Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/__gU18kn96xEQP-dgqv4pCY4F3M.roa
File:                     __gU18kn96xEQP-dgqv4pCY4F3M.roa (raw, json)
Hash identifier:          iyyh1hfdSStH6dbQTlmWYSXkFzAYSbU1VEOsURfS4Po=
Subject key identifier:   FF:F8:14:D7:C9:27:F7:AC:44:40:FF:9D:82:AB:F8:A4:26:38:17:73
Certificate issuer:       /CN=2112899e3b08c17f5c335b5cbc78da5adfef9b1f
Certificate serial:       019B77590A095FBAC8BB34E6B4CFF5290794
Authority key identifier: 21:12:89:9E:3B:08:C1:7F:5C:33:5B:5C:BC:78:DA:5A:DF:EF:9B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRKJnjsIwX9cM1tcvHjaWt_vmx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/__gU18kn96xEQP-dgqv4pCY4F3M.roa
Signing time:             Thu 01 Jan 2026 02:18:02 +0000
ROA not before:           Thu 01 Jan 2026 02:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200765
IP address blocks:        185.92.229.0/24 maxlen: 24
                          185.96.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/IRKJnjsIwX9cM1tcvHjaWt_vmx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/IRKJnjsIwX9cM1tcvHjaWt_vmx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRKJnjsIwX9cM1tcvHjaWt_vmx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:0a:09:5f:ba:c8:bb:34:e6:b4:cf:f5:29:07:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2112899e3b08c17f5c335b5cbc78da5adfef9b1f
        Validity
            Not Before: Jan  1 02:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fff814d7c927f7ac4440ff9d82abf8a426381773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9f:82:23:1e:a9:8d:e5:1a:f8:59:e1:98:6c:
                    2a:b2:de:86:b9:46:1c:63:00:07:48:7b:ac:ea:b1:
                    70:b6:c2:dc:a7:e3:ab:9f:4e:fa:dc:76:52:37:65:
                    7f:81:47:ac:6e:f4:e6:dc:fb:67:0a:98:da:a4:30:
                    84:4f:6f:db:b7:54:d3:3f:96:78:a1:e9:7b:55:18:
                    6f:4d:46:e2:9f:fd:db:e5:b7:2f:ca:90:29:52:35:
                    41:36:1c:66:49:03:8d:c3:4a:11:dd:29:b8:80:d8:
                    2d:cd:ef:e7:36:4e:4d:d5:40:9d:42:a6:91:43:c1:
                    d6:ea:d7:77:0e:da:dc:c9:11:8d:83:0d:a8:79:7b:
                    c2:b8:15:a7:15:28:59:de:13:40:a8:b6:65:da:ef:
                    d2:df:83:c6:2c:b9:42:bf:5a:5e:b4:2a:15:9a:a9:
                    a7:4e:f6:20:09:88:8c:fd:fc:93:ce:88:a7:5e:a8:
                    12:c8:02:61:fc:4b:bf:3a:4b:26:83:ca:35:24:25:
                    58:a4:fa:ca:2d:d9:46:7e:04:bf:dc:48:6c:6f:d6:
                    26:eb:2e:3a:70:7c:41:29:8e:8e:b0:e0:09:07:74:
                    16:19:2c:cd:19:ab:21:64:93:da:ea:f7:fd:84:28:
                    91:08:83:92:f7:a0:70:25:00:0b:72:c7:18:55:dc:
                    c2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F8:14:D7:C9:27:F7:AC:44:40:FF:9D:82:AB:F8:A4:26:38:17:73
            X509v3 Authority Key Identifier:
