvcoexMPI4de2ZqOBvhaTDkPZnLYj1wuhPz8aGqU
p1DZaXQuJp8ffag6dPPj10PzpODCZ2+Z6HoDOaxcT//Ydnl3ORri/pmcrpS3yH9T
5IUJV4OdmeNMQjgGXaHmDF6OQMv9FmJzzM2zVvMCI9+hAK++J6j3uVz88kx/3uDJ
vXXoUVoXadRxYa8fr2TGhOOBdQlSyiY5kgA8Dxn6XvYADA==
-----END CERTIFICATE-----