Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/de171b-5b3c-4b76-b065-20d34e18e270/1/GhN1yKMoFu8y6eUgkMzzqDeEy_w.roa
File:                     GhN1yKMoFu8y6eUgkMzzqDeEy_w.roa (raw, json)
Hash identifier:          zyNIiHMxPOjGUgXy6RCPzfPzuqWlzRBZzmEpfhP+cR4=
Subject key identifier:   1A:13:75:C8:A3:28:16:EF:32:E9:E5:20:90:CC:F3:A8:37:84:CB:FC
Certificate issuer:       /CN=998de60a867b49db29a627c6f7d223a266a322a9
Certificate serial:       019DBC7DB186F55EE1EA46F76142D472DAAB
Authority key identifier: 99:8D:E6:0A:86:7B:49:DB:29:A6:27:C6:F7:D2:23:A2:66:A3:22:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mY3mCoZ7SdsppifG99IjomajIqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/de171b-5b3c-4b76-b065-20d34e18e270/1/GhN1yKMoFu8y6eUgkMzzqDeEy_w.roa
Signing time:             Thu 23 Apr 2026 22:37:27 +0000
ROA not before:           Thu 23 Apr 2026 22:37:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199524
IP address blocks:        2001:678:1160::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/de171b-5b3c-4b76-b065-20d34e18e270/1/mY3mCoZ7SdsppifG99IjomajIqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/de171b-5b3c-4b76-b065-20d34e18e270/1/mY3mCoZ7SdsppifG99IjomajIqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mY3mCoZ7SdsppifG99IjomajIqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 13:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bc:7d:b1:86:f5:5e:e1:ea:46:f7:61:42:d4:72:da:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=998de60a867b49db29a627c6f7d223a266a322a9
        Validity
            Not Before: Apr 23 22:37:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a1375c8a32816ef32e9e52090ccf3a83784cbfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:37:3e:1b:e0:f3:1e:ff:a8:75:ac:77:cf:fd:
                    88:f7:cb:19:42:50:8f:ca:f0:94:98:f6:7c:c5:0c:
                    dd:62:03:4b:2c:0a:a4:b7:d4:78:c5:e7:ef:5e:46:
                    d8:31:05:81:3f:e5:8a:e2:72:19:dd:54:2f:dc:a8:
                    48:00:cf:82:dc:92:1f:58:a6:01:a3:d2:a8:e1:fd:
                    c9:82:b2:7d:bb:21:68:3c:74:cf:a2:d1:0d:70:77:
                    2f:25:f1:89:5b:9b:cb:9f:b4:51:89:42:9f:a8:80:
                    20:44:f5:b6:d3:a7:02:d2:65:45:4d:64:8a:dc:c8:
                    c4:e3:b7:f1:68:d4:17:a0:85:fb:df:da:2e:b7:fe:
                    20:f2:6d:23:42:3e:af:8a:43:c3:59:c6:67:78:fb:
                    07:3f:1f:c1:21:43:88:23:bd:f7:a4:13:d9:0d:78:
                    55:89:3c:f3:41:11:15:f7:6d:9d:08:fc:d5:b6:22:
                    fb:e2:84:83:86:c9:1e:6e:4d:72:a0:5b:76:c3:9e:
                    5c:18:fe:dc:65:d9:11:89:4b:d2:16:1f:40:80:ef:
                    74:80:74:92:96:6c:d8:ef:09:09:91:66:c3:f3:da:
                    c9:03:d8:e7:53:5a:30:4b:ed:ca:c4:fb:4c:21:02:
                    76:e5:c4:fa:67:d0:fc:2a:6f:01:40:cf:e8:7c:91:
                    10:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:13:75:C8:A3:28:16:EF:32:E9:E5:20:90:CC:F3:A8:37:84:CB:FC
            X509v3 Authority Key Identifier:
