Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/ee7165-eb63-4346-a8df-5f5a93da50f8/1/GhcMjny1TXWebHNpG3nX8AJ_o6M.roa
File:                     GhcMjny1TXWebHNpG3nX8AJ_o6M.roa (raw, json)
Hash identifier:          01RJ2qPd/9qIbm6XQe9IYI6taQh/cgn9v6zBF39c34w=
Subject key identifier:   1A:17:0C:8E:7C:B5:4D:75:9E:6C:73:69:1B:79:D7:F0:02:7F:A3:A3
Certificate issuer:       /CN=cbb5dfb950d6048fdc798f6e0d3fda517ecbc648
Certificate serial:       019E68BA68FCFA196993433FAB290AE7C919
Authority key identifier: CB:B5:DF:B9:50:D6:04:8F:DC:79:8F:6E:0D:3F:DA:51:7E:CB:C6:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y7XfuVDWBI_ceY9uDT_aUX7Lxkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/ee7165-eb63-4346-a8df-5f5a93da50f8/1/GhcMjny1TXWebHNpG3nX8AJ_o6M.roa
Signing time:             Wed 27 May 2026 09:18:27 +0000
ROA not before:           Wed 27 May 2026 09:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44439
IP address blocks:        91.231.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/ee7165-eb63-4346-a8df-5f5a93da50f8/1/y7XfuVDWBI_ceY9uDT_aUX7Lxkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/ee7165-eb63-4346-a8df-5f5a93da50f8/1/y7XfuVDWBI_ceY9uDT_aUX7Lxkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y7XfuVDWBI_ceY9uDT_aUX7Lxkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 21:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:ba:68:fc:fa:19:69:93:43:3f:ab:29:0a:e7:c9:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbb5dfb950d6048fdc798f6e0d3fda517ecbc648
        Validity
            Not Before: May 27 09:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a170c8e7cb54d759e6c73691b79d7f0027fa3a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:51:72:8d:a6:25:f9:29:b0:bb:2a:49:cc:10:
                    9c:5f:66:b7:e8:17:47:b5:fb:5f:6e:a2:43:4b:ea:
                    79:77:bc:9c:06:5a:bb:01:68:1f:11:da:01:72:d8:
                    ea:d7:36:2a:ad:68:d4:11:eb:d6:c7:1a:0b:ec:a2:
                    bf:cd:6c:9c:9b:02:a5:99:e0:26:b9:96:f2:b8:86:
                    ac:0d:fd:c8:e7:b7:a7:81:97:4e:71:50:a3:ae:62:
                    02:b9:4c:53:21:bb:60:b1:00:c0:9a:4c:f3:22:0c:
                    d3:31:26:fd:2b:be:d6:35:3b:c5:95:cd:6a:1e:d9:
                    e4:96:3a:44:04:5b:c8:c7:66:98:dc:34:26:49:22:
                    2c:30:38:77:3c:f1:ff:18:d6:b3:48:f7:a5:7b:70:
                    b1:ec:d6:67:b3:49:a5:8e:10:46:96:7d:12:b3:2e:
                    57:91:d4:df:79:30:d3:be:23:2f:f7:e7:a7:fc:79:
                    63:4c:aa:fa:68:6b:77:b2:ff:ec:96:fe:c1:72:1e:
                    aa:f5:7c:e7:a9:28:e4:3a:ef:ca:d8:6a:44:aa:ee:
                    aa:ce:aa:a5:aa:c1:f3:b5:4d:7f:ac:21:e0:a3:b2:
                    68:ac:84:61:18:87:cd:d1:63:41:78:32:eb:17:9c:
                    66:fd:2d:83:dd:70:06:ac:b3:bc:b6:b4:2b:f2:de:
                    62:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:17:0C:8E:7C:B5:4D:75:9E:6C:73:69:1B:79:D7:F0:02:7F:A3:A3
            X509v3 Authority Key Identifier:
