Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/b509cc-bd4d-4651-9e6e-0cf773f96899/1/GZAShLfc8NeJgF1_NRDRN1m5XTs.roa
File:                     GZAShLfc8NeJgF1_NRDRN1m5XTs.roa (raw, json)
Hash identifier:          lixfepr/Gg7h2VoWBQECGRTLGauSXIp4KHdFX4z+DOo=
Subject key identifier:   19:90:12:84:B7:DC:F0:D7:89:80:5D:7F:35:10:D1:37:59:B9:5D:3B
Certificate issuer:       /CN=0966d239db4031fd6f147f601a2bb6b033314069
Certificate serial:       019E633A77EAEEB15092FE1C3023F9AED7B7
Authority key identifier: 09:66:D2:39:DB:40:31:FD:6F:14:7F:60:1A:2B:B6:B0:33:31:40:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWbSOdtAMf1vFH9gGiu2sDMxQGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/b509cc-bd4d-4651-9e6e-0cf773f96899/1/GZAShLfc8NeJgF1_NRDRN1m5XTs.roa
Signing time:             Tue 26 May 2026 07:40:36 +0000
ROA not before:           Tue 26 May 2026 07:40:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12577
IP address blocks:        185.104.224.0/22 maxlen: 22
                          212.108.32.0/19 maxlen: 19
                          2a00:1618::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/b509cc-bd4d-4651-9e6e-0cf773f96899/1/CWbSOdtAMf1vFH9gGiu2sDMxQGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/b509cc-bd4d-4651-9e6e-0cf773f96899/1/CWbSOdtAMf1vFH9gGiu2sDMxQGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWbSOdtAMf1vFH9gGiu2sDMxQGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:3a:77:ea:ee:b1:50:92:fe:1c:30:23:f9:ae:d7:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0966d239db4031fd6f147f601a2bb6b033314069
        Validity
            Not Before: May 26 07:40:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19901284b7dcf0d789805d7f3510d13759b95d3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:d6:e2:a5:c9:6f:67:77:60:3d:3a:16:d5:cf:
                    3e:62:56:bf:39:a4:d8:d2:32:9d:bc:ca:0e:6d:73:
                    aa:fa:3e:71:1d:4e:d7:d5:bb:23:6f:6f:7e:5c:39:
                    0e:52:60:f7:5c:12:a8:2d:1c:0f:42:28:f5:f7:cb:
                    61:3c:5c:be:14:fa:c9:ba:51:6e:9c:00:71:be:e8:
                    cb:93:2e:0a:e4:33:c3:38:27:06:b1:8f:c0:5b:3e:
                    8a:7f:37:ab:81:19:b9:9a:13:69:5b:69:5f:c0:1f:
                    ac:2c:29:f8:93:08:26:c8:5d:58:4a:c1:52:9d:66:
                    36:72:2c:bd:51:cc:5d:06:57:1b:56:24:73:9d:18:
                    95:16:c8:34:9f:9b:4f:5b:39:01:eb:47:63:48:ff:
                    d0:e6:68:63:21:70:8a:1b:85:ce:8b:6c:cd:9d:87:
                    ba:c1:4a:d1:9e:d0:08:50:04:2e:74:59:9b:21:8c:
                    48:6f:79:8c:ad:bb:26:03:00:6b:8a:dd:6f:14:c7:
                    9a:5a:72:88:07:5d:f9:2c:3d:be:f4:da:86:05:99:
                    77:05:5c:98:43:bd:94:4e:5a:6e:d8:ef:2c:1e:98:
                    74:45:a0:32:0c:b8:33:64:4d:e2:e4:0e:1a:59:a0:
                    f2:d3:43:ac:9b:59:f8:da:a9:ff:2b:92:68:3f:56:
                    c2:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:90:12:84:B7:DC:F0:D7:89:80:5D:7F:35:10:D1:37:59:B9:5D:3B
            X509v3 Authority Key Identifier:
