Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/GcjqtR6eaVf9zI7HkXKSnJA3w6w.roa
File:                     GcjqtR6eaVf9zI7HkXKSnJA3w6w.roa (raw, json)
Hash identifier:          A4MXiuxUupC9OPHA/5SoE0YyMSrNretsQcoN/Jow0+w=
Subject key identifier:   19:C8:EA:B5:1E:9E:69:57:FD:CC:8E:C7:91:72:92:9C:90:37:C3:AC
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       019DAA97794F18D0F3DA875DD6CD9DC2FDC6
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/GcjqtR6eaVf9zI7HkXKSnJA3w6w.roa
Signing time:             Mon 20 Apr 2026 11:12:26 +0000
ROA not before:           Mon 20 Apr 2026 11:12:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49158
IP address blocks:        212.9.96.0/19 maxlen: 20
                          212.9.124.0/22 maxlen: 22
                          2a03:4307::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:97:79:4f:18:d0:f3:da:87:5d:d6:cd:9d:c2:fd:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Apr 20 11:12:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19c8eab51e9e6957fdcc8ec79172929c9037c3ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d6:5e:43:27:bd:63:b0:9c:e8:1c:b0:f9:55:
                    0f:bd:14:9b:fd:58:69:7d:e2:6a:d2:85:da:dc:29:
                    f2:25:34:7f:00:29:98:17:64:96:2a:e4:de:eb:3d:
                    2b:bf:6b:3d:f2:6b:dd:c4:52:fa:8f:ab:69:d1:19:
                    c9:dd:4d:80:fa:27:3e:d8:39:1b:58:e1:04:e7:22:
                    06:a0:1a:ae:76:46:a2:27:07:6b:de:45:9e:9e:26:
                    7b:16:c9:28:81:47:e0:0a:0e:c0:3e:38:1e:d1:7a:
                    fc:43:26:22:6c:4f:fe:31:0a:d4:e8:cc:e8:e8:32:
                    9c:df:63:0b:1d:f3:32:fb:3e:64:9a:a5:37:ea:f1:
                    83:a7:e5:12:6b:e9:c9:b1:50:bf:c9:76:21:ac:0d:
                    e9:7d:72:af:1a:73:a9:aa:34:58:ad:a8:e9:7c:c0:
                    9b:ad:a2:43:e2:1e:09:57:45:44:fd:08:c9:27:d3:
                    22:2d:27:54:d5:06:7b:dd:06:2e:65:ef:47:f2:1a:
                    1f:0e:14:2c:7f:57:6d:78:af:bf:7a:d3:eb:c7:50:
                    19:a7:83:f0:bc:e2:23:25:52:d7:3b:5e:60:d7:91:
                    6b:f8:52:f4:5f:a0:54:a8:6e:fc:ec:74:34:7d:4f:
                    03:5a:ea:03:9c:28:66:74:9a:75:c8:60:2f:62:77:
                    ee:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:C8:EA:B5:1E:9E:69:57:FD:CC:8E:C7:91:72:92:9C:90:37:C3:AC
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/GcjqtR6eaVf9zI7HkXKSnJA3w6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.9.96.0/19
                IPv6:
                  2a03:4307::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:95:90:dc:cf:b9:37:03:fc:27:5a:fc:39:18:ff:84:79:12:
         95:23:e2:ac:27:76:dd:34:74:eb:f6:fd:63:2c:76:01:9c:c2:
         a8:90:ec:a8:10:08:b7:fa:58:7a:9a:33:7a:0d:8d:30:da:e4:
         65:43:28:62:70:76:79:91:fd:56:99:20:14:1e:49:08:bb:2e:
         a4:1a:d4:d9:9d:17:7e:2f:c7:6d:cc:50:fa:77:a9:93:bd:67:
         2b:0a:0d:97:85:84:58:7d:1b:8e:03:4c:fa:55:3a:11:41:3e:
         9f:a6:5f:18:68:52:c2:7e:28:ca:50:68:6d:7b:95:f7:9f:05:
         79:60:d9:32:46:e5:05:4c:84:16:4e:48:7e:b2:e9:06:31:6f:
         53:b6:6c:85:43:ba:b8:4e:e6:b5:aa:6c:d3:d2:2f:e7:b3:a8:
         70:c9:ca:10:fe:46:7d:40:db:72:37:36:b9:4c:1a:da:a3:f1:
         49:51:9f:26:80:48:96:3b:be:ad:ab:e4:db:46:f5:58:39:4a:
         89:de:63:93:97:3f:00:ef:08:d1:b7:03:39:f3:fa:97:8f:77:
         c1:6e:0c:14:9c:bf:d7:26:3e:0f:34:14:0c:04:2b:08:31:e5:
         24:ec:0b:f2:05:9b:56:48:97:da:c8:99:02:ad:d0:50:c4:57:
         a6:6c:29:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2ql3lPGNDz2odd1s2dwv3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjYwNDIwMTExMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWM4ZWFiNTFlOWU2OTU3ZmRjYzhlYzc5MTcyOTI5YzkwMzdjM2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNZeQye9Y7Cc6Byw+VUPvRSb/Vhp
feJq0oXa3CnyJTR/ACmYF2SWKuTe6z0rv2s98mvdxFL6j6tp0RnJ3U2A+ic+2Dkb
WOEE5yIGoBqudkaiJwdr3kWeniZ7FskogUfgCg7APjge0Xr8QyYibE/+MQrU6Mzo
6DKc32MLHfMy+z5kmqU36vGDp+USa+nJsVC/yXYhrA3pfXKvGnOpqjRYrajpfMCb
raJD4h4JV0VE/QjJJ9MiLSdU1QZ73QYuZe9H8hofDhQsf1dteK+/etPrx1AZp4Pw
vOIjJVLXO15g15Fr+FL0X6BUqG787HQ0fU8DWuoDnChmdJp1yGAvYnfuPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBnI6rUenmlX/cyOx5FykpyQN8OsMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvR2NqcXRSNmVhVmY5ekk3SGtYS1NuSkEzdzZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1AlgMA0E
AgACMAcDBQAqA0MHMA0GCSqGSIb3DQEBCwUAA4IBAQBHlZDcz7k3A/wnWvw5GP+E
eRKVI+KsJ3bdNHTr9v1jLHYBnMKokOyoEAi3+lh6mjN6DY0w2uRlQyhicHZ5kf1W
mSAUHkkIuy6kGtTZnRd+L8dtzFD6d6mTvWcrCg2XhYRYfRuOA0z6VToRQT6fpl8Y
aFLCfijKUGhte5X3nwV5YNkyRuUFTIQWTkh+sukGMW9TtmyFQ7q4Tua1qmzT0i/n
s6hwycoQ/kZ9QNtyNza5TBrao/FJUZ8mgEiWO76tq+TbRvVYOUqJ3mOTlz8A7wjR
twM58/qXj3fBbgwUnL/XJj4PNBQMBCsIMeUk7AvyBZtWSJfayJkCrdBQxFembCkW
-----END CERTIFICATE-----