Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/e798b1-4b2d-4c1e-ba37-9e92625cda97/1/gymKXorNDDp8x3PYy2044v75QFA.roa
File:                     gymKXorNDDp8x3PYy2044v75QFA.roa (raw, json)
Hash identifier:          0rzdf9ANtdDtf/hP67m2732x5lm9z0lPUGsmoQ5Cu10=
Subject key identifier:   83:29:8A:5E:8A:CD:0C:3A:7C:C7:73:D8:CB:6D:38:E2:FE:F9:40:50
Certificate issuer:       /CN=d93c0d08a6c62e77382e80417e872098004ca4ec
Certificate serial:       019F07DBD8F4F7C9DD0C00B4C2234B6E4C64
Authority key identifier: D9:3C:0D:08:A6:C6:2E:77:38:2E:80:41:7E:87:20:98:00:4C:A4:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2TwNCKbGLnc4LoBBfocgmABMpOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/e798b1-4b2d-4c1e-ba37-9e92625cda97/1/gymKXorNDDp8x3PYy2044v75QFA.roa
Signing time:             Sat 27 Jun 2026 06:54:36 +0000
ROA not before:           Sat 27 Jun 2026 06:54:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219330
IP address blocks:        185.83.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/e798b1-4b2d-4c1e-ba37-9e92625cda97/1/2TwNCKbGLnc4LoBBfocgmABMpOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/e798b1-4b2d-4c1e-ba37-9e92625cda97/1/2TwNCKbGLnc4LoBBfocgmABMpOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2TwNCKbGLnc4LoBBfocgmABMpOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:07:db:d8:f4:f7:c9:dd:0c:00:b4:c2:23:4b:6e:4c:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93c0d08a6c62e77382e80417e872098004ca4ec
        Validity
            Not Before: Jun 27 06:54:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83298a5e8acd0c3a7cc773d8cb6d38e2fef94050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:63:11:9f:5d:78:4b:a2:3a:e9:cd:71:f5:a7:
                    6c:e1:80:25:0d:21:5c:48:7f:58:2d:d6:64:20:f8:
                    57:29:5d:a1:d6:4e:eb:a0:f9:f4:5f:36:cf:04:af:
                    91:b2:ce:fa:b5:df:34:b5:e9:65:ea:9c:de:d1:dc:
                    66:9d:1e:c3:f0:d0:e2:54:62:b3:72:d7:0c:78:fe:
                    aa:81:3d:f0:98:57:3f:0e:fd:17:c7:b0:17:1f:0c:
                    a1:af:42:8f:3c:9f:71:6d:ff:f5:39:89:fa:d3:b7:
                    da:64:b1:98:2d:07:e4:cf:70:c8:d5:15:88:37:78:
                    7c:40:cd:e0:48:b0:c3:08:c2:e7:d0:73:23:1c:41:
                    1b:ac:ed:9d:25:36:13:b1:1e:9b:11:8e:58:35:48:
                    f6:63:14:5f:5e:c4:35:7c:64:ac:26:9f:77:be:da:
                    5d:ce:67:27:c1:1a:0c:30:bc:35:5f:9e:a6:bf:09:
                    ed:9b:02:89:4b:97:a5:78:6c:30:48:be:16:15:4b:
                    09:83:be:12:1b:28:e4:ca:0d:93:60:dd:c3:6d:55:
                    05:d9:e2:77:bc:30:9c:94:23:c8:3e:8f:de:bc:3b:
                    e1:6f:b0:63:04:c2:53:0a:44:d7:5c:f7:e1:22:a8:
                    55:94:4f:14:4f:59:1f:f9:67:5a:69:58:7b:ae:51:
                    67:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:29:8A:5E:8A:CD:0C:3A:7C:C7:73:D8:CB:6D:38:E2:FE:F9:40:50
            X509v3 Authority Key Identifier:
