Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/GpZIgv126Cl3UoGhkY1Uvof1iPY.roa
File:                     GpZIgv126Cl3UoGhkY1Uvof1iPY.roa (raw, json)
Hash identifier:          fP30v2kEF8neAtWHSrqD3PG/OVeu+YIU3qixidi5CQc=
Subject key identifier:   1A:96:48:82:FD:76:E8:29:77:52:81:A1:91:8D:54:BE:87:F5:88:F6
Certificate issuer:       /CN=c51791a5811c7f6ed81fd441b50265af5e9c61b0
Certificate serial:       019D20C25101052E00F51FBD29778FD2C58A
Authority key identifier: C5:17:91:A5:81:1C:7F:6E:D8:1F:D4:41:B5:02:65:AF:5E:9C:61:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xReRpYEcf27YH9RBtQJlr16cYbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/GpZIgv126Cl3UoGhkY1Uvof1iPY.roa
Signing time:             Tue 24 Mar 2026 16:51:38 +0000
ROA not before:           Tue 24 Mar 2026 16:51:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206108
IP address blocks:        185.170.227.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xReRpYEcf27YH9RBtQJlr16cYbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xReRpYEcf27YH9RBtQJlr16cYbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xReRpYEcf27YH9RBtQJlr16cYbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:c2:51:01:05:2e:00:f5:1f:bd:29:77:8f:d2:c5:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c51791a5811c7f6ed81fd441b50265af5e9c61b0
        Validity
            Not Before: Mar 24 16:51:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a964882fd76e829775281a1918d54be87f588f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:29:87:59:d4:21:1d:19:ff:77:5d:ff:86:a1:
                    47:5f:41:fa:34:ba:04:18:4e:1e:70:3f:09:98:fb:
                    bb:7e:3f:d2:45:33:32:5f:dc:7d:aa:74:6b:d4:1f:
                    a3:5c:28:bc:88:c8:54:3f:c3:f3:cb:72:57:44:c1:
                    3b:9d:55:10:2a:2a:e2:c2:72:81:78:5e:91:5c:c4:
                    39:d3:18:7a:f8:fe:0e:99:d7:6d:c9:2e:e0:7e:07:
                    8d:2c:a4:9a:62:54:11:b6:ce:0f:ff:ca:4a:8a:07:
                    40:41:de:f8:c3:e0:24:a8:9b:62:12:e4:22:c8:15:
                    c8:4e:a6:fe:4b:cc:d9:fa:2f:0b:09:27:b9:74:88:
                    1c:62:77:51:75:d9:9d:b7:c3:51:e6:e6:19:cf:f3:
                    b5:cc:a6:b0:cf:12:9a:ce:9d:90:9f:77:fd:d2:4f:
                    b7:90:b9:a2:84:95:0d:85:f6:f6:52:aa:25:b4:01:
                    0c:eb:7b:0b:3f:58:d6:45:a5:b2:21:f8:3c:3a:a9:
                    3e:ed:1b:48:27:f0:b9:5f:4b:b1:75:0a:a0:a3:54:
                    64:b1:65:69:3f:65:9a:ae:93:8a:12:93:8f:6e:f8:
                    bc:36:3e:47:2d:e8:d0:9c:a1:85:4a:53:2a:4d:db:
                    bf:eb:8d:3e:18:86:60:fb:b8:93:3a:a0:dd:93:8b:
                    54:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:96:48:82:FD:76:E8:29:77:52:81:A1:91:8D:54:BE:87:F5:88:F6
            X509v3 Authority Key Identifier:
