Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/6a6842-cb3f-4fb1-9069-78611ec94b44/1/gsGddDzj7ZMWFldWvISby9K5Dlg.roa
File:                     gsGddDzj7ZMWFldWvISby9K5Dlg.roa (raw, json)
Hash identifier:          bo8ZwXWO+41WjnaheexxyDc0uSwcDET97lejnD10FTk=
Subject key identifier:   82:C1:9D:74:3C:E3:ED:93:16:16:57:56:BC:84:9B:CB:D2:B9:0E:58
Certificate issuer:       /CN=a9b79243fdbf7b365c1dbc23c90a8bccb3c39751
Certificate serial:       019DD810BE7451671387FF79D3D468D6D0C4
Authority key identifier: A9:B7:92:43:FD:BF:7B:36:5C:1D:BC:23:C9:0A:8B:CC:B3:C3:97:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qbeSQ_2_ezZcHbwjyQqLzLPDl1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/6a6842-cb3f-4fb1-9069-78611ec94b44/1/gsGddDzj7ZMWFldWvISby9K5Dlg.roa
Signing time:             Wed 29 Apr 2026 07:07:49 +0000
ROA not before:           Wed 29 Apr 2026 07:07:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        78.31.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/6a6842-cb3f-4fb1-9069-78611ec94b44/1/qbeSQ_2_ezZcHbwjyQqLzLPDl1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/6a6842-cb3f-4fb1-9069-78611ec94b44/1/qbeSQ_2_ezZcHbwjyQqLzLPDl1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qbeSQ_2_ezZcHbwjyQqLzLPDl1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:10:be:74:51:67:13:87:ff:79:d3:d4:68:d6:d0:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9b79243fdbf7b365c1dbc23c90a8bccb3c39751
        Validity
            Not Before: Apr 29 07:07:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82c19d743ce3ed9316165756bc849bcbd2b90e58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:59:19:ae:43:e7:0c:e5:fb:d4:90:75:58:f3:
                    3e:0d:56:fa:f5:7e:82:d0:e0:62:ae:39:76:af:90:
                    30:6a:b2:fc:3e:21:18:1d:e5:ad:09:0b:a0:14:02:
                    35:b4:59:11:73:9b:ad:cd:e3:cd:c9:c7:bf:d0:40:
                    9b:3f:50:bb:ec:51:24:88:cb:c8:7b:ae:5f:d6:c6:
                    c0:bf:15:28:f3:0e:88:8a:7c:75:55:cc:73:b4:75:
                    6b:4a:4d:bb:dc:56:12:af:be:a2:90:48:74:1c:19:
                    0f:e8:8a:87:a3:62:db:7c:e6:dd:f6:d2:e9:20:c3:
                    d0:21:12:d3:35:52:04:d9:f2:cb:e7:2c:65:e2:c5:
                    8c:0a:16:78:9a:6d:d3:26:1b:60:47:18:13:c0:10:
                    40:3c:9e:3c:d6:01:1c:33:a4:f9:5a:49:57:9e:f1:
                    01:d3:ae:ad:c1:ff:1d:3c:67:13:f8:c6:4d:df:29:
                    4d:45:65:84:96:fb:8e:4d:f3:bb:7e:96:fd:1d:ee:
                    a9:0d:18:f2:17:b9:b5:5a:5c:41:5c:6a:b1:50:b5:
                    c2:84:ff:b9:36:e9:4f:db:9d:48:02:fa:f5:37:67:
                    da:38:64:15:90:e4:dd:d4:c2:ca:56:50:01:4b:04:
                    ec:88:38:06:ad:e4:20:31:6b:09:89:d4:ca:0e:bd:
                    4e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C1:9D:74:3C:E3:ED:93:16:16:57:56:BC:84:9B:CB:D2:B9:0E:58
            X509v3 Authority Key Identifier:
