Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/gUo1p6uD_hmHy_Es8ZaViYIUYcM.roa
File:                     gUo1p6uD_hmHy_Es8ZaViYIUYcM.roa (raw, json)
Hash identifier:          XmO4Qj16EKXwUnXfDGJNcytJJ3pRO0VeewM7ykT31K4=
Subject key identifier:   81:4A:35:A7:AB:83:FE:19:87:CB:F1:2C:F1:96:95:89:82:14:61:C3
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019D05314CD6E2BD42E951848FE1915301C7
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/gUo1p6uD_hmHy_Es8ZaViYIUYcM.roa
Signing time:             Thu 19 Mar 2026 08:23:30 +0000
ROA not before:           Thu 19 Mar 2026 08:23:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213883
IP address blocks:        81.177.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:31:4c:d6:e2:bd:42:e9:51:84:8f:e1:91:53:01:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Mar 19 08:23:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=814a35a7ab83fe1987cbf12cf1969589821461c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:72:64:15:97:4d:d8:4c:af:3b:2d:de:b3:b6:
                    c1:9e:c6:2d:cd:2f:d0:96:98:07:6e:f8:59:de:ca:
                    06:14:3f:23:1b:ed:9a:e6:24:fd:1e:dc:11:a4:04:
                    39:81:3d:75:50:94:eb:ca:9b:1f:dd:56:82:fa:c8:
                    06:9a:75:43:29:7b:63:21:de:ce:42:76:4d:a5:77:
                    49:b2:88:91:7f:6a:40:8c:ec:5e:e8:b5:d7:92:bb:
                    22:e9:ca:29:72:9f:86:2d:f1:30:52:94:19:39:1f:
                    d7:ed:76:8d:8c:d5:14:b7:20:24:90:b1:ec:99:03:
                    09:17:85:ff:32:56:71:30:cd:e9:47:47:20:85:a2:
                    00:c0:ee:16:5d:ca:cb:25:db:36:6f:ca:ad:2b:8d:
                    b7:e8:54:a5:da:a4:ce:77:dc:da:3c:0a:ca:55:9c:
                    43:0d:e2:01:b6:b0:53:0b:5b:d1:1a:56:63:45:cc:
                    90:cd:31:d2:90:a8:d9:40:39:2b:25:18:23:c7:43:
                    37:2d:6f:32:e7:87:b2:2d:1f:5d:1e:a7:3e:42:4a:
                    55:f6:df:7a:61:13:97:00:34:e6:f4:aa:0b:0e:4a:
                    cf:fb:51:bf:45:b2:fc:bd:5a:eb:2b:7e:ae:81:75:
                    6e:d5:f8:01:08:ff:e2:b4:c2:49:10:b7:89:cb:5d:
                    2a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:4A:35:A7:AB:83:FE:19:87:CB:F1:2C:F1:96:95:89:82:14:61:C3
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/gUo1p6uD_hmHy_Es8ZaViYIUYcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.177.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:53:a2:2e:68:c7:38:79:b9:7e:45:99:ac:4d:a7:87:ee:de:
         1a:ed:22:a4:33:15:29:e5:c1:d9:1c:4a:a3:6a:b7:a1:0b:34:
         a2:c3:30:b3:60:7c:26:b2:39:20:51:00:a6:9e:10:75:61:65:
         1d:37:c9:7f:a9:e1:80:6a:d0:28:f4:0a:2e:b6:a4:a9:63:86:
         13:ef:1e:79:de:91:4f:24:e6:9c:a1:9c:d6:b4:56:7c:1b:47:
         f7:f3:c0:fe:d7:ee:7f:d8:f6:ae:d3:06:dc:2f:7a:4c:e9:4c:
         c9:09:e6:2a:e3:02:42:7b:e5:19:40:27:7d:d5:7d:70:bc:25:
         a4:4c:2e:dc:b7:c9:af:c3:47:e0:d0:89:43:4f:78:e7:3d:5a:
         84:9d:b2:1f:32:10:cd:3f:49:ea:19:4c:e9:03:48:25:9f:bf:
         79:38:c5:85:47:4d:25:fa:f5:4a:a6:1c:5c:1d:98:6f:eb:76:
         7a:89:dd:ab:1e:ba:92:79:41:ca:0b:b8:a8:0b:f8:0f:a9:f5:
         d8:e8:5a:25:e1:46:d6:50:9b:97:49:37:96:6b:0f:9e:01:4d:
         7e:0b:ba:74:05:fc:90:cf:04:d3:dd:47:42:76:e0:cf:b3:10:
         84:ec:bf:4a:80:35:67:aa:8c:96:29:a9:d0:f9:1c:27:af:ee:
         64:63:1f:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0FMUzW4r1C6VGEj+GRUwHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjYwMzE5MDgyMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTRhMzVhN2FiODNmZTE5ODdjYmYxMmNmMTk2OTU4OTgyMTQ2MWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHJkFZdN2EyvOy3es7bBnsYtzS/Q
lpgHbvhZ3soGFD8jG+2a5iT9HtwRpAQ5gT11UJTrypsf3VaC+sgGmnVDKXtjId7O
QnZNpXdJsoiRf2pAjOxe6LXXkrsi6copcp+GLfEwUpQZOR/X7XaNjNUUtyAkkLHs
mQMJF4X/MlZxMM3pR0cghaIAwO4WXcrLJds2b8qtK4236FSl2qTOd9zaPArKVZxD
DeIBtrBTC1vRGlZjRcyQzTHSkKjZQDkrJRgjx0M3LW8y54eyLR9dHqc+QkpV9t96
YROXADTm9KoLDkrP+1G/RbL8vVrrK36ugXVu1fgBCP/itMJJELeJy10qCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFKNaerg/4Zh8vxLPGWlYmCFGHDMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvZ1VvMXA2dURfaG1IeV9FczhaYVZpWUlVWWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUbHUMA0G
CSqGSIb3DQEBCwUAA4IBAQCTU6IuaMc4ebl+RZmsTaeH7t4a7SKkMxUp5cHZHEqj
arehCzSiwzCzYHwmsjkgUQCmnhB1YWUdN8l/qeGAatAo9AoutqSpY4YT7x553pFP
JOacoZzWtFZ8G0f388D+1+5/2Pau0wbcL3pM6UzJCeYq4wJCe+UZQCd91X1wvCWk
TC7ct8mvw0fg0IlDT3jnPVqEnbIfMhDNP0nqGUzpA0gln795OMWFR00l+vVKphxc
HZhv63Z6id2rHrqSeUHKC7ioC/gPqfXY6Fol4UbWUJuXSTeWaw+eAU1+C7p0BfyQ
zwTT3UdCduDPsxCE7L9KgDVnqoyWKanQ+Rwnr+5kYx/u
-----END CERTIFICATE-----