Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/gh269-L8TbTY3-TVP_7aO8lyx58.roa
File:                     gh269-L8TbTY3-TVP_7aO8lyx58.roa (raw, json)
Hash identifier:          VbOH7TTnQt8mmF2t2Xgvv1Gs0QXIq8ndLB+CWsdxeFA=
Subject key identifier:   82:1D:BA:F7:E2:FC:4D:B4:D8:DF:E4:D5:3F:FE:DA:3B:C9:72:C7:9F
Certificate issuer:       /CN=4fd642102ebdd7f2268c14c27e3ebbf26b4cafeb
Certificate serial:       019E1BEBC4BE5BC7F51058FEF46BA5F035F8
Authority key identifier: 4F:D6:42:10:2E:BD:D7:F2:26:8C:14:C2:7E:3E:BB:F2:6B:4C:AF:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/gh269-L8TbTY3-TVP_7aO8lyx58.roa
Signing time:             Tue 12 May 2026 11:21:36 +0000
ROA not before:           Tue 12 May 2026 11:21:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197739
IP address blocks:        2a07:e000:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1b:eb:c4:be:5b:c7:f5:10:58:fe:f4:6b:a5:f0:35:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fd642102ebdd7f2268c14c27e3ebbf26b4cafeb
        Validity
            Not Before: May 12 11:21:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=821dbaf7e2fc4db4d8dfe4d53ffeda3bc972c79f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:d4:49:11:34:5a:28:f2:32:81:ce:bc:c0:15:
                    c2:c3:cc:ab:ec:03:1a:44:43:79:c1:93:be:0f:64:
                    ee:5f:40:53:43:0b:ff:43:29:a6:c3:58:c8:15:00:
                    28:c6:a1:36:53:9c:f4:b5:ac:ee:20:6b:5e:aa:af:
                    3a:64:43:67:84:58:d1:9f:7d:04:7e:11:8a:33:45:
                    6d:96:87:bf:0c:c6:df:b4:e4:5c:05:53:6b:8d:a7:
                    2a:c8:f0:a1:14:f6:9e:ac:d9:81:44:f0:2a:a5:9c:
                    fb:5e:ea:a6:80:51:a7:da:f4:a9:30:10:5d:df:9c:
                    c7:2a:b6:20:d9:8d:89:47:dc:79:2b:7f:85:87:fd:
                    df:0f:5b:31:db:ab:d0:37:d2:3e:62:a4:64:44:51:
                    52:36:fb:ea:fb:e4:d6:cd:48:af:13:3d:2c:75:93:
                    f0:d1:e5:f2:0e:ec:b3:18:0f:20:5c:b3:0e:db:62:
                    27:d2:5d:85:94:e1:70:05:19:ca:7a:dc:7a:f7:4e:
                    96:fc:6d:6f:0b:f4:a5:9c:7d:9b:71:a1:e7:46:84:
                    2e:8c:43:05:bd:bc:3b:3e:29:71:ea:47:c7:0c:74:
                    a4:a1:b7:3e:b4:d2:22:dd:8b:f5:d9:20:7a:e4:4a:
                    0e:e9:c4:69:2f:f7:0f:44:6f:8e:7f:a3:67:6e:a3:
                    9a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1D:BA:F7:E2:FC:4D:B4:D8:DF:E4:D5:3F:FE:DA:3B:C9:72:C7:9F
            X509v3 Authority Key Identifier:
                keyid:4F:D6:42:10:2E:BD:D7:F2:26:8C:14:C2:7E:3E:BB:F2:6B:4C:AF:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/gh269-L8TbTY3-TVP_7aO8lyx58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e000:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:5f:db:08:74:7d:a0:72:e1:68:83:ce:0c:3f:34:b4:69:2b:
         ce:41:41:40:15:06:cf:e8:74:7f:23:09:78:3b:ee:b5:48:a6:
         58:3d:6f:51:35:26:54:fe:74:4c:94:73:ed:ca:db:81:3d:09:
         b3:78:23:1b:f3:ca:97:b5:62:2a:21:5b:6f:7b:78:22:36:42:
         25:98:1b:ba:c0:7a:b3:e6:e1:ae:ae:98:b9:9f:2e:1a:d4:1a:
         ce:37:79:d7:c6:df:bd:31:2e:86:de:d5:c7:05:86:45:8f:8d:
         f9:f3:15:9e:12:72:55:27:cc:98:fb:b7:0c:f0:51:a9:06:7f:
         43:7f:5e:48:f2:4f:aa:79:1a:d9:95:e8:04:ae:7b:33:9d:32:
         cf:a0:78:68:c2:94:bd:75:dd:f8:ff:ff:b2:b9:d0:34:9f:9b:
         54:03:23:0a:14:7f:83:f3:40:fa:f6:33:46:3a:ce:53:1f:9a:
         76:f8:89:1a:43:34:48:97:d9:f5:82:53:4d:54:37:7e:74:48:
         c6:e0:a1:28:a9:4c:13:46:0a:dc:b6:e1:20:a5:f8:18:8f:5c:
         f0:be:54:99:74:c7:b1:c3:59:4e:5b:6d:5a:50:e2:1a:3f:e0:
         30:1e:1f:ce:df:f8:c6:38:9b:89:d5:87:f4:08:a8:2f:7e:50:
         fc:36:c0:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4b68S+W8f1EFj+9Gul8DX4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmZDY0MjEwMmViZGQ3ZjIyNjhjMTRjMjdlM2ViYmYyNmI0
Y2FmZWIwHhcNMjYwNTEyMTEyMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjFkYmFmN2UyZmM0ZGI0ZDhkZmU0ZDUzZmZlZGEzYmM5NzJjNzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dRJETRaKPIygc68wBXCw8yr7AMa
REN5wZO+D2TuX0BTQwv/Qymmw1jIFQAoxqE2U5z0tazuIGteqq86ZENnhFjRn30E
fhGKM0Vtloe/DMbftORcBVNrjacqyPChFPaerNmBRPAqpZz7XuqmgFGn2vSpMBBd
35zHKrYg2Y2JR9x5K3+Fh/3fD1sx26vQN9I+YqRkRFFSNvvq++TWzUivEz0sdZPw
0eXyDuyzGA8gXLMO22In0l2FlOFwBRnKetx6906W/G1vC/SlnH2bcaHnRoQujEMF
vbw7Pilx6kfHDHSkobc+tNIi3Yv12SB65EoO6cRpL/cPRG+Of6NnbqOaMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIIduvfi/E202N/k1T/+2jvJcsefMB8GA1UdIwQY
MBaAFE/WQhAuvdfyJowUwn4+u/JrTK/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDlaQ0VDNjkxX0ltakJUQ2ZqNjc4bXRNci1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wYzNiMWYtZGFiOC00NzYyLTlkMDQt
Zjk0MWNjMzlhNzFlLzEvZ2gyNjktTDhUYlRZMy1UVlBfN2FPOGx5eDU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wYzNiMWYtZGFiOC00NzYyLTlkMDQtZjk0MWNjMzlhNzFl
LzEvVDlaQ0VDNjkxX0ltakJUQ2ZqNjc4bXRNci1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfgAAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQAZX9sIdH2gcuFog84MPzS0aSvOQUFAFQbP6HR/
Iwl4O+61SKZYPW9RNSZU/nRMlHPtytuBPQmzeCMb88qXtWIqIVtve3giNkIlmBu6
wHqz5uGurpi5ny4a1BrON3nXxt+9MS6G3tXHBYZFj4358xWeEnJVJ8yY+7cM8FGp
Bn9Df15I8k+qeRrZlegErnsznTLPoHhowpS9dd34//+yudA0n5tUAyMKFH+D80D6
9jNGOs5TH5p2+IkaQzRIl9n1glNNVDd+dEjG4KEoqUwTRgrctuEgpfgYj1zwvlSZ
dMexw1lOW21aUOIaP+AwHh/O3/jGOJuJ1Yf0CKgvflD8NsDj
-----END CERTIFICATE-----