                keyid:A9:B7:92:43:FD:BF:7B:36:5C:1D:BC:23:C9:0A:8B:CC:B3:C3:97:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbeSQ_2_ezZcHbwjyQqLzLPDl1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6a6842-cb3f-4fb1-9069-78611ec94b44/1/gsGddDzj7ZMWFldWvISby9K5Dlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6a6842-cb3f-4fb1-9069-78611ec94b44/1/qbeSQ_2_ezZcHbwjyQqLzLPDl1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1b:b8:d0:d4:02:bc:d7:80:c6:17:7c:a3:6d:70:a4:c4:07:fa:
         fb:f5:75:2a:f5:f1:f9:c2:04:32:2d:fd:b3:47:8f:b9:72:c0:
         a6:c7:1a:cb:8c:61:32:fe:83:3f:1d:21:ed:eb:01:aa:6a:56:
         48:1c:32:50:22:b4:31:da:fa:e5:03:82:c6:c6:93:e0:16:30:
         a1:6a:59:69:6e:d7:84:0d:b1:e5:ff:79:2c:b8:3a:0a:5b:fc:
         dd:fe:93:ca:c9:e9:34:1c:96:20:ba:d6:4f:a8:eb:e1:38:ce:
         6f:55:99:4a:07:db:b3:f0:1c:52:56:99:2c:3b:de:9a:cf:23:
         cd:74:23:eb:a4:43:48:b2:28:e7:f6:7e:11:1b:48:27:d2:e6:
         67:20:9f:39:21:ef:9d:53:67:4b:c5:74:ae:c0:dc:c2:05:41:
         2f:74:d1:c7:71:63:4c:83:16:e6:5b:e8:62:ec:2b:89:47:16:
         b0:d9:ab:b0:50:f2:2a:5f:cf:15:48:1e:f3:0c:e7:85:d6:69:
         b1:32:7f:08:2e:f8:39:71:23:fd:c8:83:a2:44:55:62:79:28:
         19:9e:05:d8:a0:f6:6d:d2:c2:16:bd:ff:3e:f4:01:ad:89:a5:
         3b:cb:38:45:1c:87:60:cd:4c:b3:0a:b2:9a:dc:ac:ca:5f:48:
         ab:6a:cd:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3YEL50UWcTh/9509Ro1tDEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Yjc5MjQzZmRiZjdiMzY1YzFkYmMyM2M5MGE4YmNjYjNj
Mzk3NTEwHhcNMjYwNDI5MDcwNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmMxOWQ3NDNjZTNlZDkzMTYxNjU3NTZiYzg0OWJjYmQyYjkwZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFkZrkPnDOX71JB1WPM+DVb69X6C
0OBirjl2r5AwarL8PiEYHeWtCQugFAI1tFkRc5utzePNyce/0ECbP1C77FEkiMvI
e65f1sbAvxUo8w6Iinx1VcxztHVrSk273FYSr76ikEh0HBkP6IqHo2LbfObd9tLp
IMPQIRLTNVIE2fLL5yxl4sWMChZ4mm3TJhtgRxgTwBBAPJ481gEcM6T5WklXnvEB
066twf8dPGcT+MZN3ylNRWWElvuOTfO7fpb9He6pDRjyF7m1WlxBXGqxULXChP+5
NulP251IAvr1N2faOGQVkOTd1MLKVlABSwTsiDgGreQgMWsJidTKDr1OgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILBnXQ84+2TFhZXVryEm8vSuQ5YMB8GA1UdIwQY
MBaAFKm3kkP9v3s2XB28I8kKi8yzw5dRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJlU1FfMl9lelpjSGJ3anlRcUx6TFBEbDFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy82YTY4NDItY2IzZi00ZmIxLTkwNjkt
Nzg2MTFlYzk0YjQ0LzEvZ3NHZGREemo3Wk1XRmxkV3ZJU2J5OUs1RGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy82YTY4NDItY2IzZi00ZmIxLTkwNjktNzg2MTFlYzk0YjQ0
LzEvcWJlU1FfMl9lelpjSGJ3anlRcUx6TFBEbDFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTh8IMA0G
CSqGSIb3DQEBCwUAA4IBAQAbuNDUArzXgMYXfKNtcKTEB/r79XUq9fH5wgQyLf2z
R4+5csCmxxrLjGEy/oM/HSHt6wGqalZIHDJQIrQx2vrlA4LGxpPgFjChallpbteE
DbHl/3ksuDoKW/zd/pPKyek0HJYgutZPqOvhOM5vVZlKB9uz8BxSVpksO96azyPN
dCPrpENIsijn9n4RG0gn0uZnIJ85Ie+dU2dLxXSuwNzCBUEvdNHHcWNMgxbmW+hi
7CuJRxaw2auwUPIqX88VSB7zDOeF1mmxMn8ILvg5cSP9yIOiRFVieSgZngXYoPZt
0sIWvf8+9AGtiaU7yzhFHIdgzUyzCrKa3KzKX0iras3S
-----END CERTIFICATE-----