Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/fba0ec-de56-40a5-89cf-770d7e3c0620/1/GSjgftqq3fsasoRBiwgyoGVynxk.roa
File:                     GSjgftqq3fsasoRBiwgyoGVynxk.roa (raw, json)
Hash identifier:          9bH/WK8qEWYXbBVodpWZWBBCr2Ad6muHm/adFtN+AO0=
Subject key identifier:   19:28:E0:7E:DA:AA:DD:FB:1A:B2:84:41:8B:08:32:A0:65:72:9F:19
Certificate issuer:       /CN=cf7d7654e87ce4f96792d565c56e191f44de9f5a
Certificate serial:       019B7B3566DE702BD4DA928E6FD71B07632C
Authority key identifier: CF:7D:76:54:E8:7C:E4:F9:67:92:D5:65:C5:6E:19:1F:44:DE:9F:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z312VOh85PlnktVlxW4ZH0Ten1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/fba0ec-de56-40a5-89cf-770d7e3c0620/1/GSjgftqq3fsasoRBiwgyoGVynxk.roa
Signing time:             Thu 01 Jan 2026 20:17:35 +0000
ROA not before:           Thu 01 Jan 2026 20:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212676
IP address blocks:        185.178.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/fba0ec-de56-40a5-89cf-770d7e3c0620/1/z312VOh85PlnktVlxW4ZH0Ten1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/fba0ec-de56-40a5-89cf-770d7e3c0620/1/z312VOh85PlnktVlxW4ZH0Ten1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z312VOh85PlnktVlxW4ZH0Ten1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:66:de:70:2b:d4:da:92:8e:6f:d7:1b:07:63:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf7d7654e87ce4f96792d565c56e191f44de9f5a
        Validity
            Not Before: Jan  1 20:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1928e07edaaaddfb1ab284418b0832a065729f19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:0a:57:c3:bd:aa:6b:b1:21:5e:63:3b:86:6e:
                    40:c5:4f:15:a6:1a:78:34:f2:d2:51:61:ea:83:22:
                    35:75:16:98:83:86:ff:c8:dd:48:dd:e2:c8:f5:3f:
                    27:69:3a:81:42:de:c3:55:9c:88:3c:47:f3:a3:09:
                    79:a3:d4:91:81:5f:c7:49:58:c4:f2:82:a3:88:51:
                    77:fb:59:84:31:20:eb:50:e9:60:89:1f:38:41:d6:
                    a9:35:4e:08:87:c6:65:0d:11:a5:77:91:b7:8e:2a:
                    13:d2:62:c9:81:8a:9f:f3:24:3e:e5:69:ed:aa:40:
                    66:7f:e8:b1:40:08:97:26:71:38:ea:0a:bd:8a:b4:
                    9e:ba:69:6d:e8:39:79:fa:2f:a1:71:5f:bf:22:bb:
                    b7:dd:63:1f:74:4f:a1:f3:ae:ab:42:6c:f1:4e:dd:
                    a0:cb:32:18:24:cc:dd:8b:46:32:5c:8e:ad:8e:bf:
                    e9:1e:5d:d2:4b:a6:d0:7f:00:06:bd:0b:18:fa:6e:
                    ca:3d:ce:fa:b1:18:8c:83:52:89:7e:e4:83:b4:51:
                    f5:7b:8a:a7:7c:50:06:16:8e:85:98:f3:3e:e9:dd:
                    b4:59:41:5f:eb:73:0c:68:10:c3:54:c4:47:c6:6d:
                    1f:f4:1c:b9:1f:51:97:0f:eb:29:f5:56:63:b7:00:
                    a2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:28:E0:7E:DA:AA:DD:FB:1A:B2:84:41:8B:08:32:A0:65:72:9F:19
            X509v3 Authority Key Identifier:
                keyid:CF:7D:76:54:E8:7C:E4:F9:67:92:D5:65:C5:6E:19:1F:44:DE:9F:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z312VOh85PlnktVlxW4ZH0Ten1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/fba0ec-de56-40a5-89cf-770d7e3c0620/1/GSjgftqq3fsasoRBiwgyoGVynxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/fba0ec-de56-40a5-89cf-770d7e3c0620/1/z312VOh85PlnktVlxW4ZH0Ten1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:b8:00:ad:68:d5:41:1f:bf:46:06:a5:11:3e:ad:9c:44:66:
         f1:26:40:5e:fb:77:6e:d4:83:fc:e3:3f:23:a9:d6:03:2e:eb:
         35:4e:c9:5c:0c:db:54:4f:b1:75:01:f9:3b:cf:ab:fb:34:19:
         48:85:53:6f:22:6a:17:03:7d:db:4b:fe:5f:06:88:a2:56:67:
         a9:d9:6a:0d:59:c7:28:5c:c7:da:59:34:75:2e:50:d4:29:51:
         d5:fd:41:f4:f4:f7:9e:1e:55:91:7a:97:76:26:eb:89:d2:26:
         fe:57:81:a9:46:3a:79:7d:ba:80:36:2b:70:5e:30:94:52:45:
         ce:97:08:61:90:0b:e9:59:15:92:01:03:ae:9c:b2:c0:62:9d:
         eb:d0:9d:a7:90:a5:52:30:53:f1:81:22:8d:39:5e:26:5a:af:
         d5:bf:32:fe:13:40:81:d3:9a:15:04:40:21:5c:dd:e4:4e:19:
         41:6d:c0:84:07:a3:ef:8f:4f:51:99:01:12:67:1b:de:94:da:
         fc:33:a6:45:73:fc:2b:bd:06:fc:58:24:44:f7:56:0f:36:14:
         57:c5:06:bd:1d:62:08:38:6e:5e:40:ff:98:77:f1:df:fd:94:
         b2:17:17:24:f3:b5:15:8e:f6:bd:b5:21:75:7d:70:4a:bb:f1:
         cd:24:39:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NWbecCvU2pKOb9cbB2MsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmN2Q3NjU0ZTg3Y2U0Zjk2NzkyZDU2NWM1NmUxOTFmNDRk
ZTlmNWEwHhcNMjYwMTAxMjAxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTI4ZTA3ZWRhYWFkZGZiMWFiMjg0NDE4YjA4MzJhMDY1NzI5ZjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QpXw72qa7EhXmM7hm5AxU8Vphp4
NPLSUWHqgyI1dRaYg4b/yN1I3eLI9T8naTqBQt7DVZyIPEfzowl5o9SRgV/HSVjE
8oKjiFF3+1mEMSDrUOlgiR84QdapNU4Ih8ZlDRGld5G3jioT0mLJgYqf8yQ+5Wnt
qkBmf+ixQAiXJnE46gq9irSeumlt6Dl5+i+hcV+/Iru33WMfdE+h866rQmzxTt2g
yzIYJMzdi0YyXI6tjr/pHl3SS6bQfwAGvQsY+m7KPc76sRiMg1KJfuSDtFH1e4qn
fFAGFo6FmPM+6d20WUFf63MMaBDDVMRHxm0f9By5H1GXD+sp9VZjtwCi3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBko4H7aqt37GrKEQYsIMqBlcp8ZMB8GA1UdIwQY
MBaAFM99dlTofOT5Z5LVZcVuGR9E3p9aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejMxMlZPaDg1UGxua3RWbHhXNFpIMFRlbjFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9mYmEwZWMtZGU1Ni00MGE1LTg5Y2Yt
NzcwZDdlM2MwNjIwLzEvR1NqZ2Z0cXEzZnNhc29SQml3Z3lvR1Z5bnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9mYmEwZWMtZGU1Ni00MGE1LTg5Y2YtNzcwZDdlM2MwNjIw
LzEvejMxMlZPaDg1UGxua3RWbHhXNFpIMFRlbjFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubIwMA0G
CSqGSIb3DQEBCwUAA4IBAQByuACtaNVBH79GBqURPq2cRGbxJkBe+3du1IP84z8j
qdYDLus1TslcDNtUT7F1Afk7z6v7NBlIhVNvImoXA33bS/5fBoiiVmep2WoNWcco
XMfaWTR1LlDUKVHV/UH09PeeHlWRepd2JuuJ0ib+V4GpRjp5fbqANitwXjCUUkXO
lwhhkAvpWRWSAQOunLLAYp3r0J2nkKVSMFPxgSKNOV4mWq/VvzL+E0CB05oVBEAh
XN3kThlBbcCEB6Pvj09RmQESZxvelNr8M6ZFc/wrvQb8WCRE91YPNhRXxQa9HWII
OG5eQP+Yd/Hf/ZSyFxck87UVjva9tSF1fXBKu/HNJDnI
-----END CERTIFICATE-----