                keyid:99:8D:E6:0A:86:7B:49:DB:29:A6:27:C6:F7:D2:23:A2:66:A3:22:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mY3mCoZ7SdsppifG99IjomajIqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/de171b-5b3c-4b76-b065-20d34e18e270/1/GhN1yKMoFu8y6eUgkMzzqDeEy_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/de171b-5b3c-4b76-b065-20d34e18e270/1/mY3mCoZ7SdsppifG99IjomajIqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1160::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:17:29:ba:03:27:16:5b:d9:04:de:89:10:45:ba:26:32:60:
         7a:d7:1a:4d:30:d9:74:17:b6:f2:1f:e1:71:aa:6b:0b:eb:27:
         82:2c:10:29:a7:7b:95:d5:5d:5c:be:f3:2f:c6:25:23:74:bb:
         63:ac:4f:dc:0d:b1:cb:d6:3c:58:c9:c5:4c:3a:24:e9:8d:8a:
         be:12:18:56:ee:37:ee:37:37:3d:c6:6e:36:2c:c1:77:65:6d:
         99:6a:7f:54:42:c9:99:67:bb:52:31:73:e7:b3:c5:3c:93:38:
         45:a1:1e:a1:0c:2f:86:90:db:32:79:a7:a4:30:42:33:b4:5b:
         f8:d3:33:d2:eb:3a:ff:01:cb:a4:94:4b:e7:72:d0:11:58:23:
         28:2b:26:e8:a3:fc:38:10:1f:60:bc:80:4a:77:2e:cd:a0:46:
         dd:4f:b7:0a:34:3f:93:e5:58:23:dd:06:55:9e:c4:1f:95:b6:
         e5:73:23:22:25:63:b2:22:50:09:08:c7:47:12:b0:3f:a9:93:
         e7:cd:9c:e7:a9:67:df:a2:e4:3b:de:4e:28:09:b7:8c:fb:37:
         3d:d3:4d:61:9f:a4:c9:55:74:28:16:c7:ed:bd:22:d2:70:6b:
         02:0e:7b:9d:cb:42:38:8f:c1:f3:ab:94:f6:24:9e:83:f7:42:
         1e:94:73:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ28fbGG9V7h6kb3YULUctqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OGRlNjBhODY3YjQ5ZGIyOWE2MjdjNmY3ZDIyM2EyNjZh
MzIyYTkwHhcNMjYwNDIzMjIzNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTEzNzVjOGEzMjgxNmVmMzJlOWU1MjA5MGNjZjNhODM3ODRjYmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTc+G+DzHv+odax3z/2I98sZQlCP
yvCUmPZ8xQzdYgNLLAqkt9R4xefvXkbYMQWBP+WK4nIZ3VQv3KhIAM+C3JIfWKYB
o9Ko4f3JgrJ9uyFoPHTPotENcHcvJfGJW5vLn7RRiUKfqIAgRPW206cC0mVFTWSK
3MjE47fxaNQXoIX739out/4g8m0jQj6vikPDWcZnePsHPx/BIUOII733pBPZDXhV
iTzzQREV922dCPzVtiL74oSDhskebk1yoFt2w55cGP7cZdkRiUvSFh9AgO90gHSS
lmzY7wkJkWbD89rJA9jnU1owS+3KxPtMIQJ25cT6Z9D8Km8BQM/ofJEQ5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBoTdcijKBbvMunlIJDM86g3hMv8MB8GA1UdIwQY
MBaAFJmN5gqGe0nbKaYnxvfSI6JmoyKpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVkzbUNvWjdTZHNwcGlmRzk5SWpvbWFqSXFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kZTE3MWItNWIzYy00Yjc2LWIwNjUt
MjBkMzRlMThlMjcwLzEvR2hOMXlLTW9GdTh5NmVVZ2tNenpxRGVFeV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kZTE3MWItNWIzYy00Yjc2LWIwNjUtMjBkMzRlMThlMjcw
LzEvbVkzbUNvWjdTZHNwcGlmRzk5SWpvbWFqSXFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBFg
MA0GCSqGSIb3DQEBCwUAA4IBAQAOFym6AycWW9kE3okQRbomMmB61xpNMNl0F7by
H+FxqmsL6yeCLBApp3uV1V1cvvMvxiUjdLtjrE/cDbHL1jxYycVMOiTpjYq+EhhW
7jfuNzc9xm42LMF3ZW2Zan9UQsmZZ7tSMXPns8U8kzhFoR6hDC+GkNsyeaekMEIz
tFv40zPS6zr/AcuklEvnctARWCMoKyboo/w4EB9gvIBKdy7NoEbdT7cKND+T5Vgj
3QZVnsQflbblcyMiJWOyIlAJCMdHErA/qZPnzZznqWffouQ73k4oCbeM+zc9001h
n6TJVXQoFsftvSLScGsCDnudy0I4j8Hzq5T2JJ6D90IelHPf
-----END CERTIFICATE-----