                keyid:09:66:D2:39:DB:40:31:FD:6F:14:7F:60:1A:2B:B6:B0:33:31:40:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWbSOdtAMf1vFH9gGiu2sDMxQGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/b509cc-bd4d-4651-9e6e-0cf773f96899/1/GZAShLfc8NeJgF1_NRDRN1m5XTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/b509cc-bd4d-4651-9e6e-0cf773f96899/1/CWbSOdtAMf1vFH9gGiu2sDMxQGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.224.0/22
                  212.108.32.0/19
                IPv6:
                  2a00:1618::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:2a:89:e6:3d:3f:7c:01:22:4a:20:56:ff:f1:12:02:fe:76:
         43:43:ac:ac:97:fe:a4:36:30:d3:87:a5:5b:1c:fa:26:28:f4:
         33:89:b6:51:68:76:97:91:f5:20:f8:4d:e2:75:c9:93:30:dd:
         18:db:20:3e:c8:8b:63:9d:f7:f1:36:78:4c:c4:cf:3d:b8:38:
         12:ab:16:de:f9:38:8d:41:48:4e:58:20:f8:c0:0c:a8:f6:64:
         a1:fe:d4:a6:d9:2d:a9:57:62:02:25:c3:11:71:4b:34:70:aa:
         f1:b7:80:5f:6d:2a:f8:57:95:99:ae:9f:4e:1f:f4:d7:d0:d4:
         00:13:c4:12:ef:62:27:a4:39:24:2a:14:1d:ba:d0:4b:4e:35:
         3d:e6:4c:16:b9:fa:79:76:01:52:be:f3:ac:61:1f:4e:84:ce:
         11:13:a0:dd:0f:65:a6:c0:80:c2:94:c8:30:7c:d8:79:cd:5f:
         27:d4:8b:71:c6:b9:37:82:e3:20:35:43:44:05:eb:e0:83:f0:
         cb:ef:13:55:e7:f5:e8:0a:78:d8:83:f8:8d:74:d6:40:86:dd:
         aa:4c:cf:81:0a:e5:59:02:80:d8:ca:16:6d:81:46:54:8c:f5:
         a2:5c:6f:c4:bc:f8:58:3e:45:58:41:7f:75:0e:c7:aa:16:d8:
         2b:b2:a3:5a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ5jOnfq7rFQkv4cMCP5rte3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjZkMjM5ZGI0MDMxZmQ2ZjE0N2Y2MDFhMmJiNmIwMzMz
MTQwNjkwHhcNMjYwNTI2MDc0MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTkwMTI4NGI3ZGNmMGQ3ODk4MDVkN2YzNTEwZDEzNzU5Yjk1ZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dbipclvZ3dgPToW1c8+Yla/OaTY
0jKdvMoObXOq+j5xHU7X1bsjb29+XDkOUmD3XBKoLRwPQij198thPFy+FPrJulFu
nABxvujLky4K5DPDOCcGsY/AWz6KfzergRm5mhNpW2lfwB+sLCn4kwgmyF1YSsFS
nWY2ciy9UcxdBlcbViRznRiVFsg0n5tPWzkB60djSP/Q5mhjIXCKG4XOi2zNnYe6
wUrRntAIUAQudFmbIYxIb3mMrbsmAwBrit1vFMeaWnKIB135LD2+9NqGBZl3BVyY
Q72UTlpu2O8sHph0RaAyDLgzZE3i5A4aWaDy00Osm1n42qn/K5JoP1bCZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBmQEoS33PDXiYBdfzUQ0TdZuV07MB8GA1UdIwQY
MBaAFAlm0jnbQDH9bxR/YBortrAzMUBpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1diU09kdEFNZjF2Rkg5Z0dpdTJzRE14UUdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9iNTA5Y2MtYmQ0ZC00NjUxLTllNmUt
MGNmNzczZjk2ODk5LzEvR1pBU2hMZmM4TmVKZ0YxX05SRFJOMW01WFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9iNTA5Y2MtYmQ0ZC00NjUxLTllNmUtMGNmNzczZjk2ODk5
LzEvQ1diU09kdEFNZjF2Rkg5Z0dpdTJzRE14UUdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuWjgAwQF
1GwgMA0EAgACMAcDBQMqABYYMA0GCSqGSIb3DQEBCwUAA4IBAQAZKonmPT98ASJK
IFb/8RIC/nZDQ6ysl/6kNjDTh6VbHPomKPQzibZRaHaXkfUg+E3idcmTMN0Y2yA+
yItjnffxNnhMxM89uDgSqxbe+TiNQUhOWCD4wAyo9mSh/tSm2S2pV2ICJcMRcUs0
cKrxt4BfbSr4V5WZrp9OH/TX0NQAE8QS72InpDkkKhQdutBLTjU95kwWufp5dgFS
vvOsYR9OhM4RE6DdD2WmwIDClMgwfNh5zV8n1Itxxrk3guMgNUNEBevgg/DL7xNV
5/XoCnjYg/iNdNZAht2qTM+BCuVZAoDYyhZtgUZUjPWiXG/EvPhYPkVYQX91Dseq
FtgrsqNa
-----END CERTIFICATE-----