Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a2f736-3378-4948-ba5a-5ad88b2743f7/1/gHfOZupBu0TEQs2TjKUjpYcKRic.roa
File:                     gHfOZupBu0TEQs2TjKUjpYcKRic.roa (raw, json)
Hash identifier:          MxTDZG/P4/uUhVb1MJj7wxash7iK6Yw2LptivHrbExo=
Subject key identifier:   80:77:CE:66:EA:41:BB:44:C4:42:CD:93:8C:A5:23:A5:87:0A:46:27
Certificate issuer:       /CN=f307d6ee4dcd21faaf76db3247a7423b14adbc64
Certificate serial:       019DCF768FB54284B8DA3ABD7228C44B8779
Authority key identifier: F3:07:D6:EE:4D:CD:21:FA:AF:76:DB:32:47:A7:42:3B:14:AD:BC:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8wfW7k3NIfqvdtsyR6dCOxStvGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a2f736-3378-4948-ba5a-5ad88b2743f7/1/gHfOZupBu0TEQs2TjKUjpYcKRic.roa
Signing time:             Mon 27 Apr 2026 15:02:26 +0000
ROA not before:           Mon 27 Apr 2026 15:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25375
IP address blocks:        185.196.84.0/22 maxlen: 22
                          2a0a:69c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/a2f736-3378-4948-ba5a-5ad88b2743f7/1/8wfW7k3NIfqvdtsyR6dCOxStvGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/a2f736-3378-4948-ba5a-5ad88b2743f7/1/8wfW7k3NIfqvdtsyR6dCOxStvGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8wfW7k3NIfqvdtsyR6dCOxStvGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:76:8f:b5:42:84:b8:da:3a:bd:72:28:c4:4b:87:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f307d6ee4dcd21faaf76db3247a7423b14adbc64
        Validity
            Not Before: Apr 27 15:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8077ce66ea41bb44c442cd938ca523a5870a4627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d2:dc:e2:aa:8a:25:e2:79:ff:7f:b2:e6:f8:
                    08:99:d8:54:49:30:f2:66:a6:30:7e:b6:33:6e:3f:
                    28:58:cf:be:1c:82:f7:ec:03:03:f9:f2:a2:6f:c7:
                    d2:39:6f:6e:32:3a:a6:71:8c:b5:3e:8b:d3:49:fa:
                    17:ff:7c:51:39:58:7d:4d:f8:39:d7:a4:28:a7:a6:
                    f1:d5:23:5b:ce:75:21:ff:73:75:71:87:ee:a0:9d:
                    f7:34:71:3e:40:e9:a2:2b:d4:88:bb:33:5f:96:a3:
                    71:fe:82:4e:38:15:51:08:45:20:a5:5c:80:01:6f:
                    16:47:7f:b9:1e:17:74:ab:48:ba:9a:c6:8a:1d:6c:
                    a8:f1:02:1b:99:9e:53:3a:66:c1:14:61:86:14:c5:
                    ba:62:4a:63:54:0d:a3:76:a0:15:d5:62:68:38:ed:
                    e5:30:cd:43:92:8a:e3:cf:e3:5e:cc:48:f6:cf:b3:
                    15:58:1a:77:b4:b9:ca:bd:3f:69:61:83:26:11:0f:
                    74:3c:71:82:ec:de:6a:2f:f1:c5:29:1f:20:ff:95:
                    10:92:7f:62:0f:53:91:81:39:f1:0e:83:cf:08:d7:
                    e9:16:ee:04:94:52:16:18:72:a5:0d:d3:ed:90:5e:
                    7a:c8:51:31:37:77:59:72:ec:b3:ea:ef:18:2b:55:
                    a7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:77:CE:66:EA:41:BB:44:C4:42:CD:93:8C:A5:23:A5:87:0A:46:27
            X509v3 Authority Key Identifier:
