Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/gscq1-4ndiJ65U4hoz3eyHbkbS4.roa
File:                     gscq1-4ndiJ65U4hoz3eyHbkbS4.roa (raw, json)
Hash identifier:          24Hqzy5xg+vDt6hLmdJILsfqCK0ST6pwEHLOwV8AwS4=
Subject key identifier:   82:C7:2A:D7:EE:27:76:22:7A:E5:4E:21:A3:3D:DE:C8:76:E4:6D:2E
Certificate issuer:       /CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
Certificate serial:       019A2BD000D2E67EDA7E4AF87C705F691116
Authority key identifier: DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/gscq1-4ndiJ65U4hoz3eyHbkbS4.roa
Signing time:             Tue 28 Oct 2025 17:14:03 +0000
ROA not before:           Tue 28 Oct 2025 17:14:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        185.75.204.0/24 maxlen: 24
                          185.75.205.0/24 maxlen: 24
                          185.75.206.0/24 maxlen: 24
                          185.75.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2b:d0:00:d2:e6:7e:da:7e:4a:f8:7c:70:5f:69:11:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
        Validity
            Not Before: Oct 28 17:14:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82c72ad7ee2776227ae54e21a33ddec876e46d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e6:31:eb:da:81:81:ec:55:95:aa:32:e0:a1:
                    b5:26:3d:0d:b4:fd:57:14:57:b1:ce:84:03:70:a3:
                    b1:d5:53:cd:95:b6:d7:84:74:31:de:79:51:27:dd:
                    2d:0c:82:ee:6a:61:dc:d9:9f:cb:e4:80:ae:89:c0:
                    66:e8:db:87:fc:fd:43:89:50:26:71:9a:91:f4:0b:
                    4c:45:45:ac:a3:fa:65:92:40:0b:75:76:63:62:73:
                    eb:ff:28:f7:38:87:53:53:41:95:81:b6:30:e9:cf:
                    87:db:95:91:0d:3e:cb:72:12:49:df:24:d8:73:be:
                    4e:55:57:09:03:da:a5:fc:5d:5c:fc:7e:64:ad:8d:
                    09:f1:7b:bb:cb:d6:43:69:51:df:a4:d2:b7:b2:a2:
                    5d:30:cb:d4:2b:57:75:77:18:7e:c4:9c:f6:2e:cb:
                    ff:27:4b:0f:04:8a:df:f9:55:6c:e3:77:68:54:fc:
                    da:e2:d2:08:39:0f:01:97:69:17:87:60:36:d6:fc:
                    46:8a:3b:2c:03:c0:06:27:59:f7:81:34:b0:f4:1e:
                    24:20:97:63:48:b4:50:7a:fc:32:f8:e7:ab:f1:14:
                    93:c8:ad:fc:54:8c:8c:8c:0c:3f:cd:2a:f1:d4:f7:
                    b0:3b:ca:d4:82:51:d5:0b:47:f4:b8:eb:6e:74:af:
                    07:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C7:2A:D7:EE:27:76:22:7A:E5:4E:21:A3:3D:DE:C8:76:E4:6D:2E
            X509v3 Authority Key Identifier:
                keyid:DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/gscq1-4ndiJ65U4hoz3eyHbkbS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:94:f4:bc:67:28:8c:74:3c:d0:e9:e1:02:fe:76:50:f0:e0:
         2a:9a:02:d8:a4:72:bf:c7:4a:f7:56:9b:07:72:65:9b:7e:12:
         03:d5:c6:3d:a6:69:8a:c3:17:08:f2:8d:f4:a6:14:11:d7:9f:
         a2:14:a7:51:39:a2:c5:89:8c:90:b0:9c:5f:69:df:8c:76:c0:
         87:af:e8:f8:d6:7d:46:8a:97:ce:6d:ae:01:ec:35:90:70:00:
         76:9d:3c:25:52:e5:80:30:d4:f5:8b:ee:aa:c9:05:f0:43:54:
         c2:d2:d7:f2:21:93:a1:17:95:95:fa:48:8e:cc:39:3b:ec:e4:
         8c:e8:56:28:69:c9:84:8a:b3:64:4c:17:ca:80:97:62:de:10:
         04:a4:48:ef:12:1f:fb:5b:fd:c2:29:0b:3a:41:23:5d:86:3f:
         74:24:12:fe:29:e2:4a:e4:23:06:f6:4a:ee:73:03:46:6b:3e:
         68:8e:22:54:c1:55:a2:4f:7a:a8:97:1a:69:0e:ba:7a:74:8e:
         26:45:5c:26:80:5b:58:ff:34:92:d9:8e:40:ca:2e:a2:4a:b7:
         0c:3e:dc:dc:27:f3:a0:b7:eb:9f:23:25:b2:8c:45:03:1d:c2:
         d5:e2:00:fb:8c:2b:5b:0e:82:b6:82:db:ec:6a:96:17:fa:14:
         56:2b:26:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZor0ADS5n7afkr4fHBfaREWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMjdiOTM5OTM0YTJjYzIwNmZmYmE2YmNlOWM5MGZkY2Jh
MzljNzEwHhcNMjUxMDI4MTcxNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmM3MmFkN2VlMjc3NjIyN2FlNTRlMjFhMzNkZGVjODc2ZTQ2ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uYx69qBgexVlaoy4KG1Jj0NtP1X
FFexzoQDcKOx1VPNlbbXhHQx3nlRJ90tDILuamHc2Z/L5ICuicBm6NuH/P1DiVAm
cZqR9AtMRUWso/plkkALdXZjYnPr/yj3OIdTU0GVgbYw6c+H25WRDT7LchJJ3yTY
c75OVVcJA9ql/F1c/H5krY0J8Xu7y9ZDaVHfpNK3sqJdMMvUK1d1dxh+xJz2Lsv/
J0sPBIrf+VVs43doVPza4tIIOQ8Bl2kXh2A21vxGijssA8AGJ1n3gTSw9B4kIJdj
SLRQevwy+Oer8RSTyK38VIyMjAw/zSrx1PewO8rUglHVC0f0uOtudK8HwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILHKtfuJ3YieuVOIaM93sh25G0uMB8GA1UdIwQY
MBaAFN8nuTmTSizCBv+6a86ckP3Lo5xxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0Njgt
NmVkNTRkM2ZlNGY0LzEvZ3NjcTEtNG5kaUo2NVU0aG96M2V5SGJrYlM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0NjgtNmVkNTRkM2ZlNGY0
LzEvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUvMMA0G
CSqGSIb3DQEBCwUAA4IBAQCUlPS8ZyiMdDzQ6eEC/nZQ8OAqmgLYpHK/x0r3VpsH
cmWbfhID1cY9pmmKwxcI8o30phQR15+iFKdROaLFiYyQsJxfad+MdsCHr+j41n1G
ipfOba4B7DWQcAB2nTwlUuWAMNT1i+6qyQXwQ1TC0tfyIZOhF5WV+kiOzDk77OSM
6FYoacmEirNkTBfKgJdi3hAEpEjvEh/7W/3CKQs6QSNdhj90JBL+KeJK5CMG9kru
cwNGaz5ojiJUwVWiT3qolxppDrp6dI4mRVwmgFtY/zSS2Y5Ayi6iSrcMPtzcJ/Og
t+ufIyWyjEUDHcLV4gD7jCtbDoK2gtvsapYX+hRWKybp
-----END CERTIFICATE-----