Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/GsAphnof2IQ8hB4m9X-dGnH1BXc.roa
File:                     GsAphnof2IQ8hB4m9X-dGnH1BXc.roa (raw, json)
Hash identifier:          HN5blZhmqO79Og1t/O79vNM5DKY/aODw/WxeFyljaiA=
Subject key identifier:   1A:C0:29:86:7A:1F:D8:84:3C:84:1E:26:F5:7F:9D:1A:71:F5:05:77
Certificate issuer:       /CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
Certificate serial:       019D9C8C1B6121AC2E60A7F5DC9F66FCF46D
Authority key identifier: 41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/GsAphnof2IQ8hB4m9X-dGnH1BXc.roa
Signing time:             Fri 17 Apr 2026 17:45:20 +0000
ROA not before:           Fri 17 Apr 2026 17:45:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213533
IP address blocks:        93.92.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:8c:1b:61:21:ac:2e:60:a7:f5:dc:9f:66:fc:f4:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
        Validity
            Not Before: Apr 17 17:45:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ac029867a1fd8843c841e26f57f9d1a71f50577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a1:70:65:93:d7:51:24:20:70:32:1c:5b:0f:
                    3e:81:d0:e8:71:6e:0f:f5:d9:a3:63:9f:3f:2d:d2:
                    97:19:c6:c7:32:60:ab:52:4b:84:71:df:10:3c:59:
                    cb:09:61:91:c8:de:66:d0:0f:6a:1c:97:9b:ad:73:
                    ce:c5:be:82:4b:13:c9:e7:5f:a6:6c:db:a9:8f:11:
                    b4:99:d3:aa:98:cc:38:f7:07:92:c6:d1:5d:a9:fd:
                    20:05:4b:e5:c1:d8:18:31:a8:df:5b:c4:d4:47:36:
                    1a:bc:33:37:b6:74:cb:56:1e:c5:86:27:2d:84:53:
                    7d:77:ca:df:2f:22:f2:29:5e:5f:de:b2:9f:66:2f:
                    61:e4:ae:cf:7f:ea:f7:e4:4d:76:fb:ff:ff:b1:4f:
                    ac:9e:bc:b2:ec:0a:27:4f:76:c5:a3:4a:27:77:12:
                    48:c3:d8:2c:af:f8:f8:04:05:17:b6:da:1e:0d:5c:
                    61:74:e4:d8:c3:b1:c6:4c:23:22:4b:b8:f6:d6:f4:
                    16:7d:3d:8d:ae:aa:cd:1f:88:aa:14:2b:99:96:34:
                    3d:33:ab:d0:03:32:c1:d6:3d:ca:a3:2a:7f:f0:a1:
                    5c:1e:da:ac:9c:0f:f8:4f:67:49:e5:e7:f3:1f:de:
                    de:5c:c7:61:0d:60:2c:50:d4:bc:14:c5:1f:8a:31:
                    4d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:C0:29:86:7A:1F:D8:84:3C:84:1E:26:F5:7F:9D:1A:71:F5:05:77
            X509v3 Authority Key Identifier:
                keyid:41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/GsAphnof2IQ8hB4m9X-dGnH1BXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:32:0f:3d:46:4d:f6:75:01:d1:f9:06:7f:8b:f2:04:95:ba:
         36:a5:a2:2f:32:80:0d:13:09:09:1a:07:b6:ef:3a:b7:cb:45:
         c7:36:80:ae:2e:0f:8b:8b:6b:1f:7c:93:da:d8:d7:ef:33:d2:
         7d:7a:b4:d7:4c:56:9b:2a:c3:3c:a4:7c:ca:bd:ed:df:56:ad:
         d6:9e:89:8b:08:71:65:fe:3d:d1:71:39:42:d5:ad:31:cd:bb:
         17:97:0c:06:23:b6:64:43:44:55:8b:3a:bd:1f:2e:ef:57:eb:
         e7:e5:14:fd:f7:70:95:a3:04:4f:c2:5e:90:2a:f6:b2:a6:55:
         6f:67:9d:82:86:c9:a4:ef:f0:9e:4c:e3:77:60:d4:3b:27:b2:
         1d:bb:58:0c:66:40:7d:63:a4:a6:d1:c9:f8:ce:69:7a:11:65:
         46:bc:6a:af:55:6e:52:76:b0:37:ec:83:f1:8e:48:3a:2f:f1:
         d1:af:76:07:67:ec:81:ea:d0:69:02:24:74:31:2e:a8:5f:fd:
         23:86:b5:6e:98:c9:51:fe:ed:d4:10:91:92:2f:4e:7f:eb:ab:
         1d:98:3c:6a:13:4f:f8:83:bb:7f:07:7b:b1:e7:a9:18:20:eb:
         72:5b:7b:a8:b0:ed:07:e6:cd:80:1d:4a:ba:da:06:14:a3:23:
         2b:9a:d3:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2cjBthIawuYKf13J9m/PRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzNlZWI4ZDAyZjVmNjQ3ODhiM2ZkYzc4ZDZiYWI4YTU1
ZmQxNmEwHhcNMjYwNDE3MTc0NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWMwMjk4NjdhMWZkODg0M2M4NDFlMjZmNTdmOWQxYTcxZjUwNTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6FwZZPXUSQgcDIcWw8+gdDocW4P
9dmjY58/LdKXGcbHMmCrUkuEcd8QPFnLCWGRyN5m0A9qHJebrXPOxb6CSxPJ51+m
bNupjxG0mdOqmMw49weSxtFdqf0gBUvlwdgYMajfW8TURzYavDM3tnTLVh7Fhict
hFN9d8rfLyLyKV5f3rKfZi9h5K7Pf+r35E12+///sU+snryy7AonT3bFo0ondxJI
w9gsr/j4BAUXttoeDVxhdOTYw7HGTCMiS7j21vQWfT2NrqrNH4iqFCuZljQ9M6vQ
AzLB1j3Koyp/8KFcHtqsnA/4T2dJ5efzH97eXMdhDWAsUNS8FMUfijFNSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrAKYZ6H9iEPIQeJvV/nRpx9QV3MB8GA1UdIwQY
MBaAFEFz7rjQL19keIs/3HjWurilX9FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmIt
ZDgzZWQxNDBkMjhkLzEvR3NBcGhub2YySVE4aEI0bTlYLWRHbkgxQlhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmItZDgzZWQxNDBkMjhk
LzEvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVxRMA0G
CSqGSIb3DQEBCwUAA4IBAQCuMg89Rk32dQHR+QZ/i/IElbo2paIvMoANEwkJGge2
7zq3y0XHNoCuLg+Li2sffJPa2NfvM9J9erTXTFabKsM8pHzKve3fVq3WnomLCHFl
/j3RcTlC1a0xzbsXlwwGI7ZkQ0RVizq9Hy7vV+vn5RT993CVowRPwl6QKvayplVv
Z52Chsmk7/CeTON3YNQ7J7Idu1gMZkB9Y6Sm0cn4zml6EWVGvGqvVW5SdrA37IPx
jkg6L/HRr3YHZ+yB6tBpAiR0MS6oX/0jhrVumMlR/u3UEJGSL05/66sdmDxqE0/4
g7t/B3ux56kYIOtyW3uosO0H5s2AHUq62gYUoyMrmtN5
-----END CERTIFICATE-----