Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/gjPIRKPJi_4QrZoYKNfG1ZHCwWE.roa
File:                     gjPIRKPJi_4QrZoYKNfG1ZHCwWE.roa (raw, json)
Hash identifier:          LJkRn1C/fK0birIG4ak1fx3zIs3X/kg2rtCRZNfSQ0s=
Subject key identifier:   82:33:C8:44:A3:C9:8B:FE:10:AD:9A:18:28:D7:C6:D5:91:C2:C1:61
Certificate issuer:       /CN=a4b666cb0e5496116eb7ae6714d9055309ba69ac
Certificate serial:       019EAC286F77ABCFCC734AEDD053E3B4CE1D
Authority key identifier: A4:B6:66:CB:0E:54:96:11:6E:B7:AE:67:14:D9:05:53:09:BA:69:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/gjPIRKPJi_4QrZoYKNfG1ZHCwWE.roa
Signing time:             Tue 09 Jun 2026 11:33:11 +0000
ROA not before:           Tue 09 Jun 2026 11:33:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6677
IP address blocks:        176.57.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:28:6f:77:ab:cf:cc:73:4a:ed:d0:53:e3:b4:ce:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4b666cb0e5496116eb7ae6714d9055309ba69ac
        Validity
            Not Before: Jun  9 11:33:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8233c844a3c98bfe10ad9a1828d7c6d591c2c161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cc:39:c2:8c:8b:f1:cf:ec:0a:27:cc:80:29:
                    f0:fa:df:fd:c3:70:eb:6c:2a:1f:63:50:cc:48:2d:
                    16:7e:8e:b5:11:d4:a6:d8:23:f6:1a:af:fa:60:b4:
                    6f:46:35:70:c6:c7:19:7c:40:5a:df:7f:16:2d:77:
                    c5:a2:fa:df:66:fa:b7:3f:41:50:5c:59:89:76:b2:
                    b8:91:d5:4a:85:cf:8a:3f:58:80:de:dd:9b:29:a2:
                    99:87:e8:99:3a:65:e3:19:c7:d4:d3:f4:0a:46:8d:
                    c6:9e:eb:b1:a1:fb:89:22:0b:2d:b3:7a:2b:5d:aa:
                    8c:b0:a2:a1:6a:b9:39:a3:b2:ea:3a:07:3b:cd:cb:
                    dd:af:3c:55:22:25:4a:d2:bc:9d:65:09:b4:d6:99:
                    a3:b3:a4:c2:13:60:31:be:d3:51:c6:f5:9f:73:cc:
                    7f:b2:fa:09:8f:f5:82:24:0a:19:74:6e:02:a0:5e:
                    a0:a7:fb:10:0e:cf:90:6e:0a:b8:56:3b:1b:de:52:
                    7d:3e:fc:15:cf:8a:8a:e1:f5:88:a7:be:d1:99:fd:
                    7a:06:ca:d1:49:04:14:c8:89:d2:27:68:65:3d:eb:
                    11:f5:f0:a1:8e:d6:a3:c2:c7:2c:1d:c5:07:78:3e:
                    cd:28:51:95:55:ec:b9:5d:d0:a2:82:01:28:95:44:
                    81:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:33:C8:44:A3:C9:8B:FE:10:AD:9A:18:28:D7:C6:D5:91:C2:C1:61
            X509v3 Authority Key Identifier:
                keyid:A4:B6:66:CB:0E:54:96:11:6E:B7:AE:67:14:D9:05:53:09:BA:69:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/gjPIRKPJi_4QrZoYKNfG1ZHCwWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:a2:87:0b:bd:6f:2d:e7:4f:70:6c:81:23:a1:37:30:2c:0f:
