Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GcgMzC5u1KAV4_-abRm3U3DI76U.roa
File:                     GcgMzC5u1KAV4_-abRm3U3DI76U.roa (raw, json)
Hash identifier:          IdDdr4mmXm9vlicTD7tUQMXkJ4SNsQudlARP/MSxlYQ=
Subject key identifier:   19:C8:0C:CC:2E:6E:D4:A0:15:E3:FF:9A:6D:19:B7:53:70:C8:EF:A5
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EFEFA9FE447337984E2DF4F90474EA05C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GcgMzC5u1KAV4_-abRm3U3DI76U.roa
Signing time:             Thu 25 Jun 2026 13:31:38 +0000
ROA not before:           Thu 25 Jun 2026 13:31:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56971
IP address blocks:        151.242.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fe:fa:9f:e4:47:33:79:84:e2:df:4f:90:47:4e:a0:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 25 13:31:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19c80ccc2e6ed4a015e3ff9a6d19b75370c8efa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a0:99:d7:0b:4b:f2:aa:7d:1f:3f:10:c2:26:
                    75:73:e2:e5:76:24:9b:66:45:b1:ef:c8:ac:82:36:
                    15:42:d8:9f:8f:c6:cf:cb:80:6a:92:0a:7d:e6:3f:
                    65:9a:d5:ef:07:f8:02:dd:f6:1e:26:1d:88:68:49:
                    d1:e3:0a:fe:a8:5f:90:ed:b8:87:69:8e:ab:54:15:
                    2b:a1:69:88:b5:4e:b4:28:93:d2:2a:ec:7c:b6:66:
                    62:0d:c7:e3:84:86:d2:03:9c:2b:54:5a:d0:c7:61:
                    df:3e:78:b9:58:dc:f1:c3:6f:b7:b1:e5:b7:b2:d5:
                    b8:d5:26:e8:70:08:0e:0b:b3:d6:d6:e9:28:36:7a:
                    8d:b9:b7:31:4e:93:b2:93:70:9e:b4:ca:88:1e:ff:
                    09:95:b7:8a:b0:37:23:2e:b2:75:cd:6c:71:30:66:
                    43:46:31:ad:1a:1d:56:7f:bc:52:d0:93:0c:32:32:
                    3e:86:4c:4a:69:3d:a4:06:c4:b9:cc:01:04:e4:12:
                    40:f2:71:40:a5:61:c9:91:b0:4c:62:9a:cf:06:ed:
                    a4:00:12:51:2d:a5:46:02:3c:1e:03:00:0a:3a:e3:
                    1d:23:19:de:07:af:8c:df:51:78:8b:65:71:15:d5:
                    05:4a:0e:2a:28:37:af:2c:66:ac:e3:01:67:71:fd:
                    19:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:C8:0C:CC:2E:6E:D4:A0:15:E3:FF:9A:6D:19:B7:53:70:C8:EF:A5
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GcgMzC5u1KAV4_-abRm3U3DI76U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:b7:dd:e2:8e:c1:14:43:dc:c0:70:e2:24:fc:ac:e3:d4:f2:
         34:d5:14:20:5e:d7:76:4e:20:e3:27:da:16:ad:cf:3e:10:17:
         2b:bc:03:30:c5:d0:ed:bb:c9:cb:14:f7:4e:d8:ac:22:68:b5:
         a2:d2:26:a9:a6:61:f0:c3:6d:fb:d7:a7:7b:e5:61:4d:26:79:
         03:bf:ca:74:2b:0e:4d:24:00:51:15:50:c1:31:a4:b4:3e:18:
         21:82:46:71:fe:8e:a0:d2:f7:44:d1:66:76:bf:a7:36:bb:03:
         68:b5:04:e3:34:eb:e1:7f:af:81:48:a8:c8:9e:43:29:35:6a:
         70:70:63:ac:a3:91:cd:aa:7d:7e:4d:00:0b:7a:8f:12:a0:25:
         92:98:a5:44:dd:e2:38:66:5d:0a:c4:d4:e8:8a:d8:9d:d8:5c:
         4a:a7:a8:c7:f8:0f:3d:17:96:2b:f7:06:26:0c:52:8b:8b:35:
         ad:60:be:e5:a5:c0:e5:65:ee:20:7c:cc:d9:f0:e3:fa:fd:1f:
         f9:2f:fa:96:de:aa:06:98:52:77:f0:5f:88:33:c8:22:bd:7f:
         7a:b5:f2:d1:cf:9c:82:8c:14:0e:94:59:97:ad:72:a1:ce:42:
         87:c4:83:a8:fa:60:ae:61:65:66:7b:17:f8:76:80:47:39:f0:
         21:5b:64:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7++p/kRzN5hOLfT5BHTqBcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjI1MTMzMTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWM4MGNjYzJlNmVkNGEwMTVlM2ZmOWE2ZDE5Yjc1MzcwYzhlZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6CZ1wtL8qp9Hz8QwiZ1c+LldiSb
ZkWx78isgjYVQtifj8bPy4Bqkgp95j9lmtXvB/gC3fYeJh2IaEnR4wr+qF+Q7biH
aY6rVBUroWmItU60KJPSKux8tmZiDcfjhIbSA5wrVFrQx2HfPni5WNzxw2+3seW3
stW41SbocAgOC7PW1ukoNnqNubcxTpOyk3CetMqIHv8JlbeKsDcjLrJ1zWxxMGZD
RjGtGh1Wf7xS0JMMMjI+hkxKaT2kBsS5zAEE5BJA8nFApWHJkbBMYprPBu2kABJR
LaVGAjweAwAKOuMdIxneB6+M31F4i2VxFdUFSg4qKDevLGas4wFncf0ZTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnIDMwubtSgFeP/mm0Zt1NwyO+lMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvR2NnTXpDNXUxS0FWNF8tYWJSbTNVM0RJNzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IrMA0G
CSqGSIb3DQEBCwUAA4IBAQC4t93ijsEUQ9zAcOIk/Kzj1PI01RQgXtd2TiDjJ9oW
rc8+EBcrvAMwxdDtu8nLFPdO2KwiaLWi0iappmHww23716d75WFNJnkDv8p0Kw5N
JABRFVDBMaS0PhghgkZx/o6g0vdE0WZ2v6c2uwNotQTjNOvhf6+BSKjInkMpNWpw
cGOso5HNqn1+TQALeo8SoCWSmKVE3eI4Zl0KxNToitid2FxKp6jH+A89F5Yr9wYm
DFKLizWtYL7lpcDlZe4gfMzZ8OP6/R/5L/qW3qoGmFJ38F+IM8givX96tfLRz5yC
jBQOlFmXrXKhzkKHxIOo+mCuYWVmexf4doBHOfAhW2Rp
-----END CERTIFICATE-----