Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/GVcJ3gxbuHAN1M8bXhkm0XurzJ4.roa
File:                     GVcJ3gxbuHAN1M8bXhkm0XurzJ4.roa (raw, json)
Hash identifier:          LnAw2l35gI/vboxpJzukCZYmF3HPcjn5rKUGuplOWYs=
Subject key identifier:   19:57:09:DE:0C:5B:B8:70:0D:D4:CF:1B:5E:19:26:D1:7B:AB:CC:9E
Certificate issuer:       /CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
Certificate serial:       019D307354C6591E8715041C2D60B8321FB1
Authority key identifier: 0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/GVcJ3gxbuHAN1M8bXhkm0XurzJ4.roa
Signing time:             Fri 27 Mar 2026 17:59:17 +0000
ROA not before:           Fri 27 Mar 2026 17:59:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        185.170.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 09:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:73:54:c6:59:1e:87:15:04:1c:2d:60:b8:32:1f:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
        Validity
            Not Before: Mar 27 17:59:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=195709de0c5bb8700dd4cf1b5e1926d17babcc9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e6:21:a4:6c:8a:cd:fc:78:0f:75:fd:ce:be:
                    a9:95:81:55:22:a9:5a:0a:02:01:bb:0c:82:3c:96:
                    fb:79:ba:f7:62:bd:82:3d:6e:e0:15:c8:95:28:84:
                    8c:02:08:2c:a2:6e:ff:93:ee:9e:58:38:74:19:e1:
                    43:2a:93:48:34:fd:71:e9:8a:95:e7:31:8b:d4:c4:
                    1e:50:bc:1c:10:a6:81:7c:09:c7:e7:3b:42:61:38:
                    aa:03:23:eb:16:91:f0:20:37:c9:df:9d:51:37:ce:
                    4b:f3:11:83:86:c4:11:65:6c:f1:b7:e9:5b:c1:90:
                    88:94:ca:64:17:5b:f9:49:df:2f:91:12:33:92:2e:
                    59:46:82:1a:cf:a5:8b:9c:e8:f4:a4:c7:c5:65:3e:
                    ff:d5:3d:e5:30:97:b1:e4:ef:e8:a0:e3:a7:86:8a:
                    cd:62:ef:09:32:fa:b3:ac:d8:2a:b4:78:9d:17:1d:
                    7a:69:65:a7:15:b9:db:94:77:b1:98:b1:2c:4e:ad:
                    18:32:6a:9e:54:28:e6:7e:b3:3f:0e:77:20:73:7e:
                    ea:4e:ea:9b:7d:2f:b5:1b:23:07:87:9a:82:95:f1:
                    ff:14:93:73:d9:76:7f:a0:14:e0:fa:4c:8d:c5:90:
                    bb:a7:40:c7:10:1f:d6:0f:f2:3a:41:ef:b4:86:67:
                    5d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:57:09:DE:0C:5B:B8:70:0D:D4:CF:1B:5E:19:26:D1:7B:AB:CC:9E
            X509v3 Authority Key Identifier:
                keyid:0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/GVcJ3gxbuHAN1M8bXhkm0XurzJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d2:57:d4:58:78:72:78:f3:c5:44:0a:48:04:ad:ea:3c:8e:
         d9:b5:9c:6c:94:07:8a:b7:bc:24:12:6c:e2:3c:1a:42:27:29:
         ac:78:36:91:61:4b:53:98:85:06:04:84:7d:ab:e8:85:b2:d2:
         81:85:6c:1d:1b:93:c8:f0:43:cc:25:8e:b2:83:88:f0:80:59:
         6d:e3:64:0e:0c:c2:b6:2a:b4:63:f3:20:ab:3f:ae:12:db:f1:
         79:b3:9b:aa:fc:e6:14:80:fa:80:da:05:dc:4d:d7:5c:dd:da:
         7f:ee:ff:69:d5:0a:ff:db:50:38:b0:f8:ae:e2:13:35:2d:ae:
         26:c8:4c:3e:64:b7:e4:c5:83:23:c6:04:f1:e4:bf:14:5c:64:
         6f:37:3b:9f:91:51:ad:38:7a:d8:36:6a:56:37:45:82:c0:ab:
         b8:13:96:d0:d2:d5:49:ea:41:a3:79:15:47:db:54:9a:05:42:
         6d:fc:2e:8a:73:ad:80:97:41:13:0d:9f:56:24:9e:d3:d6:ce:
         0b:d9:77:d5:6e:b5:a3:ab:ab:57:57:7a:cd:e9:3d:bb:b9:e5:
         97:fa:6b:40:83:5d:ce:3b:03:e8:0d:04:d6:3e:3c:40:3f:12:
         99:35:df:63:3c:2f:de:e4:1c:24:7b:8c:46:99:53:53:1e:f7:
         fc:15:0f:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0wc1TGWR6HFQQcLWC4Mh+xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlM2YzMWM5ZWFjZTZmMGE1ZWNjZGI4ZGYyYjAxYzczNTE1
Njg2ODYwHhcNMjYwMzI3MTc1OTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTU3MDlkZTBjNWJiODcwMGRkNGNmMWI1ZTE5MjZkMTdiYWJjYzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuYhpGyKzfx4D3X9zr6plYFVIqla
CgIBuwyCPJb7ebr3Yr2CPW7gFciVKISMAggsom7/k+6eWDh0GeFDKpNINP1x6YqV
5zGL1MQeULwcEKaBfAnH5ztCYTiqAyPrFpHwIDfJ351RN85L8xGDhsQRZWzxt+lb
wZCIlMpkF1v5Sd8vkRIzki5ZRoIaz6WLnOj0pMfFZT7/1T3lMJex5O/ooOOnhorN
Yu8JMvqzrNgqtHidFx16aWWnFbnblHexmLEsTq0YMmqeVCjmfrM/Dncgc37qTuqb
fS+1GyMHh5qClfH/FJNz2XZ/oBTg+kyNxZC7p0DHEB/WD/I6Qe+0hmdd0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlXCd4MW7hwDdTPG14ZJtF7q8yeMB8GA1UdIwQY
MBaAFA4/Mcnqzm8KXszbjfKwHHNRVoaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYt
ZGQ1ZGRkMDVkYjBiLzEvR1ZjSjNneGJ1SEFOMU04Ylhoa20wWHVyeko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYtZGQ1ZGRkMDVkYjBi
LzEvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaqQMA0G
CSqGSIb3DQEBCwUAA4IBAQA+0lfUWHhyePPFRApIBK3qPI7ZtZxslAeKt7wkEmzi
PBpCJymseDaRYUtTmIUGBIR9q+iFstKBhWwdG5PI8EPMJY6yg4jwgFlt42QODMK2
KrRj8yCrP64S2/F5s5uq/OYUgPqA2gXcTddc3dp/7v9p1Qr/21A4sPiu4hM1La4m
yEw+ZLfkxYMjxgTx5L8UXGRvNzufkVGtOHrYNmpWN0WCwKu4E5bQ0tVJ6kGjeRVH
21SaBUJt/C6Kc62Al0ETDZ9WJJ7T1s4L2XfVbrWjq6tXV3rN6T27ueWX+mtAg13O
OwPoDQTWPjxAPxKZNd9jPC/e5Bwke4xGmVNTHvf8FQ/h
-----END CERTIFICATE-----