Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GjplrcTK3MCOL8UIqscO3vF3DTU.roa
File:                     GjplrcTK3MCOL8UIqscO3vF3DTU.roa (raw, json)
Hash identifier:          AE5JmrDw76V6E3fjsPM3tG8Gy7ZjJ5U1oAVwo36tca0=
Subject key identifier:   1A:3A:65:AD:C4:CA:DC:C0:8E:2F:C5:08:AA:C7:0E:DE:F1:77:0D:35
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019EF500929A85E7F9D152F5F1EACAC5A11D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GjplrcTK3MCOL8UIqscO3vF3DTU.roa
Signing time:             Tue 23 Jun 2026 15:01:55 +0000
ROA not before:           Tue 23 Jun 2026 15:01:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63099
IP address blocks:        185.176.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 24 Jun 2026 19:47:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f5:00:92:9a:85:e7:f9:d1:52:f5:f1:ea:ca:c5:a1:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 23 15:01:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a3a65adc4cadcc08e2fc508aac70edef1770d35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3f:cf:ca:de:52:a7:a7:1f:37:eb:e4:f1:ef:
                    e9:0f:38:e7:d6:ce:98:b1:aa:8c:ef:3b:38:3e:1a:
                    bb:33:b7:cc:27:3e:98:8e:96:a5:ed:5b:3a:d5:d9:
                    e7:60:91:d0:66:06:44:36:62:49:fa:4d:64:6a:57:
                    d7:c6:76:06:2f:d1:17:93:ef:20:34:14:06:40:d5:
                    46:28:80:d0:f4:21:11:c3:e2:5d:dc:78:70:a7:11:
                    63:2a:b8:e0:aa:5f:22:e7:25:07:cb:d4:50:57:fa:
                    57:54:27:28:e6:c4:08:9a:25:70:6c:85:bd:81:62:
                    52:ef:9e:0f:0c:8a:c9:9a:ea:10:ae:a4:00:a0:16:
                    c6:37:01:46:fe:b9:e2:ed:bc:60:7e:ab:71:25:e2:
                    6d:2e:0c:19:cc:80:44:ab:71:c3:00:7f:6a:29:72:
                    a2:82:d7:de:60:30:15:17:3b:c2:49:dd:40:9b:cf:
                    89:77:59:1b:13:44:6a:ce:f2:4d:58:f5:cd:e1:3c:
                    2b:71:8c:5a:1e:3b:c2:a8:87:94:e3:6f:c0:bb:d2:
                    72:4b:51:13:fe:ec:02:df:5f:05:08:3d:36:c0:86:
                    ab:45:16:58:10:d2:40:fc:1a:41:3b:77:4a:19:05:
                    9e:4a:42:11:ef:93:c7:b2:21:6b:ea:d7:d3:2c:dc:
                    d4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:3A:65:AD:C4:CA:DC:C0:8E:2F:C5:08:AA:C7:0E:DE:F1:77:0D:35
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GjplrcTK3MCOL8UIqscO3vF3DTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:7f:5c:ce:c6:55:15:6c:6a:03:9e:12:a4:f5:0f:ff:2a:21:
         55:41:2e:28:f3:9a:e4:0c:ea:a0:01:a1:05:65:a4:5d:d3:35:
         f5:1d:d0:05:19:91:95:99:e3:de:74:72:65:da:b4:11:9a:0b:
         3b:33:f0:9d:bf:69:79:e1:fc:85:28:3c:d3:c6:44:36:fb:f8:
         eb:ad:72:2a:f1:2a:0f:b3:72:48:ed:25:1a:3e:ee:6e:29:a7:
         25:b8:ef:7a:5e:07:56:ae:02:5e:45:30:18:32:8a:eb:d5:b6:
         3e:ad:a4:2f:b6:96:ae:c4:02:60:73:6c:61:10:fb:5a:78:e3:
         b3:78:ae:4f:c0:03:bd:2c:3d:b3:fd:fd:c4:89:e1:f3:4d:03:
         8a:b6:02:02:9f:71:1e:1a:66:a4:85:81:53:4a:5c:88:d2:38:
         70:c4:3c:e3:85:0f:dd:51:5e:92:8f:54:ec:8b:b1:96:21:15:
         98:ac:b5:79:ce:9c:6d:55:fc:04:a2:f5:19:54:3f:40:05:03:
         cf:2a:ad:cd:8c:c3:33:96:0e:4a:b5:53:78:da:8d:43:1b:9a:
         29:68:fd:91:32:86:51:73:37:2d:45:00:53:0c:f8:73:92:21:
         2b:26:32:7b:dc:27:7d:79:fe:42:8d:d8:72:33:04:af:06:53:
         6d:a6:d1:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ71AJKahef50VL18erKxaEdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjIzMTUwMTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTNhNjVhZGM0Y2FkY2MwOGUyZmM1MDhhYWM3MGVkZWYxNzcwZDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD/Pyt5Sp6cfN+vk8e/pDzjn1s6Y
saqM7zs4Phq7M7fMJz6Yjpal7Vs61dnnYJHQZgZENmJJ+k1kalfXxnYGL9EXk+8g
NBQGQNVGKIDQ9CERw+Jd3HhwpxFjKrjgql8i5yUHy9RQV/pXVCco5sQImiVwbIW9
gWJS754PDIrJmuoQrqQAoBbGNwFG/rni7bxgfqtxJeJtLgwZzIBEq3HDAH9qKXKi
gtfeYDAVFzvCSd1Am8+Jd1kbE0RqzvJNWPXN4TwrcYxaHjvCqIeU42/Au9JyS1ET
/uwC318FCD02wIarRRZYENJA/BpBO3dKGQWeSkIR75PHsiFr6tfTLNzUSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBo6Za3EytzAji/FCKrHDt7xdw01MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR2pwbHJjVEszTUNPTDhVSXFzY08zdkYzRFRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubCGMA0G
CSqGSIb3DQEBCwUAA4IBAQDGf1zOxlUVbGoDnhKk9Q//KiFVQS4o85rkDOqgAaEF
ZaRd0zX1HdAFGZGVmePedHJl2rQRmgs7M/Cdv2l54fyFKDzTxkQ2+/jrrXIq8SoP
s3JI7SUaPu5uKacluO96XgdWrgJeRTAYMorr1bY+raQvtpauxAJgc2xhEPtaeOOz
eK5PwAO9LD2z/f3EieHzTQOKtgICn3EeGmakhYFTSlyI0jhwxDzjhQ/dUV6Sj1Ts
i7GWIRWYrLV5zpxtVfwEovUZVD9ABQPPKq3NjMMzlg5KtVN42o1DG5opaP2RMoZR
czctRQBTDPhzkiErJjJ73Cd9ef5CjdhyMwSvBlNtptFQ
-----END CERTIFICATE-----