Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/geaRxoLVhDcZBVyhdeOs-L3dqH8.roa
File:                     geaRxoLVhDcZBVyhdeOs-L3dqH8.roa (raw, json)
Hash identifier:          v/gk2RC/o7m5zSWvAzxtnnzxEOoHq+kiZCoASoCUoYs=
Subject key identifier:   81:E6:91:C6:82:D5:84:37:19:05:5C:A1:75:E3:AC:F8:BD:DD:A8:7F
Certificate issuer:       /CN=19b390b62d09950d500cd6bbbd78d0390560ec42
Certificate serial:       019DFE28D743380770E227EBCB4916228AB2
Authority key identifier: 19:B3:90:B6:2D:09:95:0D:50:0C:D6:BB:BD:78:D0:39:05:60:EC:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/geaRxoLVhDcZBVyhdeOs-L3dqH8.roa
Signing time:             Wed 06 May 2026 16:39:42 +0000
ROA not before:           Wed 06 May 2026 16:39:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213791
IP address blocks:        185.133.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:28:d7:43:38:07:70:e2:27:eb:cb:49:16:22:8a:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19b390b62d09950d500cd6bbbd78d0390560ec42
        Validity
            Not Before: May  6 16:39:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81e691c682d5843719055ca175e3acf8bddda87f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6e:49:50:be:d4:0d:9d:ca:1b:b0:3b:cb:ca:
                    d7:b3:cd:4b:da:de:f6:06:a3:f6:00:fc:a5:82:35:
                    74:e5:a9:b7:98:87:f5:58:00:20:41:43:d4:ea:9b:
                    60:e1:99:4e:9f:f3:65:df:91:67:0e:88:ef:a7:a5:
                    e5:0c:e4:41:5b:76:3e:bc:94:66:16:47:7c:88:57:
                    4e:e8:af:69:54:28:85:c2:3f:ed:06:56:3f:53:c4:
                    c8:95:c5:3b:8f:2c:f1:b1:69:c3:ad:2d:9a:ae:91:
                    d3:75:17:45:dc:d1:3c:e8:a0:c1:29:e8:86:1d:bb:
                    46:e3:db:0d:ad:6d:da:12:06:c1:aa:0f:b5:2d:e9:
                    5b:fd:e2:d4:c9:b1:d3:79:04:48:96:df:4f:52:3f:
                    42:48:23:d1:88:d8:7e:71:51:f3:9f:29:2e:63:51:
                    0d:f2:18:ce:82:41:ae:24:56:44:8b:d7:70:da:8a:
                    6c:13:1f:71:8d:9a:ab:03:d3:bd:71:d9:a7:bc:09:
                    aa:f7:dd:82:78:15:1a:7d:72:16:8e:01:85:ed:5c:
                    ae:59:de:99:91:7e:30:0a:43:77:91:ec:12:5b:2b:
                    ba:93:97:36:dd:fe:d4:46:03:22:cb:e7:5d:dc:f9:
                    8b:d1:2f:91:e0:fe:dc:8b:d0:8d:7f:ee:46:d0:f0:
                    de:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:E6:91:C6:82:D5:84:37:19:05:5C:A1:75:E3:AC:F8:BD:DD:A8:7F
            X509v3 Authority Key Identifier:
                keyid:19:B3:90:B6:2D:09:95:0D:50:0C:D6:BB:BD:78:D0:39:05:60:EC:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/geaRxoLVhDcZBVyhdeOs-L3dqH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:7c:04:11:ad:52:a5:26:1c:4e:c3:fe:be:f8:93:38:2e:cc:
         90:88:f8:3f:79:d9:bd:4d:62:21:a5:0c:1c:cd:73:a7:bb:21:
         35:23:4b:49:c3:8f:e7:6c:b9:c9:3b:8d:a1:ef:88:3f:bb:0c:
         52:54:64:0c:ae:01:4c:59:60:9b:66:fa:89:b8:1c:96:50:14:
         84:73:1b:b6:f3:08:a7:f6:76:7a:3f:99:ba:47:1f:d5:50:b5:
         bb:7c:24:ae:14:8f:29:64:28:32:89:9a:3a:e0:3f:bc:1b:16:
         6f:cd:ec:0d:34:84:67:4a:17:9d:a9:ab:30:cf:af:2a:27:69:
         27:ab:15:1f:64:cf:35:40:f6:30:df:c2:ea:ed:01:84:c5:04:
         0b:11:f2:7a:80:fa:c1:c9:5e:96:53:8e:1b:78:90:ee:cf:72:
         ae:57:93:1c:86:c4:54:91:24:4d:d9:37:11:ed:84:e0:f9:db:
         f1:41:d2:ea:a2:c7:75:27:fe:8d:c7:c9:de:19:d0:af:f5:e6:
         da:e3:77:a4:4c:2f:67:a0:7f:d2:52:61:85:8b:ae:36:70:ba:
         e8:4a:3d:44:09:6f:95:99:e4:38:17:7f:5e:f5:fe:59:8b:29:
         68:d5:34:3e:8f:81:fc:dc:26:12:66:55:aa:23:49:29:91:83:
         0a:13:78:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+KNdDOAdw4ifry0kWIoqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YjM5MGI2MmQwOTk1MGQ1MDBjZDZiYmJkNzhkMDM5MDU2
MGVjNDIwHhcNMjYwNTA2MTYzOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWU2OTFjNjgyZDU4NDM3MTkwNTVjYTE3NWUzYWNmOGJkZGRhODdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuW5JUL7UDZ3KG7A7y8rXs81L2t72
BqP2APylgjV05am3mIf1WAAgQUPU6ptg4ZlOn/Nl35FnDojvp6XlDORBW3Y+vJRm
Fkd8iFdO6K9pVCiFwj/tBlY/U8TIlcU7jyzxsWnDrS2arpHTdRdF3NE86KDBKeiG
HbtG49sNrW3aEgbBqg+1Lelb/eLUybHTeQRIlt9PUj9CSCPRiNh+cVHznykuY1EN
8hjOgkGuJFZEi9dw2opsEx9xjZqrA9O9cdmnvAmq992CeBUafXIWjgGF7VyuWd6Z
kX4wCkN3kewSWyu6k5c23f7URgMiy+dd3PmL0S+R4P7ci9CNf+5G0PDeRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHmkcaC1YQ3GQVcoXXjrPi93ah/MB8GA1UdIwQY
MBaAFBmzkLYtCZUNUAzWu7140DkFYOxCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2JPUXRpMEpsUTFRRE5hN3ZYalFPUVZnN0VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9iMzE1ODYtMzU2Ni00N2IwLTk1Y2Mt
MTQ0ZDc0NzNlYTU5LzEvZ2VhUnhvTFZoRGNaQlZ5aGRlT3MtTDNkcUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9iMzE1ODYtMzU2Ni00N2IwLTk1Y2MtMTQ0ZDc0NzNlYTU5
LzEvR2JPUXRpMEpsUTFRRE5hN3ZYalFPUVZnN0VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYXzMA0G
CSqGSIb3DQEBCwUAA4IBAQBrfAQRrVKlJhxOw/6++JM4LsyQiPg/edm9TWIhpQwc
zXOnuyE1I0tJw4/nbLnJO42h74g/uwxSVGQMrgFMWWCbZvqJuByWUBSEcxu28win
9nZ6P5m6Rx/VULW7fCSuFI8pZCgyiZo64D+8GxZvzewNNIRnShedqaswz68qJ2kn
qxUfZM81QPYw38Lq7QGExQQLEfJ6gPrByV6WU44beJDuz3KuV5MchsRUkSRN2TcR
7YTg+dvxQdLqosd1J/6Nx8neGdCv9eba43ekTC9noH/SUmGFi642cLroSj1ECW+V
meQ4F39e9f5Ziylo1TQ+j4H83CYSZlWqI0kpkYMKE3jH
-----END CERTIFICATE-----