Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/GxPqJ9WQ-DKd_9ctcg8-12jFGZ0.roa
File:                     GxPqJ9WQ-DKd_9ctcg8-12jFGZ0.roa (raw, json)
Hash identifier:          KATN8CFnbRX1tzVerM2G5h88BqUwwD5kvjL2DX0FIcw=
Subject key identifier:   1B:13:EA:27:D5:90:F8:32:9D:FF:D7:2D:72:0F:3E:D7:68:C5:19:9D
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       019958DBFB71E7087B51AC3C2FD81DDDD7D8
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/GxPqJ9WQ-DKd_9ctcg8-12jFGZ0.roa
Signing time:             Wed 17 Sep 2025 18:07:15 +0000
ROA not before:           Wed 17 Sep 2025 18:07:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62005
IP address blocks:        91.210.108.0/23 maxlen: 24
                          91.221.190.0/23 maxlen: 24
                          146.19.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:58:db:fb:71:e7:08:7b:51:ac:3c:2f:d8:1d:dd:d7:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Sep 17 18:07:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b13ea27d590f8329dffd72d720f3ed768c5199d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:85:a1:20:9d:39:69:6d:15:60:4b:3f:8d:5c:
                    b1:05:aa:2f:22:1d:b3:bf:63:b0:25:a5:bf:42:66:
                    73:8f:53:96:7c:58:e6:63:d5:71:7d:fd:0a:92:3a:
                    5b:f2:01:af:57:31:92:6a:05:e5:78:6c:c3:a6:a1:
                    bc:72:99:e7:e7:14:fa:79:01:ab:7e:ac:a6:ae:6e:
                    2e:fc:df:08:b2:09:bb:ee:7d:5c:b1:1c:26:2d:83:
                    28:67:2c:aa:80:9c:3f:2e:a8:3b:e9:ed:6b:d5:46:
                    0d:10:ed:ec:61:54:c7:44:47:1f:ca:99:c2:e1:40:
                    cb:a7:27:7b:90:25:66:da:3d:df:86:d9:ae:55:3c:
                    f2:7c:35:3b:d0:6a:65:ea:b9:6d:dc:76:0a:4d:a4:
                    c5:a1:92:01:53:44:1d:24:c5:ef:ea:62:26:12:b1:
                    44:41:ee:28:6d:80:fd:ee:67:6b:92:62:07:33:c9:
                    24:6d:61:41:26:94:a1:39:e1:cf:48:2c:d8:e6:6b:
                    3d:04:1a:66:70:31:2d:08:de:41:7e:d1:8d:9e:b2:
                    09:33:8b:7d:d2:30:f3:86:25:67:28:ba:05:94:7e:
                    3f:02:d7:21:69:20:15:30:66:27:94:82:7b:fb:fe:
                    c3:5f:20:96:65:ba:55:8c:03:fa:81:0a:09:7d:38:
                    5d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:13:EA:27:D5:90:F8:32:9D:FF:D7:2D:72:0F:3E:D7:68:C5:19:9D
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/GxPqJ9WQ-DKd_9ctcg8-12jFGZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.108.0/23
                  91.221.190.0/23
                  146.19.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:38:67:49:62:ac:77:82:30:68:f3:de:f3:08:95:ac:5b:37:
         07:f9:87:94:3e:92:fa:a1:91:c7:eb:ba:24:24:5a:1d:b4:7d:
         37:24:d2:2b:c1:15:fc:c8:75:f0:1a:9e:6c:7e:c7:31:fe:e3:
         25:e5:77:f4:0b:f0:3c:7f:43:93:d7:70:42:79:25:41:1c:2d:
         2d:75:78:7e:b9:9b:ec:87:9f:94:b0:1a:a7:f5:fe:14:b6:7b:
         75:44:43:4f:b3:f4:e0:72:4c:63:98:d9:c3:0f:c3:4f:5b:d7:
         b7:ac:95:66:7b:55:cb:ff:81:a9:f3:32:f6:32:dc:3c:0b:e6:
         76:b2:5a:f5:1d:33:0f:0c:b1:40:4b:f0:41:1c:35:db:74:b8:
         89:87:6c:5a:cd:ef:ff:90:22:92:d1:8a:e6:b2:d8:fb:d4:4b:
         05:88:6f:4e:fd:07:2d:46:cc:78:c7:26:e1:88:a4:6b:12:98:
         31:eb:1c:b5:3c:92:4a:5b:58:2d:81:6f:35:92:89:5c:2b:44:
         5e:5f:0e:e7:04:1d:09:45:a0:71:90:82:df:a0:c6:2d:17:d9:
         0c:49:5c:9a:2a:b4:2a:f1:07:e8:5f:6f:c6:39:fc:ef:c2:5e:
         b6:84:fb:ad:11:21:aa:1b:d2:9c:5d:e7:4f:f6:0c:72:87:87:
         9a:dd:f4:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlY2/tx5wh7Uaw8L9gd3dfYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjUwOTE3MTgwNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjEzZWEyN2Q1OTBmODMyOWRmZmQ3MmQ3MjBmM2VkNzY4YzUxOTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioWhIJ05aW0VYEs/jVyxBaovIh2z
v2OwJaW/QmZzj1OWfFjmY9Vxff0Kkjpb8gGvVzGSagXleGzDpqG8cpnn5xT6eQGr
fqymrm4u/N8Isgm77n1csRwmLYMoZyyqgJw/Lqg76e1r1UYNEO3sYVTHREcfypnC
4UDLpyd7kCVm2j3fhtmuVTzyfDU70Gpl6rlt3HYKTaTFoZIBU0QdJMXv6mImErFE
Qe4obYD97mdrkmIHM8kkbWFBJpShOeHPSCzY5ms9BBpmcDEtCN5BftGNnrIJM4t9
0jDzhiVnKLoFlH4/AtchaSAVMGYnlIJ7+/7DXyCWZbpVjAP6gQoJfThd1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBsT6ifVkPgynf/XLXIPPtdoxRmdMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvR3hQcUo5V1EtREtkXzljdGNnOC0xMmpGR1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW9JsAwQB
W92+AwQAkhMxMA0GCSqGSIb3DQEBCwUAA4IBAQAdOGdJYqx3gjBo897zCJWsWzcH
+YeUPpL6oZHH67okJFodtH03JNIrwRX8yHXwGp5sfscx/uMl5Xf0C/A8f0OT13BC
eSVBHC0tdXh+uZvsh5+UsBqn9f4Utnt1RENPs/TgckxjmNnDD8NPW9e3rJVme1XL
/4Gp8zL2Mtw8C+Z2slr1HTMPDLFAS/BBHDXbdLiJh2xaze//kCKS0Yrmstj71EsF
iG9O/QctRsx4xybhiKRrEpgx6xy1PJJKW1gtgW81kolcK0ReXw7nBB0JRaBxkILf
oMYtF9kMSVyaKrQq8QfoX2/GOfzvwl62hPutESGqG9KcXedP9gxyh4ea3fRw
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:47 2025 by rpki-client