         c9:12:b2:9a:d7:31:62:2b:42:b2:9a:cf:bc:de:b2:b1:ba:c6:
         e6:3a:62:15:fd:5b:80:30:04:23:1d:5f:a4:5b:6f:20:ca:c0:
         77:52:d8:70:63:05:39:72:9d:d4:27:5d:81:1c:7e:7c:f6:9b:
         39:ed:53:db:fd:be:06:73:13:43:55:3a:b6:96:7f:41:c1:8c:
         aa:c6:bc:8a:9f:b3:68:60:6f:0e:c6:7f:e3:c5:72:c4:02:66:
         0b:26:b4:d1:5c:80:ad:58:e0:92:4f:4f:4d:1a:a9:7f:52:0b:
         a9:2a:ce:9a:fd:3e:0d:8e:96:76:d7:ea:33:9b:d9:a3:33:31:
         32:9b:5e:ec:c2:ad:96:0d:0a:00:0c:c9:0e:a5:b1:0d:66:c8:
         46:3b:35:54:3a:69:4d:ef:88:c5:1f:df:28:5b:c2:87:cd:6a:
         a1:d6:ec:26:a8:5f:ef:1b:55:92:7f:26:26:c4:03:2a:79:00:
         b3:c0:d5:dd:36:82:b1:f3:bc:1a:eb:9f:58:f5:d3:60:ff:07:
         eb:2f:fc:de:bb:56:49:2f:97:6b:05:c2:7c:3c:fc:a4:dd:da:
         4d:4b:de:cd:cb:00:c5:57:71:f2:e2:fc:58:93:5b:fa:60:d8:
         37:97:29:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6sKG93q8/Mc0rt0FPjtM4dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YjY2NmNiMGU1NDk2MTE2ZWI3YWU2NzE0ZDkwNTUzMDli
YTY5YWMwHhcNMjYwNjA5MTEzMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjMzYzg0NGEzYzk4YmZlMTBhZDlhMTgyOGQ3YzZkNTkxYzJjMTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicw5woyL8c/sCifMgCnw+t/9w3Dr
bCofY1DMSC0Wfo61EdSm2CP2Gq/6YLRvRjVwxscZfEBa338WLXfFovrfZvq3P0FQ
XFmJdrK4kdVKhc+KP1iA3t2bKaKZh+iZOmXjGcfU0/QKRo3GnuuxofuJIgsts3or
XaqMsKKhark5o7LqOgc7zcvdrzxVIiVK0rydZQm01pmjs6TCE2AxvtNRxvWfc8x/
svoJj/WCJAoZdG4CoF6gp/sQDs+Qbgq4Vjsb3lJ9PvwVz4qK4fWIp77Rmf16BsrR
SQQUyInSJ2hlPesR9fChjtajwscsHcUHeD7NKFGVVey5XdCiggEolUSBwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIzyESjyYv+EK2aGCjXxtWRwsFhMB8GA1UdIwQY
MBaAFKS2ZssOVJYRbreuZxTZBVMJummsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcExabXl3NVVsaEZ1dDY1bkZOa0ZVd202YWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mNzQyODAtY2M2ZC00MWMxLTg1OGEt
YjUzNjgzMzBiYWYyLzEvZ2pQSVJLUEppXzRRclpvWUtOZkcxWkhDd1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mNzQyODAtY2M2ZC00MWMxLTg1OGEtYjUzNjgzMzBiYWYy
LzEvcExabXl3NVVsaEZ1dDY1bkZOa0ZVd202YWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDnrMA0G
CSqGSIb3DQEBCwUAA4IBAQCgoocLvW8t509wbIEjoTcwLA/JErKa1zFiK0Kyms+8
3rKxusbmOmIV/VuAMAQjHV+kW28gysB3UthwYwU5cp3UJ12BHH589ps57VPb/b4G
cxNDVTq2ln9BwYyqxryKn7NoYG8Oxn/jxXLEAmYLJrTRXICtWOCST09NGql/Ugup
Ks6a/T4NjpZ21+ozm9mjMzEym17swq2WDQoADMkOpbENZshGOzVUOmlN74jFH98o
W8KHzWqh1uwmqF/vG1WSfyYmxAMqeQCzwNXdNoKx87wa659Y9dNg/wfrL/zeu1ZJ
L5drBcJ8PPyk3dpNS97NywDFV3Hy4vxYk1v6YNg3lylF
-----END CERTIFICATE-----