                keyid:C5:17:91:A5:81:1C:7F:6E:D8:1F:D4:41:B5:02:65:AF:5E:9C:61:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xReRpYEcf27YH9RBtQJlr16cYbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/GpZIgv126Cl3UoGhkY1Uvof1iPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xReRpYEcf27YH9RBtQJlr16cYbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:47:d3:7f:b4:8b:d9:1f:c2:22:08:4f:d3:21:9d:ab:97:7e:
         e2:0c:0c:a5:11:04:7a:6c:cd:67:ad:b9:9e:ad:69:43:f5:7d:
         7f:71:cd:d1:35:09:08:95:18:d2:6f:68:6e:46:53:9e:a3:80:
         b9:2a:6f:2c:f4:63:7d:e2:ec:0c:0f:98:ab:9a:55:28:02:8b:
         63:62:34:e7:de:c9:07:fb:ae:73:1d:4a:32:80:54:0f:6d:61:
         bc:92:6e:69:d8:40:d5:52:db:aa:71:59:64:fe:9d:94:88:79:
         1e:2e:e3:81:c9:d4:38:9d:f7:a6:3e:4e:6f:c9:8d:b6:96:5a:
         6b:db:0e:f1:ba:75:5b:dd:ba:be:56:85:6f:9f:ab:10:1a:de:
         4e:ba:6b:24:e7:0d:87:24:cc:11:b5:82:1f:21:84:f4:91:e2:
         14:db:9d:7d:f5:d4:3e:0e:d8:77:a5:8f:8d:8c:11:ff:cf:c8:
         a7:f2:46:2d:e5:59:65:b0:a4:5f:8c:bd:58:35:a0:85:52:a6:
         fe:f6:35:e5:23:f2:29:f7:81:da:00:ae:2b:32:f7:e5:d3:a9:
         07:07:1a:d7:2e:d2:51:af:56:0c:36:b9:43:40:4c:33:4b:48:
         18:50:87:fc:61:e1:3a:2b:90:8c:3b:b4:45:21:74:22:35:bc:
         c0:d2:95:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0gwlEBBS4A9R+9KXeP0sWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MTc5MWE1ODExYzdmNmVkODFmZDQ0MWI1MDI2NWFmNWU5
YzYxYjAwHhcNMjYwMzI0MTY1MTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTk2NDg4MmZkNzZlODI5Nzc1MjgxYTE5MThkNTRiZTg3ZjU4OGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkymHWdQhHRn/d13/hqFHX0H6NLoE
GE4ecD8JmPu7fj/SRTMyX9x9qnRr1B+jXCi8iMhUP8Pzy3JXRME7nVUQKiriwnKB
eF6RXMQ50xh6+P4OmddtyS7gfgeNLKSaYlQRts4P/8pKigdAQd74w+AkqJtiEuQi
yBXITqb+S8zZ+i8LCSe5dIgcYndRddmdt8NR5uYZz/O1zKawzxKazp2Qn3f90k+3
kLmihJUNhfb2UqoltAEM63sLP1jWRaWyIfg8Oqk+7RtIJ/C5X0uxdQqgo1RksWVp
P2WarpOKEpOPbvi8Nj5HLejQnKGFSlMqTdu/640+GIZg+7iTOqDdk4tUvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqWSIL9dugpd1KBoZGNVL6H9Yj2MB8GA1UdIwQY
MBaAFMUXkaWBHH9u2B/UQbUCZa9enGGwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFJlUnBZRWNmMjdZSDlSQnRRSmxyMTZjWWJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8wYmYxOTYtNjVhYi00ZTc0LWE2MWEt
ODE5MTY0YjkyYjg4LzEvR3BaSWd2MTI2Q2wzVW9HaGtZMVV2b2YxaVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8wYmYxOTYtNjVhYi00ZTc0LWE2MWEtODE5MTY0YjkyYjg4
LzEveFJlUnBZRWNmMjdZSDlSQnRRSmxyMTZjWWJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuarjMA0G
CSqGSIb3DQEBCwUAA4IBAQC8R9N/tIvZH8IiCE/TIZ2rl37iDAylEQR6bM1nrbme
rWlD9X1/cc3RNQkIlRjSb2huRlOeo4C5Km8s9GN94uwMD5irmlUoAotjYjTn3skH
+65zHUoygFQPbWG8km5p2EDVUtuqcVlk/p2UiHkeLuOBydQ4nfemPk5vyY22llpr
2w7xunVb3bq+VoVvn6sQGt5Oumsk5w2HJMwRtYIfIYT0keIU25199dQ+Dth3pY+N
jBH/z8in8kYt5VllsKRfjL1YNaCFUqb+9jXlI/Ip94HaAK4rMvfl06kHBxrXLtJR
r1YMNrlDQEwzS0gYUIf8YeE6K5CMO7RFIXQiNbzA0pWC
-----END CERTIFICATE-----