Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/GpKFwLB0_LHkCPFxLND-hjNMHiA.roa
File:                     GpKFwLB0_LHkCPFxLND-hjNMHiA.roa (raw, json)
Hash identifier:          XUmBciheModNQ1tw3rQ9Xdpn5RaBSYNl0n59csrm7jQ=
Subject key identifier:   1A:92:85:C0:B0:74:FC:B1:E4:08:F1:71:2C:D0:FE:86:33:4C:1E:20
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0199F334F8979593F51BFFD5B96C4C39661D
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/GpKFwLB0_LHkCPFxLND-hjNMHiA.roa
Signing time:             Fri 17 Oct 2025 17:25:59 +0000
ROA not before:           Fri 17 Oct 2025 17:25:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        14.102.226.0/23 maxlen: 24
                          45.151.143.0/24 maxlen: 24
                          77.111.96.0/22 maxlen: 22
                          77.111.98.0/24 maxlen: 24
                          77.111.102.0/23 maxlen: 24
                          77.111.105.0/24 maxlen: 24
                          77.111.108.0/24 maxlen: 24
                          94.229.209.0/24 maxlen: 24
                          94.229.212.0/24 maxlen: 24
                          94.229.213.0/24 maxlen: 24
                          94.229.216.0/24 maxlen: 24
                          94.229.217.0/24 maxlen: 24
                          94.229.218.0/24 maxlen: 24
                          94.229.219.0/24 maxlen: 24
                          94.229.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f3:34:f8:97:95:93:f5:1b:ff:d5:b9:6c:4c:39:66:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 17 17:25:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a9285c0b074fcb1e408f1712cd0fe86334c1e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:39:eb:c5:40:b9:96:b3:95:52:ad:41:2f:22:
                    37:a4:8f:2a:c5:ed:4d:a6:00:c4:fa:94:8e:46:3a:
                    76:00:4b:40:b1:24:57:c6:29:6b:cc:eb:e3:b0:f5:
                    f7:ab:ad:02:69:b1:1d:0f:da:77:a5:d1:4a:dd:43:
                    b3:d8:47:d0:e1:33:f9:d6:a6:e7:4d:eb:34:bd:77:
                    29:c0:0c:53:ed:05:8c:03:af:a5:23:ed:c0:a2:3f:
                    cd:35:32:67:fe:cf:1f:5d:98:dc:90:02:de:e2:d8:
                    d0:45:e8:e9:3a:56:b8:7b:fe:11:d6:12:e6:50:aa:
                    c0:9d:7c:77:53:3f:95:e2:67:01:f4:55:0b:84:16:
                    19:57:fa:78:cf:b9:7f:03:95:87:f3:b4:ae:30:ca:
                    e2:8b:f3:e8:38:a4:8d:ef:b8:c3:a5:e8:df:10:9b:
                    14:e8:f6:93:ac:17:63:35:b4:58:3b:46:59:ad:0c:
                    ae:da:8c:16:1c:9c:a2:f0:b4:53:0c:3f:6c:0a:64:
                    6d:34:d9:31:f2:c2:22:4e:df:ae:bb:51:3f:94:16:
                    8c:e7:df:3f:65:dc:8a:5c:fb:a5:a7:ed:a9:b1:f8:
                    db:87:8d:c5:b6:c6:e3:1c:60:ba:9e:83:07:14:48:
                    72:55:0d:15:5e:8a:5f:ad:fb:d5:fb:95:ed:f6:cb:
                    78:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:92:85:C0:B0:74:FC:B1:E4:08:F1:71:2C:D0:FE:86:33:4C:1E:20
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/GpKFwLB0_LHkCPFxLND-hjNMHiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.226.0/23
                  45.151.143.0/24
                  77.111.96.0/22
                  77.111.102.0/23
                  77.111.105.0/24
                  77.111.108.0/24
                  94.229.209.0/24
                  94.229.212.0/23
                  94.229.216.0/22
                  94.229.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:6d:16:bf:00:c4:f1:27:66:a5:d7:f3:a5:84:19:ef:77:c9:
         73:f6:46:70:7d:b0:e5:29:82:63:c1:f5:08:f4:74:e5:6c:58:
         37:a1:da:96:b2:44:17:91:4f:f0:27:19:13:51:66:04:0a:1f:
         bb:89:01:c9:59:d7:4d:d0:67:97:7a:e2:22:22:35:7f:1e:10:
         51:01:9e:6f:16:63:51:13:0e:84:c4:23:cf:31:65:ea:2e:65:
         5e:fe:04:1c:c4:b1:83:29:fe:62:8a:89:09:a6:a7:c4:48:cc:
         5c:88:62:d4:84:ba:42:b4:4e:a5:e1:ac:74:75:09:0d:c5:79:
         0f:00:da:a9:e4:05:78:91:e4:57:2c:b4:1d:1c:ce:bc:63:56:
         82:ab:fa:40:aa:ed:31:77:f7:77:45:2b:6f:f8:a1:20:bb:fe:
         59:6d:05:89:9b:9e:9c:cb:09:27:1e:e6:bb:4b:1c:2d:e4:2b:
         a3:48:13:ac:bf:29:0b:0a:da:24:f4:b0:5e:17:c8:ca:1c:fe:
         45:97:8b:2d:7b:c9:ae:8d:4e:aa:19:ce:22:29:c1:0d:47:f1:
         5d:b9:77:14:fc:12:ac:df:08:4e:e7:6d:9b:ae:08:b2:29:24:
         e2:89:f0:a0:01:f8:6a:ca:b2:72:ab:ab:db:62:da:a1:71:c8:
         9f:fd:76:ca
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZnzNPiXlZP1G//VuWxMOWYdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUxMDE3MTcyNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTkyODVjMGIwNzRmY2IxZTQwOGYxNzEyY2QwZmU4NjMzNGMxZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTnrxUC5lrOVUq1BLyI3pI8qxe1N
pgDE+pSORjp2AEtAsSRXxilrzOvjsPX3q60CabEdD9p3pdFK3UOz2EfQ4TP51qbn
Tes0vXcpwAxT7QWMA6+lI+3Aoj/NNTJn/s8fXZjckALe4tjQRejpOla4e/4R1hLm
UKrAnXx3Uz+V4mcB9FULhBYZV/p4z7l/A5WH87SuMMrii/PoOKSN77jDpejfEJsU
6PaTrBdjNbRYO0ZZrQyu2owWHJyi8LRTDD9sCmRtNNkx8sIiTt+uu1E/lBaM598/
ZdyKXPulp+2psfjbh43FtsbjHGC6noMHFEhyVQ0VXopfrfvV+5Xt9st4uwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBqShcCwdPyx5AjxcSzQ/oYzTB4gMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvR3BLRndMQjBfTEhrQ1BGeExORC1oak5NSGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBDmbiAwQA
LZePAwQCTW9gAwQBTW9mAwQATW9pAwQATW9sAwQAXuXRAwQBXuXUAwQCXuXYAwQA
XuXfMA0GCSqGSIb3DQEBCwUAA4IBAQDBbRa/AMTxJ2al1/OlhBnvd8lz9kZwfbDl
KYJjwfUI9HTlbFg3odqWskQXkU/wJxkTUWYECh+7iQHJWddN0GeXeuIiIjV/HhBR
AZ5vFmNREw6ExCPPMWXqLmVe/gQcxLGDKf5iiokJpqfESMxciGLUhLpCtE6l4ax0
dQkNxXkPANqp5AV4keRXLLQdHM68Y1aCq/pAqu0xd/d3RStv+KEgu/5ZbQWJm56c
ywknHua7Sxwt5CujSBOsvykLCtok9LBeF8jKHP5Fl4ste8mujU6qGc4iKcENR/Fd
uXcU/BKs3whO522brgiyKSTiifCgAfhqyrJyq6vbYtqhccif/XbK
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:42 2025 by rpki-client