                keyid:CB:B5:DF:B9:50:D6:04:8F:DC:79:8F:6E:0D:3F:DA:51:7E:CB:C6:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y7XfuVDWBI_ceY9uDT_aUX7Lxkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/ee7165-eb63-4346-a8df-5f5a93da50f8/1/GhcMjny1TXWebHNpG3nX8AJ_o6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/ee7165-eb63-4346-a8df-5f5a93da50f8/1/y7XfuVDWBI_ceY9uDT_aUX7Lxkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:0c:15:31:c8:d6:14:ce:08:32:de:f6:09:4b:34:c8:90:6d:
         55:1a:59:88:c8:07:b7:1e:cf:1b:9b:61:0b:90:ed:4d:d8:ee:
         5e:94:13:71:35:61:9d:32:12:31:f1:7c:da:b1:ed:b9:74:30:
         fe:a6:c3:ac:53:6c:79:b2:15:16:1a:39:a6:6a:aa:ee:65:82:
         1a:7f:eb:e1:6f:f8:56:f5:43:67:22:78:4b:9e:20:ed:c2:1f:
         a3:0e:20:22:04:0d:15:2f:55:1a:84:db:23:9f:90:5e:f8:35:
         e9:be:ba:be:bc:1e:ef:0d:bb:1c:6b:1e:c9:ef:f6:97:4a:8b:
         24:b6:58:07:18:e4:ab:ff:df:59:b8:30:69:dd:9c:6e:7f:1c:
         6c:cf:eb:d0:2c:56:fc:51:db:8a:38:2f:76:d0:fb:65:6e:92:
         98:91:e1:dd:fb:7c:fb:6f:9e:4f:a7:21:cb:8d:25:5a:a5:16:
         78:17:45:d3:62:0f:2b:ce:20:ae:7f:dd:06:ee:ee:38:4b:5a:
         f9:4a:9f:1a:32:12:e5:2b:6a:b7:0b:ef:ea:9c:f0:8f:a1:8f:
         db:25:fb:55:ab:3c:8a:8e:40:40:0a:86:31:a9:04:8c:1f:69:
         6d:1e:69:12:8b:67:1e:70:ca:ee:d5:22:d4:55:22:50:5f:78:
         e8:1f:83:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5oumj8+hlpk0M/qykK58kZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYjVkZmI5NTBkNjA0OGZkYzc5OGY2ZTBkM2ZkYTUxN2Vj
YmM2NDgwHhcNMjYwNTI3MDkxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTE3MGM4ZTdjYjU0ZDc1OWU2YzczNjkxYjc5ZDdmMDAyN2ZhM2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVFyjaYl+SmwuypJzBCcX2a36BdH
tftfbqJDS+p5d7ycBlq7AWgfEdoBctjq1zYqrWjUEevWxxoL7KK/zWycmwKlmeAm
uZbyuIasDf3I57engZdOcVCjrmICuUxTIbtgsQDAmkzzIgzTMSb9K77WNTvFlc1q
HtnkljpEBFvIx2aY3DQmSSIsMDh3PPH/GNazSPele3Cx7NZns0mljhBGln0Ssy5X
kdTfeTDTviMv9+en/HljTKr6aGt3sv/slv7Bch6q9XznqSjkOu/K2GpEqu6qzqql
qsHztU1/rCHgo7JorIRhGIfN0WNBeDLrF5xm/S2D3XAGrLO8trQr8t5irQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoXDI58tU11nmxzaRt51/ACf6OjMB8GA1UdIwQY
MBaAFMu137lQ1gSP3HmPbg0/2lF+y8ZIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTdYZnVWRFdCSV9jZVk5dURUX2FVWDdMeGtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9lZTcxNjUtZWI2My00MzQ2LWE4ZGYt
NWY1YTkzZGE1MGY4LzEvR2hjTWpueTFUWFdlYkhOcEczblg4QUpfbzZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9lZTcxNjUtZWI2My00MzQ2LWE4ZGYtNWY1YTkzZGE1MGY4
LzEveTdYZnVWRFdCSV9jZVk5dURUX2FVWDdMeGtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+e4MA0G
CSqGSIb3DQEBCwUAA4IBAQChDBUxyNYUzggy3vYJSzTIkG1VGlmIyAe3Hs8bm2EL
kO1N2O5elBNxNWGdMhIx8Xzase25dDD+psOsU2x5shUWGjmmaqruZYIaf+vhb/hW
9UNnInhLniDtwh+jDiAiBA0VL1UahNsjn5Be+DXpvrq+vB7vDbscax7J7/aXSosk
tlgHGOSr/99ZuDBp3Zxufxxsz+vQLFb8UduKOC920PtlbpKYkeHd+3z7b55PpyHL
jSVapRZ4F0XTYg8rziCuf90G7u44S1r5Sp8aMhLlK2q3C+/qnPCPoY/bJftVqzyK
jkBACoYxqQSMH2ltHmkSi2cecMru1SLUVSJQX3joH4Mv
-----END CERTIFICATE-----