Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/vGG_tLkKXFgbXJfTRyLCvmDQxbE.roa
File:                     vGG_tLkKXFgbXJfTRyLCvmDQxbE.roa (raw, json)
Hash identifier:          WShGMkUZgE0y2ZoQYvE7mjCYcDN54oRSnCg5kaDhPTw=
Subject key identifier:   BC:61:BF:B4:B9:0A:5C:58:1B:5C:97:D3:47:22:C2:BE:60:D0:C5:B1
Certificate issuer:       /CN=19b390b62d09950d500cd6bbbd78d0390560ec42
Certificate serial:       019CF1F93F9E2E834E3259DAF56FD1013524
Authority key identifier: 19:B3:90:B6:2D:09:95:0D:50:0C:D6:BB:BD:78:D0:39:05:60:EC:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/vGG_tLkKXFgbXJfTRyLCvmDQxbE.roa
Signing time:             Sun 15 Mar 2026 14:49:29 +0000
ROA not before:           Sun 15 Mar 2026 14:49:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        185.133.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f1:f9:3f:9e:2e:83:4e:32:59:da:f5:6f:d1:01:35:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19b390b62d09950d500cd6bbbd78d0390560ec42
        Validity
            Not Before: Mar 15 14:49:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc61bfb4b90a5c581b5c97d34722c2be60d0c5b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:4a:5d:46:11:8d:89:69:a4:61:84:3f:98:26:
                    8c:bb:95:14:27:cd:3f:fb:69:50:62:dc:ef:82:54:
                    1c:43:22:fb:fb:d6:de:25:c8:ca:a3:5a:dc:5d:03:
                    e0:4e:ac:3b:74:91:a7:93:01:18:3e:60:83:88:ca:
                    75:9d:92:e5:d7:dd:3b:b8:c9:9a:9d:e3:13:3c:11:
                    ea:1a:10:46:ba:ad:70:c5:a8:9c:84:ea:c3:42:98:
                    a1:56:67:7f:92:9f:1d:ce:e4:62:7e:05:05:a4:db:
                    67:63:cc:49:57:42:47:43:ce:b2:df:8e:d3:3f:25:
                    89:c2:aa:1d:fd:6d:1e:97:c8:2d:01:ac:c2:92:75:
                    0e:9c:03:52:4c:35:38:8d:c6:68:bb:d2:1b:38:82:
                    d6:d5:a5:a8:16:df:82:f9:a6:03:a1:3e:59:82:56:
                    6f:a7:6d:25:1d:71:4f:f3:d3:4a:9f:f8:20:cd:7a:
                    84:a5:e3:9e:6e:aa:c7:31:65:a2:e4:b2:0f:09:97:
                    a3:6a:9d:71:ec:0f:28:1d:e7:79:1d:ee:7a:40:62:
                    23:be:05:55:40:92:3f:13:d6:40:77:b7:23:d3:6f:
                    f5:e2:6c:d0:2f:9e:79:96:88:59:6d:e4:10:8e:b8:
                    be:74:3a:32:34:4e:5a:e3:5f:bc:02:20:24:96:9f:
                    f1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:61:BF:B4:B9:0A:5C:58:1B:5C:97:D3:47:22:C2:BE:60:D0:C5:B1
            X509v3 Authority Key Identifier:
                keyid:19:B3:90:B6:2D:09:95:0D:50:0C:D6:BB:BD:78:D0:39:05:60:EC:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/vGG_tLkKXFgbXJfTRyLCvmDQxbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:a2:97:9d:51:26:1b:74:59:f2:9b:7d:09:7b:59:0d:62:38:
