Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/G-gh7WH4gz1Kk05-MGnExVF2PmU.roa
File:                     G-gh7WH4gz1Kk05-MGnExVF2PmU.roa (raw, json)
Hash identifier:          h4xwBjw7Tdcyfxt7DupN/CWghsslonDnTSE/po3DUCg=
Subject key identifier:   1B:E8:21:ED:61:F8:83:3D:4A:93:4E:7E:30:69:C4:C5:51:76:3E:65
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01987E35B75A58B823E8031115F9EF0A92A5
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/G-gh7WH4gz1Kk05-MGnExVF2PmU.roa
Signing time:             Wed 06 Aug 2025 07:08:26 +0000
ROA not before:           Wed 06 Aug 2025 07:08:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        217.177.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:35:b7:5a:58:b8:23:e8:03:11:15:f9:ef:0a:92:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Aug  6 07:08:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1be821ed61f8833d4a934e7e3069c4c551763e65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1d:10:b7:78:99:8b:2f:32:52:53:e2:d7:0a:
                    36:b3:04:16:e7:90:0c:74:af:cf:e9:00:f1:64:8e:
                    dd:81:05:0e:e8:49:2d:50:fb:34:ea:5c:6d:86:cc:
                    4e:8e:c4:2a:13:ce:59:d4:12:79:79:0d:cd:4a:f2:
                    24:73:2a:f9:48:42:38:98:00:64:6a:a3:9a:75:52:
                    d9:db:ab:27:19:f1:41:cb:03:9a:da:ad:b8:ee:8e:
                    1e:74:6c:31:7e:6e:95:27:64:34:93:f1:47:f4:4e:
                    6c:d4:bf:7c:b9:b1:60:78:82:a1:13:b5:45:b0:43:
                    3a:44:8a:d2:71:ab:40:ba:0d:69:61:b9:77:ec:88:
                    29:a2:7c:50:b0:f3:d6:9c:12:ab:3e:ec:28:31:cf:
                    fa:d1:b7:73:4e:98:45:01:09:1c:88:07:7b:4c:48:
                    cf:20:48:af:5f:1b:de:cc:10:f6:2b:9f:a8:21:fa:
                    74:7f:9b:f4:af:c4:7d:05:47:bb:8e:69:6e:ad:86:
                    46:4e:75:98:34:2a:94:ec:5f:c6:f8:8f:ca:f1:8b:
                    c3:84:44:4c:11:74:49:3f:73:d2:3f:c4:0c:34:54:
                    c4:46:f0:fb:8b:6b:eb:60:f8:e0:27:f5:b1:58:b6:
                    6d:61:21:95:23:24:29:f2:d0:9a:a5:8a:80:5c:76:
                    f0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:E8:21:ED:61:F8:83:3D:4A:93:4E:7E:30:69:C4:C5:51:76:3E:65
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/G-gh7WH4gz1Kk05-MGnExVF2PmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:35:db:1c:d6:da:67:1d:9b:82:8a:95:01:69:3e:cb:39:52:
         ee:de:62:ec:1f:77:a2:d6:b5:34:76:2e:98:48:2d:65:19:27:
         8a:b2:84:f7:94:ef:75:95:9b:5b:a1:40:18:62:06:63:a4:62:
         79:4a:dc:61:14:70:76:ba:f6:32:57:27:06:4d:6a:ff:93:21:
         e7:5a:d3:70:96:00:95:3a:06:95:ae:37:6d:22:cb:52:e5:bb:
         d4:d4:7b:1e:95:3f:b4:72:37:b1:d9:0e:ba:f9:97:9f:47:e6:
         b2:fe:ec:b3:5a:4b:9e:dd:06:82:bf:e1:98:da:94:eb:b1:1b:
         20:c2:37:fe:63:c7:e0:82:12:4f:d6:08:a5:ec:68:96:62:7e:
         0e:37:5a:82:11:5c:28:02:a5:5b:31:93:3d:30:c2:b5:87:df:
         d4:f7:df:66:fd:36:07:52:ab:8b:40:e3:54:f2:05:d1:3d:46:
         6b:f4:7c:14:78:b3:19:74:0f:1c:43:b6:f7:0d:3e:71:ec:20:
         f4:10:a0:53:4a:f7:37:65:8b:11:27:38:ff:a2:cf:82:9e:ca:
         7b:fc:e2:b9:3a:41:b7:1e:1b:ed:1d:b2:42:bd:2d:5c:0a:7d:
         ae:96:61:2e:2d:8d:bf:69:dd:f6:fd:b1:f7:6b:a0:d1:ef:bb:
         c8:29:af:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh+NbdaWLgj6AMRFfnvCpKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwODA2MDcwODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmU4MjFlZDYxZjg4MzNkNGE5MzRlN2UzMDY5YzRjNTUxNzYzZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApR0Qt3iZiy8yUlPi1wo2swQW55AM
dK/P6QDxZI7dgQUO6EktUPs06lxthsxOjsQqE85Z1BJ5eQ3NSvIkcyr5SEI4mABk
aqOadVLZ26snGfFBywOa2q247o4edGwxfm6VJ2Q0k/FH9E5s1L98ubFgeIKhE7VF
sEM6RIrScatAug1pYbl37IgponxQsPPWnBKrPuwoMc/60bdzTphFAQkciAd7TEjP
IEivXxvezBD2K5+oIfp0f5v0r8R9BUe7jmlurYZGTnWYNCqU7F/G+I/K8YvDhERM
EXRJP3PSP8QMNFTERvD7i2vrYPjgJ/WxWLZtYSGVIyQp8tCapYqAXHbw9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvoIe1h+IM9SpNOfjBpxMVRdj5lMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvRy1naDdXSDRnejFLazA1LU1HbkV4VkYyUG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bEhMA0G
CSqGSIb3DQEBCwUAA4IBAQB7Ndsc1tpnHZuCipUBaT7LOVLu3mLsH3ei1rU0di6Y
SC1lGSeKsoT3lO91lZtboUAYYgZjpGJ5StxhFHB2uvYyVycGTWr/kyHnWtNwlgCV
OgaVrjdtIstS5bvU1HselT+0cjex2Q66+ZefR+ay/uyzWkue3QaCv+GY2pTrsRsg
wjf+Y8fgghJP1gil7GiWYn4ON1qCEVwoAqVbMZM9MMK1h9/U999m/TYHUquLQONU
8gXRPUZr9HwUeLMZdA8cQ7b3DT5x7CD0EKBTSvc3ZYsRJzj/os+Cnsp7/OK5OkG3
HhvtHbJCvS1cCn2ulmEuLY2/ad32/bH3a6DR77vIKa/z
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:57:43 2025 by rpki-client