Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/gu4GPTRfWQO75vY7xSH9xzSoqQY.roa
File:                     gu4GPTRfWQO75vY7xSH9xzSoqQY.roa (raw, json)
Hash identifier:          odhJabg6AJqtqcZtfP2GyOkQsROVO1GzPGrLF/Q0sqM=
Subject key identifier:   82:EE:06:3D:34:5F:59:03:BB:E6:F6:3B:C5:21:FD:C7:34:A8:A9:06
Certificate issuer:       /CN=cef446fe4472ba694fc2298298a4f8d155995e16
Certificate serial:       019EABACD6CF6BF0BEF5559A421A2014FA4F
Authority key identifier: CE:F4:46:FE:44:72:BA:69:4F:C2:29:82:98:A4:F8:D1:55:99:5E:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvRG_kRyumlPwimCmKT40VWZXhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/gu4GPTRfWQO75vY7xSH9xzSoqQY.roa
Signing time:             Tue 09 Jun 2026 09:18:11 +0000
ROA not before:           Tue 09 Jun 2026 09:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62370
IP address blocks:        195.20.204.0/24 maxlen: 24
                          195.20.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/zvRG_kRyumlPwimCmKT40VWZXhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/zvRG_kRyumlPwimCmKT40VWZXhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvRG_kRyumlPwimCmKT40VWZXhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 00:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:ac:d6:cf:6b:f0:be:f5:55:9a:42:1a:20:14:fa:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cef446fe4472ba694fc2298298a4f8d155995e16
        Validity
            Not Before: Jun  9 09:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82ee063d345f5903bbe6f63bc521fdc734a8a906
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:03:d6:a2:77:5b:82:da:ba:b7:53:ea:91:b2:
                    00:1a:05:d6:84:56:0b:fb:ad:07:70:50:97:1a:4d:
                    7c:5b:1a:07:c3:48:e9:99:db:2e:2f:14:80:1a:ea:
                    3f:e5:89:7c:bb:f3:38:da:25:09:26:d1:2e:5f:54:
                    79:e6:3a:35:02:66:86:f8:44:93:d6:69:ab:ac:10:
                    61:72:70:e8:d1:04:ed:22:b1:20:a6:3b:b3:d5:44:
                    a8:b8:d2:80:a9:a3:71:f8:0e:9e:b0:a6:08:39:f8:
                    c6:24:9d:b8:f8:08:b0:81:ce:3c:90:0b:cc:5b:8a:
                    9a:9c:fb:34:99:24:78:4b:24:fd:8c:78:8d:df:0e:
                    7b:52:2b:6a:87:c0:1b:32:f1:4f:c2:78:48:ed:45:
                    ca:d3:e0:b7:98:6c:ef:7a:9a:f6:93:cd:d2:b9:30:
                    9c:18:a9:1e:c3:9e:7b:6d:8e:3b:15:61:87:0d:25:
                    e9:3d:70:84:fe:f7:43:1d:8c:f3:12:67:4b:3e:56:
                    f0:4d:38:ec:3a:53:b0:ca:eb:0b:5c:1f:72:76:4f:
                    c8:4c:db:48:d5:7c:07:50:58:df:d7:3b:cb:ec:7b:
                    4c:22:f7:5f:06:20:a3:29:82:39:45:c5:cf:18:13:
                    df:19:dd:83:d7:98:c5:83:88:f4:00:60:43:a9:c8:
                    e3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:EE:06:3D:34:5F:59:03:BB:E6:F6:3B:C5:21:FD:C7:34:A8:A9:06
            X509v3 Authority Key Identifier:
                keyid:CE:F4:46:FE:44:72:BA:69:4F:C2:29:82:98:A4:F8:D1:55:99:5E:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvRG_kRyumlPwimCmKT40VWZXhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/gu4GPTRfWQO75vY7xSH9xzSoqQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/zvRG_kRyumlPwimCmKT40VWZXhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:a9:84:51:50:cc:a1:83:0b:fd:56:2d:6d:9f:51:eb:19:95:
         81:4b:b0:44:c9:25:f1:e6:c2:7c:9b:96:67:57:bd:b9:92:1e:
         7e:ad:c9:d5:eb:60:1d:43:ea:56:61:ae:54:78:4f:1f:4e:b0:
         79:5a:25:30:e4:6e:be:45:dd:1a:67:5c:95:e9:59:d0:e4:b2:
         c3:eb:83:a2:56:9c:cf:94:12:57:de:1e:ff:07:89:b7:22:14:
         13:b9:87:97:dd:ea:c3:01:56:ef:c5:57:55:a8:78:5e:28:69:
         bb:5a:a7:a5:a4:d3:92:c0:b4:35:bb:60:aa:89:4f:f9:bb:b6:
         e3:53:69:92:43:68:97:72:3c:dc:6f:6b:15:d7:f1:c3:c7:ce:
         54:73:70:df:e4:97:62:59:45:e2:14:c8:35:62:28:34:a3:ae:
         59:c2:c7:4c:5e:fc:09:ff:ab:ba:3b:51:66:19:d2:f0:35:d4:
         02:dc:0e:17:e3:94:17:4c:bf:06:59:3d:fb:69:6e:72:a5:24:
         0b:0c:7d:8a:12:10:ab:ea:ea:41:00:20:01:b8:5b:c5:53:2a:
         86:23:71:3e:06:9b:5e:03:14:bd:9f:79:9c:b6:51:2b:6f:64:
         29:22:41:7f:0d:29:ea:84:a7:7b:cc:a5:4c:fe:f4:97:4a:7c:
         22:cc:3e:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6rrNbPa/C+9VWaQhogFPpPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZjQ0NmZlNDQ3MmJhNjk0ZmMyMjk4Mjk4YTRmOGQxNTU5
OTVlMTYwHhcNMjYwNjA5MDkxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmVlMDYzZDM0NWY1OTAzYmJlNmY2M2JjNTIxZmRjNzM0YThhOTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0APWondbgtq6t1PqkbIAGgXWhFYL
+60HcFCXGk18WxoHw0jpmdsuLxSAGuo/5Yl8u/M42iUJJtEuX1R55jo1AmaG+EST
1mmrrBBhcnDo0QTtIrEgpjuz1USouNKAqaNx+A6esKYIOfjGJJ24+Aiwgc48kAvM
W4qanPs0mSR4SyT9jHiN3w57Uitqh8AbMvFPwnhI7UXK0+C3mGzvepr2k83SuTCc
GKkew557bY47FWGHDSXpPXCE/vdDHYzzEmdLPlbwTTjsOlOwyusLXB9ydk/ITNtI
1XwHUFjf1zvL7HtMIvdfBiCjKYI5RcXPGBPfGd2D15jFg4j0AGBDqcjjOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILuBj00X1kDu+b2O8Uh/cc0qKkGMB8GA1UdIwQY
MBaAFM70Rv5EcrppT8Ipgpik+NFVmV4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenZSR19rUnl1bWxQd2ltQ21LVDQwVldaWGhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy81MDg0MmEtZWQwMi00YTlmLWE3ODkt
OTAxMDA2YmMxZmQ4LzEvZ3U0R1BUUmZXUU83NXZZN3hTSDl4elNvcVFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy81MDg0MmEtZWQwMi00YTlmLWE3ODktOTAxMDA2YmMxZmQ4
LzEvenZSR19rUnl1bWxQd2ltQ21LVDQwVldaWGhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxTMMA0G
CSqGSIb3DQEBCwUAA4IBAQCBqYRRUMyhgwv9Vi1tn1HrGZWBS7BEySXx5sJ8m5Zn
V725kh5+rcnV62AdQ+pWYa5UeE8fTrB5WiUw5G6+Rd0aZ1yV6VnQ5LLD64OiVpzP
lBJX3h7/B4m3IhQTuYeX3erDAVbvxVdVqHheKGm7WqelpNOSwLQ1u2CqiU/5u7bj
U2mSQ2iXcjzcb2sV1/HDx85Uc3Df5JdiWUXiFMg1Yig0o65ZwsdMXvwJ/6u6O1Fm
GdLwNdQC3A4X45QXTL8GWT37aW5ypSQLDH2KEhCr6upBACABuFvFUyqGI3E+Bpte
AxS9n3mctlErb2QpIkF/DSnqhKd7zKVM/vSXSnwizD6E
-----END CERTIFICATE-----