         3e:99:57:66:16:30:02:86:50:94:c4:31:bb:7b:9c:a9:d7:2f:
         c3:d5:85:41:dc:ab:9e:03:70:06:8d:0b:84:b1:1d:51:84:32:
         32:ea:ae:98:71:4d:df:8a:fd:db:44:8f:60:c3:27:71:5d:44:
         32:63:4b:d6:79:27:0e:fc:36:42:0b:65:f8:a7:a3:10:7f:c9:
         80:31:fc:67:40:67:9d:bc:02:ad:79:05:3e:76:cd:21:83:dc:
         25:11:80:72:34:1c:d3:de:0f:c1:79:f4:12:f8:b2:0c:57:90:
         57:32:c2:2e:b4:5c:d0:95:ea:8f:43:48:28:c2:51:cd:33:40:
         a1:dc:5d:39:0e:6e:e2:e8:31:26:23:05:63:ed:4e:2a:c1:60:
         7a:00:f9:11:d8:7e:dd:be:dd:5b:1d:e9:4c:2e:1c:08:f6:51:
         21:c2:b7:72:ad:7d:c0:8b:d4:b2:c9:cd:55:63:3f:9f:d3:ca:
         39:13:28:f3:ac:9f:09:7d:d5:e9:4f:fd:dd:84:54:78:4c:d6:
         3b:91:55:4d:c2:f8:c2:cb:29:f0:90:4e:f2:fc:5d:b1:f8:f4:
         94:cb:55:89:b7:a9:eb:5b:d5:84:f1:2b:36:4a:63:74:11:07:
         42:06:fa:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzx+T+eLoNOMlna9W/RATUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YjM5MGI2MmQwOTk1MGQ1MDBjZDZiYmJkNzhkMDM5MDU2
MGVjNDIwHhcNMjYwMzE1MTQ0OTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzYxYmZiNGI5MGE1YzU4MWI1Yzk3ZDM0NzIyYzJiZTYwZDBjNWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8UpdRhGNiWmkYYQ/mCaMu5UUJ80/
+2lQYtzvglQcQyL7+9beJcjKo1rcXQPgTqw7dJGnkwEYPmCDiMp1nZLl1907uMma
neMTPBHqGhBGuq1wxaichOrDQpihVmd/kp8dzuRifgUFpNtnY8xJV0JHQ86y347T
PyWJwqod/W0el8gtAazCknUOnANSTDU4jcZou9IbOILW1aWoFt+C+aYDoT5ZglZv
p20lHXFP89NKn/ggzXqEpeOebqrHMWWi5LIPCZejap1x7A8oHed5He56QGIjvgVV
QJI/E9ZAd7cj02/14mzQL555lohZbeQQjri+dDoyNE5a41+8AiAklp/xKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxhv7S5ClxYG1yX00ciwr5g0MWxMB8GA1UdIwQY
MBaAFBmzkLYtCZUNUAzWu7140DkFYOxCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2JPUXRpMEpsUTFRRE5hN3ZYalFPUVZnN0VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9iMzE1ODYtMzU2Ni00N2IwLTk1Y2Mt
MTQ0ZDc0NzNlYTU5LzEvdkdHX3RMa0tYRmdiWEpmVFJ5TEN2bURReGJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9iMzE1ODYtMzU2Ni00N2IwLTk1Y2MtMTQ0ZDc0NzNlYTU5
LzEvR2JPUXRpMEpsUTFRRE5hN3ZYalFPUVZnN0VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYXyMA0G
CSqGSIb3DQEBCwUAA4IBAQA2opedUSYbdFnym30Je1kNYjg+mVdmFjAChlCUxDG7
e5yp1y/D1YVB3KueA3AGjQuEsR1RhDIy6q6YcU3fiv3bRI9gwydxXUQyY0vWeScO
/DZCC2X4p6MQf8mAMfxnQGedvAKteQU+ds0hg9wlEYByNBzT3g/BefQS+LIMV5BX
MsIutFzQleqPQ0gowlHNM0Ch3F05Dm7i6DEmIwVj7U4qwWB6APkR2H7dvt1bHelM
LhwI9lEhwrdyrX3Ai9Syyc1VYz+f08o5EyjzrJ8JfdXpT/3dhFR4TNY7kVVNwvjC
yynwkE7y/F2x+PSUy1WJt6nrW9WE8Ss2SmN0EQdCBvpu
-----END CERTIFICATE-----