Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/gvMvxN1JHVPjgshkuwfHJsKx4dU.roa
File:                     gvMvxN1JHVPjgshkuwfHJsKx4dU.roa (raw, json)
Hash identifier:          VUg2txUUu1/KKURpEb7Xa9x6WRrXiOxip3ohqdUTZeY=
Subject key identifier:   82:F3:2F:C4:DD:49:1D:53:E3:82:C8:64:BB:07:C7:26:C2:B1:E1:D5
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       019D0D867831AC65A88BB090C7DE987B19AD
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/gvMvxN1JHVPjgshkuwfHJsKx4dU.roa
Signing time:             Fri 20 Mar 2026 23:13:29 +0000
ROA not before:           Fri 20 Mar 2026 23:13:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54702
IP address blocks:        91.238.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0d:86:78:31:ac:65:a8:8b:b0:90:c7:de:98:7b:19:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Mar 20 23:13:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82f32fc4dd491d53e382c864bb07c726c2b1e1d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:25:57:ce:ab:60:d9:f5:42:d5:19:d6:0b:f4:
                    21:73:fd:05:b9:24:17:22:25:77:4e:dc:e7:2e:42:
                    76:54:84:5e:46:d3:77:f1:2a:23:3a:a7:4e:f7:52:
                    08:bd:27:27:66:28:83:18:5d:08:d6:c9:a1:8b:28:
                    d4:90:1e:79:38:4f:86:d7:ca:1c:22:cb:01:49:47:
                    f0:bc:d5:a0:89:10:87:44:37:dc:ca:ca:55:c0:e1:
                    ed:b8:1e:52:aa:a2:9c:04:7f:31:12:16:18:2e:74:
                    47:90:33:d6:96:23:ea:20:40:5d:b8:ff:9d:52:57:
                    4f:13:0f:c7:8b:e0:5a:c2:ba:5c:eb:65:50:11:d1:
                    2b:45:9f:b8:64:99:f3:d9:d2:96:fd:75:e3:99:f9:
                    d6:d6:94:f7:a1:ca:27:f9:e4:8d:85:bb:bb:89:79:
                    c2:70:2f:ac:ca:50:c8:92:f5:d2:c0:8c:70:3e:2b:
                    c2:7d:fe:7b:2b:1c:08:8d:bb:65:36:9d:88:82:18:
                    74:34:20:57:3e:ed:35:1e:db:6a:2a:d5:d4:43:dc:
                    45:fa:f9:8d:68:3d:5f:99:84:f5:a3:fc:80:91:de:
                    32:d9:87:1c:50:d6:d4:b2:ae:e1:b3:74:cf:ab:cf:
                    6b:81:45:03:69:54:6e:a6:b6:ba:35:e3:36:3c:91:
                    e2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:F3:2F:C4:DD:49:1D:53:E3:82:C8:64:BB:07:C7:26:C2:B1:E1:D5
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/gvMvxN1JHVPjgshkuwfHJsKx4dU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:97:90:b9:24:4a:40:a0:8b:e7:7a:09:6a:86:4c:ee:62:12:
         4e:39:af:03:88:06:a9:fe:68:7b:4b:c0:64:c9:00:d1:92:b0:
         ae:13:8b:da:a3:65:96:2f:4d:79:80:03:01:b3:58:e6:6d:6f:
         ec:53:8d:ef:60:65:dd:3d:24:08:72:cf:c2:2d:54:c9:0e:9c:
         03:73:c5:43:32:c9:d4:d5:cf:86:54:d1:45:cc:f8:9c:aa:a5:
         51:92:d1:dd:90:f0:5d:b0:6b:71:af:46:aa:54:74:f0:78:c5:
         bd:51:25:a9:4a:42:7f:eb:0d:aa:01:a2:5d:c0:8c:48:ee:9d:
         cd:1c:e1:c2:9a:cd:9a:cc:e2:27:98:94:3c:e2:f4:11:07:61:
         e9:d7:08:45:fd:67:03:da:82:92:42:22:52:37:ba:9d:dd:4e:
         8a:2e:9c:e9:c8:89:ae:a4:2e:dd:a5:bf:67:b4:67:b9:78:aa:
         a5:97:a2:79:82:65:bc:41:29:a5:3c:9a:3a:eb:eb:e3:da:4f:
         f9:c9:43:06:31:d7:b1:63:34:4f:c2:f8:4b:03:52:7c:c1:34:
         ca:1b:a7:76:b2:55:fb:a7:67:87:0e:ec:65:b0:5e:11:a5:ee:
         eb:2f:6d:a1:bb:d1:34:c7:2f:2f:54:f2:b0:dc:56:d3:20:66:
         01:24:56:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0NhngxrGWoi7CQx96YexmtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjYwMzIwMjMxMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmYzMmZjNGRkNDkxZDUzZTM4MmM4NjRiYjA3YzcyNmMyYjFlMWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCVXzqtg2fVC1RnWC/Qhc/0FuSQX
IiV3TtznLkJ2VIReRtN38SojOqdO91IIvScnZiiDGF0I1smhiyjUkB55OE+G18oc
IssBSUfwvNWgiRCHRDfcyspVwOHtuB5SqqKcBH8xEhYYLnRHkDPWliPqIEBduP+d
UldPEw/Hi+Bawrpc62VQEdErRZ+4ZJnz2dKW/XXjmfnW1pT3ocon+eSNhbu7iXnC
cC+sylDIkvXSwIxwPivCff57KxwIjbtlNp2Ighh0NCBXPu01HttqKtXUQ9xF+vmN
aD1fmYT1o/yAkd4y2YccUNbUsq7hs3TPq89rgUUDaVRupra6NeM2PJHiGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILzL8TdSR1T44LIZLsHxybCseHVMB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvZ3ZNdnhOMUpIVlBqZ3Noa3V3ZkhKc0t4NGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+5HMA0G
CSqGSIb3DQEBCwUAA4IBAQB/l5C5JEpAoIvneglqhkzuYhJOOa8DiAap/mh7S8Bk
yQDRkrCuE4vao2WWL015gAMBs1jmbW/sU43vYGXdPSQIcs/CLVTJDpwDc8VDMsnU
1c+GVNFFzPicqqVRktHdkPBdsGtxr0aqVHTweMW9USWpSkJ/6w2qAaJdwIxI7p3N
HOHCms2azOInmJQ84vQRB2Hp1whF/WcD2oKSQiJSN7qd3U6KLpzpyImupC7dpb9n
tGe5eKqll6J5gmW8QSmlPJo66+vj2k/5yUMGMdexYzRPwvhLA1J8wTTKG6d2slX7
p2eHDuxlsF4Rpe7rL22hu9E0xy8vVPKw3FbTIGYBJFbj
-----END CERTIFICATE-----