Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GXXsfGofcl8i8IVM5vSqldwUgmg.roa
File:                     GXXsfGofcl8i8IVM5vSqldwUgmg.roa (raw, json)
Hash identifier:          FbZft9EQMrSo99modynXFDd7KaE5mRCGWTQoDUUtHss=
Subject key identifier:   19:75:EC:7C:6A:1F:72:5F:22:F0:85:4C:E6:F4:AA:95:DC:14:82:68
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019C040DFD9A1D7105022659DDC27E972C95
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GXXsfGofcl8i8IVM5vSqldwUgmg.roa
Signing time:             Wed 28 Jan 2026 10:02:31 +0000
ROA not before:           Wed 28 Jan 2026 10:02:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206650
IP address blocks:        82.153.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:04:0d:fd:9a:1d:71:05:02:26:59:dd:c2:7e:97:2c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 28 10:02:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1975ec7c6a1f725f22f0854ce6f4aa95dc148268
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:db:6a:0b:23:05:c2:c2:c0:71:c6:6f:73:91:
                    7f:e0:24:c3:a8:17:27:87:ff:03:22:5f:4b:ae:5c:
                    bd:d5:35:0f:92:cb:52:7f:55:c3:5e:a9:b9:7e:4d:
                    88:2e:5f:5b:dd:73:30:2e:14:ec:68:5a:35:2d:31:
                    99:6c:bf:af:87:e9:40:2d:93:4b:51:3c:02:c1:7b:
                    fc:bf:eb:fb:81:94:06:f3:34:9d:d0:ba:b3:e8:7b:
                    e2:33:6f:cd:73:e4:93:63:a7:3b:84:f1:7e:fd:0f:
                    2b:02:ea:49:96:27:de:08:8b:19:98:82:b4:71:3f:
                    0c:64:b4:c6:69:59:3d:06:f7:06:62:1e:3d:54:e8:
                    95:1b:0d:03:6d:ac:cc:b1:96:d5:d5:d9:7a:10:3e:
                    7e:05:0d:44:fb:d5:29:e0:3d:5f:6a:c1:de:49:35:
                    7a:5a:92:b0:50:a3:fe:3f:d9:d0:33:82:cf:88:6f:
                    98:7b:0f:a8:fb:38:83:88:91:19:0b:da:68:03:2c:
                    b5:9e:0b:17:75:d7:1c:67:1f:d2:c5:6a:57:db:77:
                    ba:58:c9:20:9f:cd:dc:df:51:5b:7d:c6:c8:ed:1e:
                    54:f8:a5:df:95:60:a8:72:7a:73:91:33:28:1c:c4:
                    69:8b:77:d8:d2:76:72:88:10:4c:eb:ec:4c:f2:8a:
                    66:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:75:EC:7C:6A:1F:72:5F:22:F0:85:4C:E6:F4:AA:95:DC:14:82:68
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GXXsfGofcl8i8IVM5vSqldwUgmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:56:e8:f7:2a:f1:3b:4e:a2:5a:45:f9:53:4c:7f:35:78:cc:
         1e:62:a8:f7:58:f7:9d:e3:cc:c3:ac:4e:17:05:3c:a3:b0:09:
         21:12:ec:5e:76:47:9f:f5:7e:50:88:b1:de:b6:f7:a1:6b:0d:
         d4:9b:ce:8d:08:87:97:b2:c1:15:5a:26:31:10:d4:d2:74:49:
         08:52:23:1a:88:67:9e:b0:f5:a6:e2:95:10:69:e5:f8:2a:42:
         eb:65:d9:d1:b6:3f:79:94:cf:cf:01:11:30:e2:02:46:32:8b:
         da:0d:64:a0:81:b2:a2:a8:c1:d4:c1:f5:e0:94:3b:0d:7f:5e:
         36:08:c5:82:a7:27:c3:a1:95:18:c4:a3:21:f6:65:49:13:84:
         d2:f3:2f:f6:2a:3a:30:11:c9:cc:f3:96:d9:fa:66:69:9e:81:
         b0:51:5f:7b:1f:ab:8c:01:fc:b1:0a:c0:8c:c3:f2:e8:bd:dd:
         7e:8c:c5:bb:1d:c4:f3:20:47:69:62:4b:ce:94:ed:90:7d:3a:
         88:61:5e:8c:18:4a:30:b5:10:66:9c:f7:06:23:cd:64:c8:8e:
         c9:9b:fd:7f:9d:fb:5c:94:b3:7e:33:10:d7:76:f3:0c:03:a8:
         11:21:ed:19:f8:12:06:57:ad:ea:68:80:84:27:3b:af:4e:16:
         0c:3c:5d:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwEDf2aHXEFAiZZ3cJ+lyyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTI4MTAwMjMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTc1ZWM3YzZhMWY3MjVmMjJmMDg1NGNlNmY0YWE5NWRjMTQ4MjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9tqCyMFwsLAccZvc5F/4CTDqBcn
h/8DIl9Lrly91TUPkstSf1XDXqm5fk2ILl9b3XMwLhTsaFo1LTGZbL+vh+lALZNL
UTwCwXv8v+v7gZQG8zSd0Lqz6HviM2/Nc+STY6c7hPF+/Q8rAupJlifeCIsZmIK0
cT8MZLTGaVk9BvcGYh49VOiVGw0DbazMsZbV1dl6ED5+BQ1E+9Up4D1fasHeSTV6
WpKwUKP+P9nQM4LPiG+Yew+o+ziDiJEZC9poAyy1ngsXddccZx/SxWpX23e6WMkg
n83c31FbfcbI7R5U+KXflWCocnpzkTMoHMRpi3fY0nZyiBBM6+xM8opmfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBl17HxqH3JfIvCFTOb0qpXcFIJoMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvR1hYc2ZHb2ZjbDhpOElWTTV2U3FsZHdVZ21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpkpMA0G
CSqGSIb3DQEBCwUAA4IBAQChVuj3KvE7TqJaRflTTH81eMweYqj3WPed48zDrE4X
BTyjsAkhEuxedkef9X5QiLHetvehaw3Um86NCIeXssEVWiYxENTSdEkIUiMaiGee
sPWm4pUQaeX4KkLrZdnRtj95lM/PAREw4gJGMovaDWSggbKiqMHUwfXglDsNf142
CMWCpyfDoZUYxKMh9mVJE4TS8y/2KjowEcnM85bZ+mZpnoGwUV97H6uMAfyxCsCM
w/Lovd1+jMW7HcTzIEdpYkvOlO2QfTqIYV6MGEowtRBmnPcGI81kyI7Jm/1/nftc
lLN+MxDXdvMMA6gRIe0Z+BIGV63qaICEJzuvThYMPF0I
-----END CERTIFICATE-----