Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/GFx_mgq0updPewOobapgTe6j-8M.roa
File:                     GFx_mgq0updPewOobapgTe6j-8M.roa (raw, json)
Hash identifier:          gF+70PsAzD+e/4Ne30icXZco6XsJMKihnj7o6wZ3Pkg=
Subject key identifier:   18:5C:7F:9A:0A:B4:BA:97:4F:7B:03:A8:6D:AA:60:4D:EE:A3:FB:C3
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019DF47F4CA5DC6AEC1B6886EBB487FE56F5
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/GFx_mgq0updPewOobapgTe6j-8M.roa
Signing time:             Mon 04 May 2026 19:37:55 +0000
ROA not before:           Mon 04 May 2026 19:37:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198316
IP address blocks:        87.76.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f4:7f:4c:a5:dc:6a:ec:1b:68:86:eb:b4:87:fe:56:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: May  4 19:37:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=185c7f9a0ab4ba974f7b03a86daa604deea3fbc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:58:d2:98:69:ee:ea:d9:92:c9:51:e3:2f:5c:
                    e9:6a:ec:56:5f:b8:0e:e3:ff:ac:07:c8:1b:3d:3c:
                    a2:6f:6d:d6:cd:4a:b5:4e:56:0a:20:d6:dd:92:d5:
                    51:e0:34:46:88:17:cd:e9:83:ce:94:e2:5c:ce:0d:
                    50:a5:55:62:52:07:b7:b4:75:f5:fe:05:77:47:b7:
                    a2:e3:c2:28:b6:b1:fc:dd:d5:07:ad:89:16:46:3d:
                    d7:36:65:35:fd:ae:6f:be:d1:c1:38:f7:3c:c1:64:
                    26:41:8a:35:81:ff:11:ea:39:b1:09:ad:11:8f:66:
                    24:ae:4c:6d:b1:ca:00:ad:17:4a:af:5b:71:b7:d1:
                    74:01:f5:9a:72:bf:d3:cf:77:77:86:1e:3c:10:2f:
                    5b:11:47:bb:d3:07:75:49:69:72:a7:9b:6d:2f:3f:
                    48:99:bf:5a:4d:d5:89:49:73:7b:23:6d:bb:3a:0d:
                    03:0b:42:7a:09:70:87:75:c6:8d:e7:cc:46:6d:fd:
                    39:25:e9:35:08:1d:b8:32:b8:3e:78:fa:45:d4:6a:
                    9e:49:59:61:f6:2f:f0:05:85:c2:f2:de:bd:7c:c6:
                    c3:1a:c1:fa:72:19:18:bd:0e:a5:5e:31:fb:d5:0e:
                    a2:e2:30:e7:f8:4a:cd:27:07:7c:5e:f3:1a:b5:d7:
                    44:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:5C:7F:9A:0A:B4:BA:97:4F:7B:03:A8:6D:AA:60:4D:EE:A3:FB:C3
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/GFx_mgq0updPewOobapgTe6j-8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:92:1f:f9:1f:83:80:21:17:bc:44:c1:3b:c3:61:b5:5c:82:
         74:6b:d2:6d:14:0b:62:b5:09:b8:e6:8b:37:9b:12:2d:64:49:
         14:92:1f:d2:69:68:76:5f:bb:f3:b8:25:20:7f:8f:33:47:96:
         9f:88:b3:e7:f0:b4:db:c4:b5:8c:14:b5:be:ae:6a:c6:b6:d5:
         cd:da:0d:a5:50:fc:5a:c0:20:6d:e1:cf:c3:7c:5e:df:3a:aa:
         25:3b:11:b3:bd:d0:ad:62:50:45:fd:34:42:57:b5:16:db:5c:
         b2:43:c8:f9:6d:b2:cc:0f:0b:46:88:11:e5:b7:fe:f3:91:08:
         4a:7a:72:98:98:14:74:40:e0:e4:b1:61:69:09:c3:77:14:52:
         50:d5:6c:57:f8:d0:f7:01:dc:79:b3:81:a8:70:97:38:71:9b:
         e8:26:e8:8a:3f:f0:39:ed:28:9b:2b:df:2f:8a:6e:3e:bd:32:
         5a:42:2d:93:df:91:af:2c:1e:19:06:5b:fb:02:f0:bf:1e:14:
         a0:1f:3a:0d:ca:8a:83:c3:b5:c8:b7:07:45:94:9c:09:d7:ab:
         c8:f7:a0:1b:24:2b:b0:53:64:ef:df:40:29:09:5b:5c:7c:6b:
         44:75:df:9f:5f:be:c0:36:41:b4:af:2f:9b:49:7b:69:92:64:
         17:af:ee:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ30f0yl3GrsG2iG67SH/lb1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTA0MTkzNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODVjN2Y5YTBhYjRiYTk3NGY3YjAzYTg2ZGFhNjA0ZGVlYTNmYmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1jSmGnu6tmSyVHjL1zpauxWX7gO
4/+sB8gbPTyib23WzUq1TlYKINbdktVR4DRGiBfN6YPOlOJczg1QpVViUge3tHX1
/gV3R7ei48IotrH83dUHrYkWRj3XNmU1/a5vvtHBOPc8wWQmQYo1gf8R6jmxCa0R
j2YkrkxtscoArRdKr1txt9F0AfWacr/Tz3d3hh48EC9bEUe70wd1SWlyp5ttLz9I
mb9aTdWJSXN7I227Og0DC0J6CXCHdcaN58xGbf05Jek1CB24Mrg+ePpF1GqeSVlh
9i/wBYXC8t69fMbDGsH6chkYvQ6lXjH71Q6i4jDn+ErNJwd8XvMatddEaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhcf5oKtLqXT3sDqG2qYE3uo/vDMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvR0Z4X21ncTB1cGRQZXdPb2JhcGdUZTZqLThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zcMA0G
CSqGSIb3DQEBCwUAA4IBAQCMkh/5H4OAIRe8RME7w2G1XIJ0a9JtFAtitQm45os3
mxItZEkUkh/SaWh2X7vzuCUgf48zR5afiLPn8LTbxLWMFLW+rmrGttXN2g2lUPxa
wCBt4c/DfF7fOqolOxGzvdCtYlBF/TRCV7UW21yyQ8j5bbLMDwtGiBHlt/7zkQhK
enKYmBR0QODksWFpCcN3FFJQ1WxX+ND3Adx5s4GocJc4cZvoJuiKP/A57SibK98v
im4+vTJaQi2T35GvLB4ZBlv7AvC/HhSgHzoNyoqDw7XItwdFlJwJ16vI96AbJCuw
U2Tv30ApCVtcfGtEdd+fX77ANkG0ry+bSXtpkmQXr+75
-----END CERTIFICATE-----