Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/gj04uIHrV_C75Lz74FAYqP9RICg.roa
File:                     gj04uIHrV_C75Lz74FAYqP9RICg.roa (raw, json)
Hash identifier:          g0/xETr32Yp8RgO9lzjP5xC62gdaahVlkFWHIAJsqhA=
Subject key identifier:   82:3D:38:B8:81:EB:57:F0:BB:E4:BC:FB:E0:50:18:A8:FF:51:20:28
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019CDEBF1616A713C18B5CB7ECE327E1FE83
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/gj04uIHrV_C75Lz74FAYqP9RICg.roa
Signing time:             Wed 11 Mar 2026 21:13:10 +0000
ROA not before:           Wed 11 Mar 2026 21:13:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        185.244.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:de:bf:16:16:a7:13:c1:8b:5c:b7:ec:e3:27:e1:fe:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Mar 11 21:13:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=823d38b881eb57f0bbe4bcfbe05018a8ff512028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ec:8d:4b:e0:85:ab:15:02:79:ba:82:d5:e2:
                    c8:43:44:24:ed:e9:d0:cd:44:41:40:f7:13:c8:87:
                    89:4b:6d:95:05:f6:6e:bd:bd:91:30:f5:08:c7:cc:
                    96:20:3c:bc:a8:6f:5d:fa:1a:c3:d6:2f:59:c8:4c:
                    3e:68:94:cb:9d:15:70:3b:41:28:95:95:30:f7:da:
                    43:f0:a4:4c:f7:75:25:2e:16:35:d8:54:b0:b3:59:
                    4e:db:9c:84:a7:0c:9b:1a:f8:bf:b3:af:1f:68:24:
                    73:b2:33:7e:39:34:c4:2c:b0:b7:1c:a7:3b:36:7b:
                    18:30:57:51:27:75:be:d8:55:e9:f2:db:3a:b4:2e:
                    88:e7:b9:23:74:42:ea:8e:6e:48:f7:5c:51:a8:ea:
                    89:32:e4:20:c7:40:4b:68:1c:ea:35:bb:00:b1:fd:
                    24:ba:59:fc:66:25:5c:08:77:23:fb:1a:0e:52:4c:
                    05:90:96:b8:b5:4d:8b:60:af:f7:fd:26:aa:d9:1f:
                    fc:70:af:e7:a5:73:85:43:39:af:7b:ab:55:9d:0d:
                    02:86:eb:0a:2c:68:37:54:62:a1:a7:54:59:05:f8:
                    5d:df:3c:9b:aa:dd:bc:4d:5e:4a:6e:21:ff:eb:90:
                    0f:71:39:cf:3f:02:cd:7f:f7:60:e1:27:1e:6f:c3:
                    e7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:3D:38:B8:81:EB:57:F0:BB:E4:BC:FB:E0:50:18:A8:FF:51:20:28
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/gj04uIHrV_C75Lz74FAYqP9RICg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:59:16:d3:f8:0c:3f:71:72:0d:b2:2e:93:41:c6:3a:1d:2d:
         d1:62:e9:b6:a6:fc:7d:0c:8b:21:6f:89:5c:9a:3e:60:10:16:
         74:45:0e:b2:f3:65:4c:e3:c9:7e:3a:eb:24:fb:7b:06:94:7d:
         7f:1c:1f:85:b5:75:7c:01:ce:4c:50:21:1d:05:d9:ec:4b:b6:
         83:7e:a8:f6:6d:e7:de:3d:c8:0d:43:b4:f2:b4:14:ec:08:fd:
         53:f0:67:8e:94:b2:bc:04:40:f5:7a:b0:9d:5c:a7:c5:9d:48:
         12:b3:b7:0b:55:b6:22:73:29:94:db:ff:eb:d8:3c:87:6b:6c:
         4e:d7:a4:7b:05:53:67:00:38:4c:76:c2:df:7f:47:30:a9:37:
         f9:0b:0f:48:a3:34:89:ea:b3:2e:2f:61:84:58:75:ba:d2:e7:
         ce:4d:77:9d:d3:11:d4:df:4a:e2:d1:b3:c4:80:7f:0d:fd:49:
         41:0f:02:6c:4e:c3:4e:dc:3b:94:36:fe:f3:b8:34:74:1a:ab:
         72:90:00:9b:ec:39:92:d6:e3:fc:ea:70:80:85:57:61:cf:31:
         06:69:65:2a:6b:00:d7:64:b7:88:25:89:a8:d1:d6:fb:2c:e3:
         6d:00:51:df:f4:52:d6:aa:a2:6b:ca:36:97:3a:57:75:39:cc:
         3a:b5:ef:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzevxYWpxPBi1y37OMn4f6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMzExMjExMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjNkMzhiODgxZWI1N2YwYmJlNGJjZmJlMDUwMThhOGZmNTEyMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuyNS+CFqxUCebqC1eLIQ0Qk7enQ
zURBQPcTyIeJS22VBfZuvb2RMPUIx8yWIDy8qG9d+hrD1i9ZyEw+aJTLnRVwO0Eo
lZUw99pD8KRM93UlLhY12FSws1lO25yEpwybGvi/s68faCRzsjN+OTTELLC3HKc7
NnsYMFdRJ3W+2FXp8ts6tC6I57kjdELqjm5I91xRqOqJMuQgx0BLaBzqNbsAsf0k
uln8ZiVcCHcj+xoOUkwFkJa4tU2LYK/3/Saq2R/8cK/npXOFQzmve6tVnQ0ChusK
LGg3VGKhp1RZBfhd3zybqt28TV5KbiH/65APcTnPPwLNf/dg4Sceb8PnawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFII9OLiB61fwu+S8++BQGKj/USAoMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvZ2owNHVJSHJWX0M3NUx6NzRGQVlxUDlSSUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQAMA0G
CSqGSIb3DQEBCwUAA4IBAQA/WRbT+Aw/cXINsi6TQcY6HS3RYum2pvx9DIshb4lc
mj5gEBZ0RQ6y82VM48l+Ousk+3sGlH1/HB+FtXV8Ac5MUCEdBdnsS7aDfqj2befe
PcgNQ7TytBTsCP1T8GeOlLK8BED1erCdXKfFnUgSs7cLVbYicymU2//r2DyHa2xO
16R7BVNnADhMdsLff0cwqTf5Cw9IozSJ6rMuL2GEWHW60ufOTXed0xHU30ri0bPE
gH8N/UlBDwJsTsNO3DuUNv7zuDR0GqtykACb7DmS1uP86nCAhVdhzzEGaWUqawDX
ZLeIJYmo0db7LONtAFHf9FLWqqJryjaXOld1Ocw6te8H
-----END CERTIFICATE-----