                keyid:21:12:89:9E:3B:08:C1:7F:5C:33:5B:5C:BC:78:DA:5A:DF:EF:9B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRKJnjsIwX9cM1tcvHjaWt_vmx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/__gU18kn96xEQP-dgqv4pCY4F3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/IRKJnjsIwX9cM1tcvHjaWt_vmx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.229.0/24
                  185.96.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:93:d1:1b:3a:d5:f5:05:b2:19:e3:57:ae:6c:8c:03:2a:1a:
         d2:7d:92:66:a8:27:47:af:2f:ea:cd:76:2d:53:4a:a5:7f:b6:
         71:92:e5:3b:18:f3:ea:96:af:9f:a0:60:37:fb:d1:14:3c:aa:
         6b:88:39:3e:5f:7b:99:cc:ed:64:56:c2:5e:46:aa:88:e3:a0:
         bd:ee:d7:45:e3:92:61:f8:af:10:2b:75:4e:72:d3:cb:75:0b:
         12:f1:b4:d2:da:2a:3a:18:7e:e1:42:e7:e2:ed:12:87:94:3e:
         97:39:dd:1e:db:09:14:29:a9:c4:a4:a9:eb:35:f2:fc:42:1e:
         5c:f3:99:b8:95:2e:1b:31:c2:52:87:37:6b:e2:5f:49:b5:c8:
         ce:60:79:cf:f2:8c:ee:09:66:b8:52:f1:2b:eb:5f:dd:db:60:
         ab:7b:25:47:92:89:5c:ce:97:43:ec:70:33:8d:19:63:07:2d:
         f7:dc:1a:5e:de:b9:a9:2e:c2:9e:c4:a9:cd:2f:56:f7:0c:b3:
         f0:5c:71:9c:5c:a0:6d:1e:11:98:3a:ba:e6:1d:79:f6:dc:97:
         dc:fd:c8:9e:0b:54:8d:55:16:b6:bd:84:f0:be:a0:5f:c0:db:
         e2:e9:e9:63:84:00:1e:17:bb:f4:f7:f8:fd:73:4c:84:53:b1:
         6e:52:7e:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt3WQoJX7rIuzTmtM/1KQeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMTI4OTllM2IwOGMxN2Y1YzMzNWI1Y2JjNzhkYTVhZGZl
ZjliMWYwHhcNMjYwMTAxMDIxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmY4MTRkN2M5MjdmN2FjNDQ0MGZmOWQ4MmFiZjhhNDI2MzgxNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5+CIx6pjeUa+FnhmGwqst6GuUYc
YwAHSHus6rFwtsLcp+Orn0763HZSN2V/gUesbvTm3PtnCpjapDCET2/bt1TTP5Z4
oel7VRhvTUbin/3b5bcvypApUjVBNhxmSQONw0oR3Sm4gNgtze/nNk5N1UCdQqaR
Q8HW6td3DtrcyRGNgw2oeXvCuBWnFShZ3hNAqLZl2u/S34PGLLlCv1petCoVmqmn
TvYgCYiM/fyTzoinXqgSyAJh/Eu/Oksmg8o1JCVYpPrKLdlGfgS/3Ehsb9Ym6y46
cHxBKY6OsOAJB3QWGSzNGashZJPa6vf9hCiRCIOS96BwJQALcscYVdzCiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP/4FNfJJ/esRED/nYKr+KQmOBdzMB8GA1UdIwQY
MBaAFCESiZ47CMF/XDNbXLx42lrf75sfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVJLSm5qc0l3WDljTTF0Y3ZIamFXdF92bXg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni81NDE3ZjQtNGQ2Ni00ZGU5LTkzNWQt
OTdhZDIzNzRhNTk3LzEvX19nVTE4a245NnhFUVAtZGdxdjRwQ1k0RjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni81NDE3ZjQtNGQ2Ni00ZGU5LTkzNWQtOTdhZDIzNzRhNTk3
LzEvSVJLSm5qc0l3WDljTTF0Y3ZIamFXdF92bXg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVzlAwQC
uWD4MA0GCSqGSIb3DQEBCwUAA4IBAQB7k9EbOtX1BbIZ41eubIwDKhrSfZJmqCdH
ry/qzXYtU0qlf7ZxkuU7GPPqlq+foGA3+9EUPKpriDk+X3uZzO1kVsJeRqqI46C9
7tdF45Jh+K8QK3VOctPLdQsS8bTS2io6GH7hQufi7RKHlD6XOd0e2wkUKanEpKnr
NfL8Qh5c85m4lS4bMcJShzdr4l9JtcjOYHnP8ozuCWa4UvEr61/d22CreyVHkolc
zpdD7HAzjRljBy333Bpe3rmpLsKexKnNL1b3DLPwXHGcXKBtHhGYOrrmHXn23Jfc
/cieC1SNVRa2vYTwvqBfwNvi6eljhAAeF7v09/j9c0yEU7FuUn65
-----END CERTIFICATE-----