Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/G8BPphhm9oFoNoaDVHCDJOi1A1I.roa
File:                     G8BPphhm9oFoNoaDVHCDJOi1A1I.roa (raw, json)
Hash identifier:          o25EiApUpZto47Wgp7aaZGTEkqSv5P2WX51MC5xNgcg=
Subject key identifier:   1B:C0:4F:A6:18:66:F6:81:68:36:86:83:54:70:83:24:E8:B5:03:52
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019D1A20C9FABD6F68A3E1515166C98EF990
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/G8BPphhm9oFoNoaDVHCDJOi1A1I.roa
Signing time:             Mon 23 Mar 2026 09:57:29 +0000
ROA not before:           Mon 23 Mar 2026 09:57:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215523
IP address blocks:        213.18.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:20:c9:fa:bd:6f:68:a3:e1:51:51:66:c9:8e:f9:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Mar 23 09:57:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1bc04fa61866f6816836868354708324e8b50352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8f:62:bc:b1:4f:d1:01:7e:34:30:63:4c:29:
                    48:4e:76:55:63:8d:53:de:1a:aa:68:a0:3b:8c:ce:
                    d4:53:f1:94:cd:78:be:25:55:ed:42:11:b5:6b:a3:
                    d4:cf:f4:92:35:92:48:0c:84:74:d2:36:1c:b5:cd:
                    0a:91:a3:49:46:9f:ba:38:b8:5b:d2:8d:c5:c3:f0:
                    ce:77:3c:b5:49:f2:07:2e:31:91:1c:12:fb:b5:2b:
                    77:74:94:bf:5e:0f:bb:94:0c:dc:1a:da:9c:a7:6d:
                    60:bc:aa:3f:49:37:d3:27:d6:c4:a5:33:a0:a3:a6:
                    91:6d:e8:11:3b:5e:07:89:32:a6:5e:31:40:38:fa:
                    2e:68:41:7d:8e:23:73:95:ad:fe:19:96:0f:78:fe:
                    2c:62:f1:19:13:36:d8:a1:1b:69:ab:50:bb:5c:5f:
                    7e:aa:06:84:4c:20:36:d5:1b:44:fd:4c:b6:35:fd:
                    94:10:a3:fe:a9:81:24:d1:83:93:5a:2d:73:81:5c:
                    54:84:20:3d:ae:7b:35:73:f6:dc:c0:57:38:cf:65:
                    f7:d3:6f:50:bf:1f:b6:68:4d:f6:fe:28:f7:9d:4d:
                    26:60:60:74:60:66:a6:0d:f3:a1:30:10:56:f8:c1:
                    d3:79:c4:02:f2:bf:eb:58:7d:77:3f:07:8e:79:8a:
                    66:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:C0:4F:A6:18:66:F6:81:68:36:86:83:54:70:83:24:E8:B5:03:52
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/G8BPphhm9oFoNoaDVHCDJOi1A1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.18.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:b9:fb:62:ed:62:e1:f1:3d:7a:3b:6c:dc:b5:10:cc:30:d0:
         28:3c:7b:56:4a:28:c7:5a:3e:b0:42:f0:33:80:1e:c2:da:90:
         6f:8f:25:e0:b6:94:d7:b3:70:95:fc:d7:4f:0a:92:77:b5:30:
         74:9e:68:f1:6e:37:65:d8:82:f8:8c:b2:56:3c:ac:04:fc:af:
         3f:0d:fc:8f:d7:12:f4:01:3e:58:a2:7e:5e:73:cf:58:b2:d6:
         3d:b1:c6:f0:77:07:d4:b0:81:cb:3d:fd:4d:a5:11:e3:5d:89:
         72:42:4b:00:ff:2d:ec:70:ee:de:12:f2:5f:d6:80:3d:5d:27:
         e5:55:5a:69:36:9b:7f:d1:43:9f:d9:88:59:6e:f8:7a:2e:db:
         cd:dd:c6:d0:2f:4d:bd:62:55:33:10:89:29:11:40:2a:ea:c1:
         c2:3c:a7:49:f5:23:a3:6c:08:38:a3:6d:10:6d:9c:03:dd:74:
         75:5e:dc:5d:67:84:1b:4b:2a:91:5d:6a:65:94:41:8a:bc:08:
         0d:3a:80:bf:5a:7c:9c:3b:3e:de:d5:85:a9:41:36:92:00:97:
         99:48:7e:97:76:f4:74:f8:3a:5d:35:e4:ce:5b:3a:86:bf:ff:
         cf:cf:39:3e:70:e6:14:d8:a0:de:6b:19:41:97:c3:e3:83:25:
         c4:f5:86:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0aIMn6vW9oo+FRUWbJjvmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjYwMzIzMDk1NzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmMwNGZhNjE4NjZmNjgxNjgzNjg2ODM1NDcwODMyNGU4YjUwMzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo9ivLFP0QF+NDBjTClITnZVY41T
3hqqaKA7jM7UU/GUzXi+JVXtQhG1a6PUz/SSNZJIDIR00jYctc0KkaNJRp+6OLhb
0o3Fw/DOdzy1SfIHLjGRHBL7tSt3dJS/Xg+7lAzcGtqcp21gvKo/STfTJ9bEpTOg
o6aRbegRO14HiTKmXjFAOPouaEF9jiNzla3+GZYPeP4sYvEZEzbYoRtpq1C7XF9+
qgaETCA21RtE/Uy2Nf2UEKP+qYEk0YOTWi1zgVxUhCA9rns1c/bcwFc4z2X3029Q
vx+2aE32/ij3nU0mYGB0YGamDfOhMBBW+MHTecQC8r/rWH13PweOeYpmfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvAT6YYZvaBaDaGg1RwgyTotQNSMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvRzhCUHBoaG05b0ZvTm9hRFZIQ0RKT2kxQTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1RLwMA0G
CSqGSIb3DQEBCwUAA4IBAQBaufti7WLh8T16O2zctRDMMNAoPHtWSijHWj6wQvAz
gB7C2pBvjyXgtpTXs3CV/NdPCpJ3tTB0nmjxbjdl2IL4jLJWPKwE/K8/DfyP1xL0
AT5Yon5ec89YstY9scbwdwfUsIHLPf1NpRHjXYlyQksA/y3scO7eEvJf1oA9XSfl
VVppNpt/0UOf2YhZbvh6LtvN3cbQL029YlUzEIkpEUAq6sHCPKdJ9SOjbAg4o20Q
bZwD3XR1XtxdZ4QbSyqRXWpllEGKvAgNOoC/WnycOz7e1YWpQTaSAJeZSH6XdvR0
+DpdNeTOWzqGv//Pzzk+cOYU2KDeaxlBl8PjgyXE9Ybo
-----END CERTIFICATE-----