Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/GN1cEGtzhGUtNVwPMehD-Lj4N1Q.roa
File:                     GN1cEGtzhGUtNVwPMehD-Lj4N1Q.roa (raw, json)
Hash identifier:          C8P5r4sDxFHAMG8SatPLslHel1irs4/AKLXy4El1DWk=
Subject key identifier:   18:DD:5C:10:6B:73:84:65:2D:35:5C:0F:31:E8:43:F8:B8:F8:37:54
Certificate issuer:       /CN=0bfe2b273837db41666d68a97bc7ac37dcc96f20
Certificate serial:       01988442FE9524B5272266398084BF5249DC
Authority key identifier: 0B:FE:2B:27:38:37:DB:41:66:6D:68:A9:7B:C7:AC:37:DC:C9:6F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_4rJzg320FmbWipe8esN9zJbyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/GN1cEGtzhGUtNVwPMehD-Lj4N1Q.roa
Signing time:             Thu 07 Aug 2025 11:20:39 +0000
ROA not before:           Thu 07 Aug 2025 11:20:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213783
IP address blocks:        217.147.0.0/24 maxlen: 24
                          217.147.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/C_4rJzg320FmbWipe8esN9zJbyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/C_4rJzg320FmbWipe8esN9zJbyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_4rJzg320FmbWipe8esN9zJbyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:84:42:fe:95:24:b5:27:22:66:39:80:84:bf:52:49:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bfe2b273837db41666d68a97bc7ac37dcc96f20
        Validity
            Not Before: Aug  7 11:20:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18dd5c106b7384652d355c0f31e843f8b8f83754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:82:60:dc:cf:99:9d:25:46:ad:58:47:e6:9d:
                    01:33:e6:b9:ce:94:5a:0c:f1:37:ff:2c:c3:36:bd:
                    2b:66:50:33:9a:3d:7f:7d:4c:a3:2e:f4:fe:07:bc:
                    b9:46:c0:f5:97:21:4c:46:77:5b:7b:e1:32:7f:64:
                    af:f3:75:35:0c:86:be:9c:4c:19:19:b1:4b:3f:c4:
                    23:70:a9:83:9c:7c:8b:ad:40:ec:a4:04:5f:b8:2a:
                    cd:09:fc:ee:45:f0:e7:3d:57:5a:da:77:e6:ff:2e:
                    11:15:82:0a:7c:08:82:ec:21:51:22:32:cc:49:9d:
                    b9:92:d9:6e:16:54:36:48:90:8e:df:01:8b:1f:18:
                    d6:45:ea:65:a9:b7:ed:85:08:d4:b9:c6:8c:d0:ae:
                    c9:c3:23:1e:3d:25:07:f7:0d:17:e9:1e:f9:2b:3a:
                    ff:21:80:1f:7c:38:e4:c5:08:48:99:0a:70:0f:62:
                    b0:71:e7:5e:07:1c:b5:ec:36:2f:32:b4:0e:60:c2:
                    df:75:c5:09:6c:ba:23:15:f4:98:43:6d:1e:5f:67:
                    fa:9e:da:d6:2d:78:08:85:eb:09:41:b4:a4:17:14:
                    d7:63:9b:e6:6f:cb:cc:89:18:02:61:ae:bd:de:f9:
                    5e:58:50:35:c3:f5:20:08:b4:89:83:43:40:88:3c:
                    7b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:DD:5C:10:6B:73:84:65:2D:35:5C:0F:31:E8:43:F8:B8:F8:37:54
            X509v3 Authority Key Identifier:
                keyid:0B:FE:2B:27:38:37:DB:41:66:6D:68:A9:7B:C7:AC:37:DC:C9:6F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_4rJzg320FmbWipe8esN9zJbyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/GN1cEGtzhGUtNVwPMehD-Lj4N1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/C_4rJzg320FmbWipe8esN9zJbyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:a7:5d:f5:1b:c7:46:6b:81:b7:00:5a:6f:85:60:f2:75:a0:
         71:d9:81:b1:c0:01:1c:c9:fd:27:a5:c9:76:b0:8a:ab:25:27:
         a1:63:ef:5b:26:f2:14:69:4a:bc:c7:2b:b4:15:13:a0:dd:95:
         44:48:4a:16:5e:1f:81:41:5e:bf:11:de:02:62:78:a8:33:fe:
         c7:69:49:4b:bb:f0:f3:70:0c:a7:5a:4a:00:64:76:03:a4:87:
         69:a3:34:7f:8a:71:ae:a6:a4:6e:62:64:e0:56:48:28:33:92:
         16:fe:26:c7:50:fd:12:88:9a:27:97:38:d7:74:c1:2c:62:9a:
         8a:99:a6:3e:74:b8:ae:33:6a:67:0b:30:b8:f4:27:a5:2e:a2:
         b2:ed:d3:5b:06:1f:2f:51:84:a4:54:a7:74:e3:98:06:7a:6f:
         4d:b9:bc:d8:13:eb:82:bb:be:42:e2:c3:9d:ce:d3:4e:2a:91:
         d8:18:a5:8e:04:3f:19:7e:ce:38:21:a1:14:66:72:07:b2:d8:
         5b:89:e2:7d:7b:54:94:61:2f:a8:9a:46:bd:29:ee:d8:7a:88:
         85:52:18:53:83:cd:39:89:35:ed:d8:3c:dd:08:77:b0:fa:ad:
         c4:ff:64:5f:18:e5:8b:e1:d2:52:09:53:04:a3:3d:52:c4:79:
         13:ac:f6:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiEQv6VJLUnImY5gIS/UkncMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZmUyYjI3MzgzN2RiNDE2NjZkNjhhOTdiYzdhYzM3ZGNj
OTZmMjAwHhcNMjUwODA3MTEyMDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRkNWMxMDZiNzM4NDY1MmQzNTVjMGYzMWU4NDNmOGI4ZjgzNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7YJg3M+ZnSVGrVhH5p0BM+a5zpRa
DPE3/yzDNr0rZlAzmj1/fUyjLvT+B7y5RsD1lyFMRndbe+Eyf2Sv83U1DIa+nEwZ
GbFLP8QjcKmDnHyLrUDspARfuCrNCfzuRfDnPVda2nfm/y4RFYIKfAiC7CFRIjLM
SZ25ktluFlQ2SJCO3wGLHxjWReplqbfthQjUucaM0K7JwyMePSUH9w0X6R75Kzr/
IYAffDjkxQhImQpwD2KwcedeBxy17DYvMrQOYMLfdcUJbLojFfSYQ20eX2f6ntrW
LXgIhesJQbSkFxTXY5vmb8vMiRgCYa693vleWFA1w/UgCLSJg0NAiDx7dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjdXBBrc4RlLTVcDzHoQ/i4+DdUMB8GA1UdIwQY
MBaAFAv+Kyc4N9tBZm1oqXvHrDfcyW8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ180ckp6ZzMyMEZtYldpcGU4ZXNOOXpKYnlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9mZWI5MjctN2E4My00MDNhLWExYzEt
ZWIxZTkxNjQ0ZjJkLzEvR04xY0VHdHpoR1V0TlZ3UE1laEQtTGo0TjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9mZWI5MjctN2E4My00MDNhLWExYzEtZWIxZTkxNjQ0ZjJk
LzEvQ180ckp6ZzMyMEZtYldpcGU4ZXNOOXpKYnlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2ZMAMA0G
CSqGSIb3DQEBCwUAA4IBAQASp131G8dGa4G3AFpvhWDydaBx2YGxwAEcyf0npcl2
sIqrJSehY+9bJvIUaUq8xyu0FROg3ZVESEoWXh+BQV6/Ed4CYnioM/7HaUlLu/Dz
cAynWkoAZHYDpIdpozR/inGupqRuYmTgVkgoM5IW/ibHUP0SiJonlzjXdMEsYpqK
maY+dLiuM2pnCzC49CelLqKy7dNbBh8vUYSkVKd045gGem9NubzYE+uCu75C4sOd
ztNOKpHYGKWOBD8Zfs44IaEUZnIHsthbieJ9e1SUYS+omka9Ke7YeoiFUhhTg805
iTXt2DzdCHew+q3E/2RfGOWL4dJSCVMEoz1SxHkTrPZT
-----END CERTIFICATE-----