                keyid:D9:3C:0D:08:A6:C6:2E:77:38:2E:80:41:7E:87:20:98:00:4C:A4:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2TwNCKbGLnc4LoBBfocgmABMpOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/e798b1-4b2d-4c1e-ba37-9e92625cda97/1/gymKXorNDDp8x3PYy2044v75QFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/e798b1-4b2d-4c1e-ba37-9e92625cda97/1/2TwNCKbGLnc4LoBBfocgmABMpOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:81:68:63:e8:64:d1:45:bc:97:64:a7:bb:74:dc:ea:4d:fb:
         9d:27:ed:a0:82:96:53:0c:aa:13:0d:1c:af:32:88:76:29:04:
         cc:98:8d:84:bf:56:e6:fa:43:b4:81:32:21:86:2c:48:32:79:
         6f:4e:0e:7b:70:7d:b6:ca:bb:0f:86:6e:16:1a:bc:a7:0d:a3:
         61:6a:de:57:23:be:72:b8:7b:2c:13:b2:1d:6b:43:49:ad:08:
         a0:a9:8d:84:32:9f:15:db:7f:9b:ae:d5:08:0d:21:64:85:83:
         6a:47:84:18:dd:06:89:61:e0:46:94:5c:b9:cf:26:82:ef:da:
         2e:24:f6:64:89:be:30:61:93:8f:11:c2:e7:06:bd:2a:c2:00:
         85:18:1b:90:b5:ac:81:8d:77:3e:d2:71:b5:97:48:7e:92:fd:
         0e:c1:f8:c9:b4:7d:33:b5:5e:5a:1b:80:e5:ea:16:5e:12:99:
         4a:4b:11:99:03:98:ea:3a:72:70:4a:83:8f:9e:e3:e7:94:d4:
         92:28:8a:c5:c8:d2:8f:b2:2b:91:6a:9a:0a:c2:0c:d1:6c:52:
         ff:3e:6e:d5:02:04:7b:14:93:77:37:9c:3a:08:58:09:ed:61:
         6b:86:f6:d7:0d:74:c1:6c:2d:c6:86:d8:9f:46:4e:90:3e:67:
         11:7a:ef:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8H29j098ndDAC0wiNLbkxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2MwZDA4YTZjNjJlNzczODJlODA0MTdlODcyMDk4MDA0
Y2E0ZWMwHhcNMjYwNjI3MDY1NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzI5OGE1ZThhY2QwYzNhN2NjNzczZDhjYjZkMzhlMmZlZjk0MDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWMRn114S6I66c1x9ads4YAlDSFc
SH9YLdZkIPhXKV2h1k7roPn0XzbPBK+Rss76td80tell6pze0dxmnR7D8NDiVGKz
ctcMeP6qgT3wmFc/Dv0Xx7AXHwyhr0KPPJ9xbf/1OYn607faZLGYLQfkz3DI1RWI
N3h8QM3gSLDDCMLn0HMjHEEbrO2dJTYTsR6bEY5YNUj2YxRfXsQ1fGSsJp93vtpd
zmcnwRoMMLw1X56mvwntmwKJS5eleGwwSL4WFUsJg74SGyjkyg2TYN3DbVUF2eJ3
vDCclCPIPo/evDvhb7BjBMJTCkTXXPfhIqhVlE8UT1kf+WdaaVh7rlFnKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMpil6KzQw6fMdz2MttOOL++UBQMB8GA1UdIwQY
MBaAFNk8DQimxi53OC6AQX6HIJgATKTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlR3TkNLYkdMbmM0TG9CQmZvY2dtQUJNcE93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9lNzk4YjEtNGIyZC00YzFlLWJhMzct
OWU5MjYyNWNkYTk3LzEvZ3ltS1hvck5ERHA4eDNQWXkyMDQ0djc1UUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9lNzk4YjEtNGIyZC00YzFlLWJhMzctOWU5MjYyNWNkYTk3
LzEvMlR3TkNLYkdMbmM0TG9CQmZvY2dtQUJNcE93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVNHMA0G
CSqGSIb3DQEBCwUAA4IBAQBvgWhj6GTRRbyXZKe7dNzqTfudJ+2ggpZTDKoTDRyv
Moh2KQTMmI2Ev1bm+kO0gTIhhixIMnlvTg57cH22yrsPhm4WGrynDaNhat5XI75y
uHssE7Ida0NJrQigqY2EMp8V23+brtUIDSFkhYNqR4QY3QaJYeBGlFy5zyaC79ou
JPZkib4wYZOPEcLnBr0qwgCFGBuQtayBjXc+0nG1l0h+kv0OwfjJtH0ztV5aG4Dl
6hZeEplKSxGZA5jqOnJwSoOPnuPnlNSSKIrFyNKPsiuRapoKwgzRbFL/Pm7VAgR7
FJN3N5w6CFgJ7WFrhvbXDXTBbC3GhtifRk6QPmcReu+A
-----END CERTIFICATE-----
Generated at Wed Jul 1 04:19:42 2026 by rpki-client