                keyid:F3:07:D6:EE:4D:CD:21:FA:AF:76:DB:32:47:A7:42:3B:14:AD:BC:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8wfW7k3NIfqvdtsyR6dCOxStvGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a2f736-3378-4948-ba5a-5ad88b2743f7/1/gHfOZupBu0TEQs2TjKUjpYcKRic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a2f736-3378-4948-ba5a-5ad88b2743f7/1/8wfW7k3NIfqvdtsyR6dCOxStvGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.84.0/22
                IPv6:
                  2a0a:69c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:10:5d:84:17:db:ca:3b:61:87:4f:44:30:8e:e7:43:f6:89:
         64:23:6c:c5:3e:27:6e:de:d1:5f:0b:95:27:3c:15:f2:cc:bb:
         40:9f:98:8f:cb:9e:31:d1:f1:ac:82:34:07:f4:03:31:84:ff:
         4c:35:ff:ff:07:3c:2b:90:3c:93:24:19:4e:4e:3c:d3:86:90:
         f8:af:e2:1b:8a:5e:77:bc:49:f3:bc:ee:2c:96:98:bc:79:e8:
         b3:62:e2:c6:1b:0a:86:08:bf:e2:06:cc:cc:fc:61:22:a3:df:
         fc:16:a6:f2:93:b6:1f:87:7d:bd:52:4d:6d:f8:e5:64:4d:69:
         a2:9f:9a:b9:2f:cb:26:5a:69:c4:8d:fc:1a:fc:1d:a6:30:ab:
         b9:1a:d6:3d:a2:81:11:fc:ca:81:8e:fb:e9:19:c4:7d:0e:b7:
         15:38:a9:3b:1d:66:3a:45:b7:a2:a3:58:1e:c9:61:69:26:2c:
         41:21:1a:96:e0:5c:ef:20:83:26:18:47:7a:cf:72:47:98:76:
         54:25:89:6a:2e:87:13:de:c8:37:87:50:9f:77:fe:61:c3:ea:
         71:67:f1:84:7e:7d:62:56:92:dc:95:fd:9c:04:16:c2:70:b3:
         8f:52:2b:27:06:72:8a:3a:97:4f:f0:b8:7a:78:7f:6d:4c:47:
         c0:a3:0b:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3Pdo+1QoS42jq9cijES4d5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMDdkNmVlNGRjZDIxZmFhZjc2ZGIzMjQ3YTc0MjNiMTRh
ZGJjNjQwHhcNMjYwNDI3MTUwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDc3Y2U2NmVhNDFiYjQ0YzQ0MmNkOTM4Y2E1MjNhNTg3MGE0NjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19Lc4qqKJeJ5/3+y5vgImdhUSTDy
ZqYwfrYzbj8oWM++HIL37AMD+fKib8fSOW9uMjqmcYy1PovTSfoX/3xROVh9Tfg5
16Qop6bx1SNbznUh/3N1cYfuoJ33NHE+QOmiK9SIuzNflqNx/oJOOBVRCEUgpVyA
AW8WR3+5Hhd0q0i6msaKHWyo8QIbmZ5TOmbBFGGGFMW6YkpjVA2jdqAV1WJoOO3l
MM1Dkorjz+NezEj2z7MVWBp3tLnKvT9pYYMmEQ90PHGC7N5qL/HFKR8g/5UQkn9i
D1ORgTnxDoPPCNfpFu4ElFIWGHKlDdPtkF56yFExN3dZcuyz6u8YK1WnZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIB3zmbqQbtExELNk4ylI6WHCkYnMB8GA1UdIwQY
MBaAFPMH1u5NzSH6r3bbMkenQjsUrbxkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHdmVzdrM05JZnF2ZHRzeVI2ZENPeFN0dkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hMmY3MzYtMzM3OC00OTQ4LWJhNWEt
NWFkODhiMjc0M2Y3LzEvZ0hmT1p1cEJ1MFRFUXMyVGpLVWpwWWNLUmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hMmY3MzYtMzM3OC00OTQ4LWJhNWEtNWFkODhiMjc0M2Y3
LzEvOHdmVzdrM05JZnF2ZHRzeVI2ZENPeFN0dkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucRUMA0E
AgACMAcDBQMqCmnAMA0GCSqGSIb3DQEBCwUAA4IBAQAoEF2EF9vKO2GHT0QwjudD
9olkI2zFPidu3tFfC5UnPBXyzLtAn5iPy54x0fGsgjQH9AMxhP9MNf//BzwrkDyT
JBlOTjzThpD4r+Ibil53vEnzvO4slpi8eeizYuLGGwqGCL/iBszM/GEio9/8Fqby
k7Yfh329Uk1t+OVkTWmin5q5L8smWmnEjfwa/B2mMKu5GtY9ooER/MqBjvvpGcR9
DrcVOKk7HWY6Rbeio1geyWFpJixBIRqW4FzvIIMmGEd6z3JHmHZUJYlqLocT3sg3
h1Cfd/5hw+pxZ/GEfn1iVpLclf2cBBbCcLOPUisnBnKKOpdP8Lh6eH9tTEfAowv5
-----END CERTIFICATE-----