Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/GNRazHWTfXHS8ItvFjqfaA6bhNY.roa
File:                     GNRazHWTfXHS8ItvFjqfaA6bhNY.roa (raw, json)
Hash identifier:          R5h2juiGu6ZrsvJHxrlGirMwVzmIY97aLdksJ6SGOpw=
Subject key identifier:   18:D4:5A:CC:75:93:7D:71:D2:F0:8B:6F:16:3A:9F:68:0E:9B:84:D6
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019D2C28B42EEB06FD0AA39EA3FD54F5EF05
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/GNRazHWTfXHS8ItvFjqfaA6bhNY.roa
Signing time:             Thu 26 Mar 2026 21:59:18 +0000
ROA not before:           Thu 26 Mar 2026 21:59:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196695
IP address blocks:        193.3.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2c:28:b4:2e:eb:06:fd:0a:a3:9e:a3:fd:54:f5:ef:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar 26 21:59:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=18d45acc75937d71d2f08b6f163a9f680e9b84d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:61:b4:39:66:92:a5:c8:d3:fc:b8:99:40:7a:
                    d3:54:f6:a3:62:aa:03:f0:dd:a9:6d:39:92:6b:ee:
                    39:34:5a:60:94:a6:42:86:2c:bd:86:be:62:00:29:
                    2c:52:a8:13:a3:65:9e:df:98:e3:1a:cc:73:6f:47:
                    14:61:71:cb:a5:47:ed:5e:e7:d9:a2:5a:eb:01:34:
                    82:ac:d3:a2:aa:96:c1:7f:da:9b:72:05:3b:4f:c4:
                    3b:32:07:0e:de:a8:43:52:6b:ac:11:6f:42:04:3f:
                    d4:3f:fc:71:8f:cc:38:05:b8:8a:bb:a1:71:b4:d4:
                    74:eb:7e:1b:f7:bc:57:f4:0e:29:dc:34:5c:de:9c:
                    b0:c7:c8:88:d1:41:e1:21:57:27:3e:f2:0c:e3:31:
                    88:5f:31:f8:57:44:84:b3:5b:4d:be:22:48:29:eb:
                    f0:7d:9a:ed:78:0e:2e:3d:70:e4:0b:d8:8b:09:6b:
                    a8:fc:c8:70:96:bd:71:8a:42:ae:37:87:b6:a1:f3:
                    ec:4e:ef:ed:48:ee:d8:88:da:27:69:d3:41:d8:52:
                    7d:ce:19:c7:c6:55:ef:9d:61:d9:93:c8:fe:d0:65:
                    ea:9f:47:ad:ca:1d:73:a1:cb:6c:4d:35:b6:ff:e8:
                    5c:13:4a:87:91:69:32:4d:48:b2:51:31:63:b8:a6:
                    a4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D4:5A:CC:75:93:7D:71:D2:F0:8B:6F:16:3A:9F:68:0E:9B:84:D6
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/GNRazHWTfXHS8ItvFjqfaA6bhNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:04:bb:e6:f0:07:66:b8:ab:f1:7a:15:20:e4:b9:aa:86:3b:
         78:3e:c0:7b:0e:56:43:2c:66:d2:db:5a:08:32:06:36:50:44:
         ed:55:da:7e:cb:85:24:2a:84:b8:8f:f9:90:59:a0:a5:88:08:
         34:31:12:87:4f:ab:e8:de:14:4b:4f:6f:48:48:53:e0:79:70:
         9e:6c:37:f3:f2:0c:01:fd:8a:0a:46:9d:3c:39:a6:c7:17:8a:
         b3:4e:6c:0a:f2:ed:0a:d0:23:7c:78:58:7b:7a:22:af:53:b4:
         6a:84:22:87:2e:e5:66:4c:97:d3:fc:9e:2d:88:e7:97:0b:49:
         e7:76:67:c7:96:01:ac:7c:fe:52:09:ac:5d:16:b5:8b:0e:7d:
         80:22:af:ca:8f:6f:d2:21:c8:a6:40:85:1e:b0:19:97:92:7a:
         de:2a:27:f2:5f:db:bb:9b:5d:cc:c4:24:ec:bd:ba:a8:a9:59:
         7a:92:6f:c8:b9:3a:2d:bc:f2:1e:1d:6d:bf:84:ab:bd:54:1e:
         04:e6:0b:67:62:b8:29:af:1d:70:fb:c2:18:66:3d:41:2f:3d:
         40:2a:6e:af:a5:67:0c:b1:ab:c9:cf:70:cb:6a:c5:e0:9d:8f:
         0c:1e:6d:a0:04:5b:4f:2e:03:ca:e0:7c:8a:78:66:aa:b8:3b:
         e5:d1:70:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0sKLQu6wb9CqOeo/1U9e8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMzI2MjE1OTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGQ0NWFjYzc1OTM3ZDcxZDJmMDhiNmYxNjNhOWY2ODBlOWI4NGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWG0OWaSpcjT/LiZQHrTVPajYqoD
8N2pbTmSa+45NFpglKZChiy9hr5iACksUqgTo2We35jjGsxzb0cUYXHLpUftXufZ
olrrATSCrNOiqpbBf9qbcgU7T8Q7MgcO3qhDUmusEW9CBD/UP/xxj8w4BbiKu6Fx
tNR0634b97xX9A4p3DRc3pywx8iI0UHhIVcnPvIM4zGIXzH4V0SEs1tNviJIKevw
fZrteA4uPXDkC9iLCWuo/Mhwlr1xikKuN4e2ofPsTu/tSO7YiNonadNB2FJ9zhnH
xlXvnWHZk8j+0GXqn0etyh1zoctsTTW2/+hcE0qHkWkyTUiyUTFjuKakuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjUWsx1k31x0vCLbxY6n2gOm4TWMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvR05SYXpIV1RmWEhTOEl0dkZqcWZhQTZiaE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMSMA0G
CSqGSIb3DQEBCwUAA4IBAQAzBLvm8AdmuKvxehUg5Lmqhjt4PsB7DlZDLGbS21oI
MgY2UETtVdp+y4UkKoS4j/mQWaCliAg0MRKHT6vo3hRLT29ISFPgeXCebDfz8gwB
/YoKRp08OabHF4qzTmwK8u0K0CN8eFh7eiKvU7RqhCKHLuVmTJfT/J4tiOeXC0nn
dmfHlgGsfP5SCaxdFrWLDn2AIq/Kj2/SIcimQIUesBmXknreKifyX9u7m13MxCTs
vbqoqVl6km/IuTotvPIeHW2/hKu9VB4E5gtnYrgprx1w+8IYZj1BLz1AKm6vpWcM
savJz3DLasXgnY8MHm2gBFtPLgPK4HyKeGaquDvl0XC2
-----END CERTIFICATE-----