Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/GK6sSI8I6Ck9l0KxlxiTx3CR9nI.roa
File:                     GK6sSI8I6Ck9l0KxlxiTx3CR9nI.roa (raw, json)
Hash identifier:          Q0nMWgUs5VqHeZOmvrfOcHnb629+mFC+BasITyYx9y4=
Subject key identifier:   18:AE:AC:48:8F:08:E8:29:3D:97:42:B1:97:18:93:C7:70:91:F6:72
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0199BD98586D1D5206D8C1A2433F1E411DC9
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/GK6sSI8I6Ck9l0KxlxiTx3CR9nI.roa
Signing time:             Tue 07 Oct 2025 07:35:01 +0000
ROA not before:           Tue 07 Oct 2025 07:35:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        87.254.18.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:98:58:6d:1d:52:06:d8:c1:a2:43:3f:1e:41:1d:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Oct  7 07:35:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18aeac488f08e8293d9742b1971893c77091f672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:eb:ac:33:05:a0:5a:46:21:6a:ed:ae:1d:36:
                    a8:66:e5:5e:0a:10:ff:c2:30:7a:6d:e4:00:92:a5:
                    c2:86:8e:e1:43:ec:80:f8:23:94:29:7c:6a:3a:ee:
                    0b:50:93:33:46:e4:2f:f2:20:02:e2:87:72:fa:bb:
                    97:22:2a:5e:40:2c:57:73:ef:24:5e:50:b0:43:8a:
                    44:36:1f:02:5f:11:66:39:16:87:cd:1e:6c:d5:fc:
                    8c:ad:cf:74:db:df:78:63:75:73:8b:b9:e8:09:d8:
                    f8:0b:10:cb:96:cc:11:e3:ca:3b:61:8c:ed:7c:39:
                    d8:6f:2f:7d:fe:0c:5a:8c:ce:60:d6:92:f2:8a:7b:
                    e4:68:38:22:19:b5:99:f9:a7:1d:70:fd:5d:31:38:
                    bf:60:af:46:38:f9:0e:de:0b:80:59:29:1b:34:09:
                    bd:63:d9:b6:c3:7f:e8:18:27:1d:82:d8:06:f1:5d:
                    87:73:95:1c:11:0d:60:67:33:9c:da:8a:9b:c4:a0:
                    41:6f:98:81:f3:cf:c7:1d:dc:65:b8:0a:47:b7:f1:
                    96:e3:e2:b2:32:57:36:2f:74:b6:4d:06:a0:79:70:
                    a7:9d:21:e2:0b:f4:b6:8e:6d:49:3f:fe:94:58:52:
                    93:39:7b:c7:9a:da:6f:5e:f3:32:81:28:92:05:cd:
                    19:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:AE:AC:48:8F:08:E8:29:3D:97:42:B1:97:18:93:C7:70:91:F6:72
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/GK6sSI8I6Ck9l0KxlxiTx3CR9nI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:26:61:c1:b7:8a:43:95:50:9c:e7:61:43:cd:68:e3:be:ab:
         97:6c:7f:13:d2:20:dd:94:d7:30:24:f2:34:db:e3:1e:ab:e0:
         47:3b:40:95:63:0c:45:c3:ca:49:5c:09:cc:7c:08:62:2e:4f:
         43:6a:ac:5c:d6:21:71:02:9f:64:78:e1:57:3c:e2:06:8a:83:
         b5:94:03:05:38:63:81:e9:85:87:c5:79:d0:eb:02:df:21:24:
         d5:43:61:50:67:d3:80:a3:8e:b7:a6:b5:35:d3:af:fa:50:d4:
         17:1f:4c:5c:cb:7c:6d:47:7d:0a:8e:1d:c0:cf:f8:9d:6f:1f:
         80:30:30:1d:d5:e5:a0:0f:1e:d1:5d:26:67:0b:7c:20:fc:6a:
         fa:54:14:e8:9a:d5:a5:25:40:a0:47:ea:36:c1:8f:94:63:1b:
         d7:24:71:ab:58:9f:e2:b4:03:e3:ae:81:18:06:15:39:d3:71:
         bb:d0:91:f4:dc:c7:03:91:1b:8b:5d:9e:74:64:54:67:fb:1b:
         5d:6a:25:e5:f9:61:fe:00:20:6b:89:00:a3:e5:d4:94:90:6c:
         3a:07:59:ef:e2:86:04:17:62:38:77:56:6c:cd:b2:f2:59:9c:
         e8:35:b9:8d:07:e2:d8:b6:f1:e4:e0:73:14:df:4e:75:7b:ae:
         cb:d4:c3:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm9mFhtHVIG2MGiQz8eQR3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUxMDA3MDczNTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGFlYWM0ODhmMDhlODI5M2Q5NzQyYjE5NzE4OTNjNzcwOTFmNjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeusMwWgWkYhau2uHTaoZuVeChD/
wjB6beQAkqXCho7hQ+yA+COUKXxqOu4LUJMzRuQv8iAC4ody+ruXIipeQCxXc+8k
XlCwQ4pENh8CXxFmORaHzR5s1fyMrc902994Y3Vzi7noCdj4CxDLlswR48o7YYzt
fDnYby99/gxajM5g1pLyinvkaDgiGbWZ+acdcP1dMTi/YK9GOPkO3guAWSkbNAm9
Y9m2w3/oGCcdgtgG8V2Hc5UcEQ1gZzOc2oqbxKBBb5iB88/HHdxluApHt/GW4+Ky
Mlc2L3S2TQageXCnnSHiC/S2jm1JP/6UWFKTOXvHmtpvXvMygSiSBc0ZJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBiurEiPCOgpPZdCsZcYk8dwkfZyMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvR0s2c1NJOEk2Q2s5bDBLeGx4aVR4M0NSOW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV/4SMA0G
CSqGSIb3DQEBCwUAA4IBAQAcJmHBt4pDlVCc52FDzWjjvquXbH8T0iDdlNcwJPI0
2+Meq+BHO0CVYwxFw8pJXAnMfAhiLk9Daqxc1iFxAp9keOFXPOIGioO1lAMFOGOB
6YWHxXnQ6wLfISTVQ2FQZ9OAo463prU106/6UNQXH0xcy3xtR30Kjh3Az/idbx+A
MDAd1eWgDx7RXSZnC3wg/Gr6VBTomtWlJUCgR+o2wY+UYxvXJHGrWJ/itAPjroEY
BhU503G70JH03McDkRuLXZ50ZFRn+xtdaiXl+WH+ACBriQCj5dSUkGw6B1nv4oYE
F2I4d1ZszbLyWZzoNbmNB+LYtvHk4HMU3051e67L1MPg
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:37 2025 by rpki-client