Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/GRea9lk1vceom4TFm3UHffkyQH8.roa
File:                     GRea9lk1vceom4TFm3UHffkyQH8.roa (raw, json)
Hash identifier:          7sx9fKJ6zSwa6txM9tmVfdAR/9hActQM7paLbf+Thbw=
Subject key identifier:   19:17:9A:F6:59:35:BD:C7:A8:9B:84:C5:9B:75:07:7D:F9:32:40:7F
Certificate issuer:       /CN=62719c6d8b9950378a7489315fb078111a18ad55
Certificate serial:       019DD3E2D5F1124F139AE454F509E7B3CE71
Authority key identifier: 62:71:9C:6D:8B:99:50:37:8A:74:89:31:5F:B0:78:11:1A:18:AD:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YnGcbYuZUDeKdIkxX7B4ERoYrVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/GRea9lk1vceom4TFm3UHffkyQH8.roa
Signing time:             Tue 28 Apr 2026 11:39:11 +0000
ROA not before:           Tue 28 Apr 2026 11:39:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200456
IP address blocks:        185.71.216.0/24 maxlen: 24
                          185.71.217.0/24 maxlen: 24
                          185.71.218.0/24 maxlen: 24
                          185.119.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/YnGcbYuZUDeKdIkxX7B4ERoYrVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/YnGcbYuZUDeKdIkxX7B4ERoYrVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YnGcbYuZUDeKdIkxX7B4ERoYrVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:e2:d5:f1:12:4f:13:9a:e4:54:f5:09:e7:b3:ce:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62719c6d8b9950378a7489315fb078111a18ad55
        Validity
            Not Before: Apr 28 11:39:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19179af65935bdc7a89b84c59b75077df932407f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a5:a3:18:53:85:74:ee:d8:1d:d8:3b:5c:bb:
                    a1:54:86:3e:7d:fa:50:c2:ce:be:55:6b:70:5a:9b:
                    c1:72:9d:4d:28:92:55:8a:3d:3e:55:70:04:5c:de:
                    38:75:24:25:45:98:57:4b:4f:69:7d:13:10:dc:16:
                    f6:ff:7c:1d:c5:9e:df:fe:4d:12:1c:a4:4d:89:ad:
                    58:72:cc:9d:91:38:da:68:9b:fa:89:bb:1e:05:20:
                    5e:88:cd:48:d6:94:64:b1:42:15:62:6e:fb:51:51:
                    f4:d7:de:b1:50:84:78:c5:3d:c5:7b:ec:7e:11:1a:
                    26:5a:f4:6c:54:3d:ae:77:c4:6e:b2:39:01:60:2c:
                    16:e6:5a:0d:57:4c:99:51:e8:fe:9b:46:46:aa:3a:
                    f4:64:42:30:5d:1a:84:b3:60:92:e9:df:c5:4b:fb:
                    bb:8b:7c:c9:d8:04:8e:19:a1:e9:67:1b:5b:a3:b6:
                    24:60:dc:2f:f7:c3:58:f1:02:b1:23:ce:d5:3f:99:
                    1b:e0:49:81:b0:cf:7d:96:9c:83:b7:25:84:2d:e5:
                    fe:11:4c:ea:58:4f:eb:f1:91:c9:38:cf:5e:9c:96:
                    56:7e:6a:21:c5:10:4f:71:e3:53:a9:72:65:d5:8c:
                    9b:bf:dd:19:6c:51:77:5d:a1:20:c6:f2:bd:f2:3d:
                    5f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:17:9A:F6:59:35:BD:C7:A8:9B:84:C5:9B:75:07:7D:F9:32:40:7F
            X509v3 Authority Key Identifier:
                keyid:62:71:9C:6D:8B:99:50:37:8A:74:89:31:5F:B0:78:11:1A:18:AD:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YnGcbYuZUDeKdIkxX7B4ERoYrVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/GRea9lk1vceom4TFm3UHffkyQH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/YnGcbYuZUDeKdIkxX7B4ERoYrVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.216.0-185.71.218.255
                  185.119.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:2e:90:db:65:36:44:b5:9a:b3:4e:a0:97:ea:c4:cf:fc:7a:
         e3:cf:21:fc:b6:fb:bb:ff:db:a3:7b:05:18:bb:7d:5f:7e:de:
         89:53:6a:24:88:95:ba:42:95:87:82:66:71:72:b4:11:d5:d1:
         3f:e4:d9:c5:7a:c3:be:b1:ca:81:25:93:c6:e5:5d:01:96:47:
         ef:52:0e:3f:13:58:9d:08:8e:23:83:33:2d:59:08:19:67:65:
         c4:96:6b:33:3c:e8:58:ca:17:a6:8c:66:ea:8c:2e:31:32:0b:
         51:e3:7b:11:b6:fa:48:bb:46:34:ae:6e:1a:15:55:86:d7:5f:
         53:f5:7e:0f:cc:1b:22:64:d1:32:ed:da:d8:c0:a5:a4:fd:a0:
         2a:19:5b:bd:3b:6b:6b:a7:4a:2d:2a:97:05:2f:e4:57:0b:37:
         54:06:bb:0f:8c:d5:77:c2:58:54:de:45:7d:7d:bb:d2:9f:9a:
         5f:29:90:6a:0d:6e:38:9c:ac:87:f8:6c:3c:3a:24:54:e8:7c:
         87:51:c4:4b:20:1a:c3:fa:a9:e6:01:5c:4c:a8:5e:78:d6:d9:
         c1:41:84:40:e7:4b:c3:3b:c5:04:48:f4:c2:96:a6:bb:53:15:
         28:73:ba:ce:17:a0:61:a8:c5:f0:70:38:b2:32:12:1b:6c:e3:
         a9:35:be:6e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ3T4tXxEk8TmuRU9Qnns85xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzE5YzZkOGI5OTUwMzc4YTc0ODkzMTVmYjA3ODExMWEx
OGFkNTUwHhcNMjYwNDI4MTEzOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTE3OWFmNjU5MzViZGM3YTg5Yjg0YzU5Yjc1MDc3ZGY5MzI0MDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6WjGFOFdO7YHdg7XLuhVIY+ffpQ
ws6+VWtwWpvBcp1NKJJVij0+VXAEXN44dSQlRZhXS09pfRMQ3Bb2/3wdxZ7f/k0S
HKRNia1YcsydkTjaaJv6ibseBSBeiM1I1pRksUIVYm77UVH0196xUIR4xT3Fe+x+
ERomWvRsVD2ud8RusjkBYCwW5loNV0yZUej+m0ZGqjr0ZEIwXRqEs2CS6d/FS/u7
i3zJ2ASOGaHpZxtbo7YkYNwv98NY8QKxI87VP5kb4EmBsM99lpyDtyWELeX+EUzq
WE/r8ZHJOM9enJZWfmohxRBPceNTqXJl1Yybv90ZbFF3XaEgxvK98j1fKQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBkXmvZZNb3HqJuExZt1B335MkB/MB8GA1UdIwQY
MBaAFGJxnG2LmVA3inSJMV+weBEaGK1VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5HY2JZdVpVRGVLZElreFg3QjRFUm9ZclZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8wNzJmNjgtODEzZC00YmE3LWI0OWQt
NzVmYTI5NTQxMWY1LzEvR1JlYTlsazF2Y2VvbTRURm0zVUhmZmt5UUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8wNzJmNjgtODEzZC00YmE3LWI0OWQtNzVmYTI5NTQxMWY1
LzEvWW5HY2JZdVpVRGVLZElreFg3QjRFUm9ZclZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAO5R9gD
BAC5R9oDBAC5d8UwDQYJKoZIhvcNAQELBQADggEBAAIukNtlNkS1mrNOoJfqxM/8
euPPIfy2+7v/26N7BRi7fV9+3olTaiSIlbpClYeCZnFytBHV0T/k2cV6w76xyoEl
k8blXQGWR+9SDj8TWJ0IjiODMy1ZCBlnZcSWazM86FjKF6aMZuqMLjEyC1HjexG2
+ki7RjSubhoVVYbXX1P1fg/MGyJk0TLt2tjApaT9oCoZW707a2unSi0qlwUv5FcL
N1QGuw+M1XfCWFTeRX19u9Kfml8pkGoNbjicrIf4bDw6JFTofIdRxEsgGsP6qeYB
XEyoXnjW2cFBhEDnS8M7xQRI9MKWprtTFShzus4XoGGoxfBwOLIyEhts46k1vm4=
-----END CERTIFICATE-----