Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/gPZtDFpQ9iPhNZSknYLU0JLAqGE.roa
File:                     gPZtDFpQ9iPhNZSknYLU0JLAqGE.roa (raw, json)
Hash identifier:          +A7NmrGXyhKhAKAi+j9IGoknyzOMyTkjCCKK1mRQBaM=
Subject key identifier:   80:F6:6D:0C:5A:50:F6:23:E1:35:94:A4:9D:82:D4:D0:92:C0:A8:61
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       019EB0E66C9CA82FD5B4703DC75849481E5E
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/gPZtDFpQ9iPhNZSknYLU0JLAqGE.roa
Signing time:             Wed 10 Jun 2026 09:39:11 +0000
ROA not before:           Wed 10 Jun 2026 09:39:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209946
IP address blocks:        178.236.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b0:e6:6c:9c:a8:2f:d5:b4:70:3d:c7:58:49:48:1e:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Jun 10 09:39:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80f66d0c5a50f623e13594a49d82d4d092c0a861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3e:77:89:e5:0c:0e:1e:02:62:f9:ef:f3:40:
                    65:cd:19:93:e2:5a:3d:23:4a:ce:d5:53:2f:3c:d3:
                    7a:e7:c7:86:da:0c:48:7e:60:69:3e:40:4a:99:4b:
                    8f:73:37:76:dd:77:a5:4f:7c:84:15:5b:91:20:cc:
                    71:36:09:ab:11:6c:ff:8d:e3:5d:89:a8:06:dd:b2:
                    03:59:4d:f5:4c:33:d9:e1:5a:23:d8:b4:10:52:3d:
                    92:27:4d:2d:a5:54:bc:1d:1f:39:a8:c7:ce:8f:e2:
                    23:2d:3a:65:d1:59:71:83:8b:3c:8b:f4:41:22:9c:
                    71:aa:33:5b:97:14:f9:49:d7:b8:ad:28:2a:15:ab:
                    ec:f7:8f:e0:4b:01:89:18:6d:45:7e:1c:5e:f3:9f:
                    00:af:07:a1:bb:23:1b:19:b8:9c:01:1c:bc:3b:ee:
                    8e:18:3f:0e:29:49:68:3d:f7:c2:9c:e0:36:36:c8:
                    94:c0:6a:88:0e:d7:36:b7:9f:ef:22:40:d4:5b:15:
                    99:93:34:24:7e:13:c1:ff:eb:15:43:0e:3b:c4:f2:
                    8b:ac:76:0c:2f:c5:3d:17:79:fe:40:8b:de:dd:ea:
                    74:5f:b3:63:88:9b:99:c7:9f:dd:74:0b:3a:3b:e7:
                    22:d8:85:4a:a7:e6:53:1f:4f:31:c4:4b:64:f1:0e:
                    3f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:F6:6D:0C:5A:50:F6:23:E1:35:94:A4:9D:82:D4:D0:92:C0:A8:61
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/gPZtDFpQ9iPhNZSknYLU0JLAqGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:8c:9f:52:00:d3:41:f0:76:15:af:37:f5:35:86:2a:fe:2a:
         cc:af:06:81:e9:4c:39:4b:35:61:b4:7a:b7:95:c3:13:37:15:
         b1:7a:9d:d5:47:c5:46:be:de:b8:3d:e3:f3:cf:51:20:d4:ce:
         8e:bb:2d:5b:06:a1:d8:1b:8c:d6:e3:a0:67:ff:58:4b:24:45:
         b8:26:c2:25:d7:e3:1b:c1:8d:74:38:08:3d:86:2c:c8:e2:ab:
         a5:86:da:4f:ca:ef:1a:5d:d7:6b:e7:e2:3f:6d:58:8b:e0:5a:
         92:5a:d9:af:4e:38:84:c8:42:af:95:4e:b6:85:d7:42:2d:d9:
         b8:b2:e0:5c:b0:19:67:8d:c5:7f:42:09:30:1b:3b:06:80:e7:
         aa:24:3b:03:8a:39:08:ef:c9:42:84:3a:ef:0d:7b:57:92:01:
         e9:7d:5c:5f:2a:18:3b:39:1e:01:74:97:c0:eb:1c:0f:93:57:
         47:b7:f5:cb:4c:64:4d:22:01:36:f3:3c:1b:cf:4e:41:11:08:
         2a:50:85:f3:cd:7a:cb:c3:18:64:b7:d0:a1:07:41:e6:0a:d1:
         33:d9:35:d5:2e:59:12:28:02:39:f4:0a:73:13:b4:97:ed:c9:
         54:ca:f8:31:67:c4:33:07:af:9a:6b:78:16:22:ea:15:48:bb:
         0d:09:ae:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6w5mycqC/VtHA9x1hJSB5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjYwNjEwMDkzOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGY2NmQwYzVhNTBmNjIzZTEzNTk0YTQ5ZDgyZDRkMDkyYzBhODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj53ieUMDh4CYvnv80BlzRmT4lo9
I0rO1VMvPNN658eG2gxIfmBpPkBKmUuPczd23XelT3yEFVuRIMxxNgmrEWz/jeNd
iagG3bIDWU31TDPZ4Voj2LQQUj2SJ00tpVS8HR85qMfOj+IjLTpl0Vlxg4s8i/RB
IpxxqjNblxT5Sde4rSgqFavs94/gSwGJGG1Ffhxe858ArwehuyMbGbicARy8O+6O
GD8OKUloPffCnOA2NsiUwGqIDtc2t5/vIkDUWxWZkzQkfhPB/+sVQw47xPKLrHYM
L8U9F3n+QIve3ep0X7NjiJuZx5/ddAs6O+ci2IVKp+ZTH08xxEtk8Q4/SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFID2bQxaUPYj4TWUpJ2C1NCSwKhhMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvZ1BadERGcFE5aVBoTlpTa25ZTFUwSkxBcUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuz+MA0G
CSqGSIb3DQEBCwUAA4IBAQCgjJ9SANNB8HYVrzf1NYYq/irMrwaB6Uw5SzVhtHq3
lcMTNxWxep3VR8VGvt64PePzz1Eg1M6Ouy1bBqHYG4zW46Bn/1hLJEW4JsIl1+Mb
wY10OAg9hizI4qulhtpPyu8aXddr5+I/bViL4FqSWtmvTjiEyEKvlU62hddCLdm4
suBcsBlnjcV/QgkwGzsGgOeqJDsDijkI78lChDrvDXtXkgHpfVxfKhg7OR4BdJfA
6xwPk1dHt/XLTGRNIgE28zwbz05BEQgqUIXzzXrLwxhkt9ChB0HmCtEz2TXVLlkS
KAI59ApzE7SX7clUyvgxZ8QzB6+aa3gWIuoVSLsNCa6r
-----END CERTIFICATE-----