Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/c1182e-e387-4c83-9726-cad9510206ab/1/gSw2I7cSynhsa1v5yL1GK2liJV0.roa
File:                     gSw2I7cSynhsa1v5yL1GK2liJV0.roa (raw, json)
Hash identifier:          OgZIv5antAo192tWCR26SC8ruKYKpzX9vhQDQJpKYWw=
Subject key identifier:   81:2C:36:23:B7:12:CA:78:6C:6B:5B:F9:C8:BD:46:2B:69:62:25:5D
Certificate issuer:       /CN=a29bb9476750ec0e2622a505e51512ef6f5a5bb4
Certificate serial:       019C46E6BEB66F0631CF0D2C563BFBE54B03
Authority key identifier: A2:9B:B9:47:67:50:EC:0E:26:22:A5:05:E5:15:12:EF:6F:5A:5B:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opu5R2dQ7A4mIqUF5RUS729aW7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/c1182e-e387-4c83-9726-cad9510206ab/1/gSw2I7cSynhsa1v5yL1GK2liJV0.roa
Signing time:             Tue 10 Feb 2026 09:34:13 +0000
ROA not before:           Tue 10 Feb 2026 09:34:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        195.222.105.0/24 maxlen: 24
                          2001:67c:4f8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/c1182e-e387-4c83-9726-cad9510206ab/1/opu5R2dQ7A4mIqUF5RUS729aW7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/c1182e-e387-4c83-9726-cad9510206ab/1/opu5R2dQ7A4mIqUF5RUS729aW7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opu5R2dQ7A4mIqUF5RUS729aW7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:e6:be:b6:6f:06:31:cf:0d:2c:56:3b:fb:e5:4b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a29bb9476750ec0e2622a505e51512ef6f5a5bb4
        Validity
            Not Before: Feb 10 09:34:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=812c3623b712ca786c6b5bf9c8bd462b6962255d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1e:d3:15:f5:11:bb:ea:15:21:df:d4:f9:75:
                    ba:2c:3d:a0:8e:63:aa:58:7d:7f:d2:60:64:30:ec:
                    24:19:71:e0:a7:a0:73:75:1a:5e:d3:93:f9:68:09:
                    71:a9:8e:5a:70:a5:a7:fa:ff:4f:6f:08:f7:95:09:
                    5e:cd:8d:89:a9:dc:50:c8:0c:07:d4:57:66:1e:fd:
                    3c:77:fa:9d:2b:43:67:69:41:f7:96:29:b0:df:2e:
                    9c:80:23:52:5e:e5:07:c3:fd:fc:98:3e:b0:01:71:
                    3f:32:bb:5c:91:8b:e4:bd:b3:f5:f6:df:fd:ac:f6:
                    02:2f:6a:7f:17:c7:46:05:d3:6c:83:b7:bb:08:f4:
                    c3:96:d5:7d:ce:6f:a2:bf:cc:ff:06:2b:43:84:4e:
                    4d:af:d1:aa:e1:cc:cc:7f:cc:37:de:6b:ee:72:9d:
                    93:a2:7d:8e:75:51:e1:cf:60:d5:a4:f7:d5:5b:7b:
                    20:74:b2:8b:a5:c2:b1:b5:7b:bd:e6:aa:72:1e:97:
                    8f:40:6c:f1:17:d8:9d:97:73:12:c8:68:61:3a:0f:
                    97:2c:9c:c9:4b:f4:09:8a:05:7b:67:78:74:12:ed:
                    64:2a:f6:54:22:8c:90:ac:cb:b8:cb:a0:41:9e:0e:
                    25:03:e0:86:15:23:88:f3:9a:10:65:b8:ea:37:49:
                    0e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:2C:36:23:B7:12:CA:78:6C:6B:5B:F9:C8:BD:46:2B:69:62:25:5D
            X509v3 Authority Key Identifier:
                keyid:A2:9B:B9:47:67:50:EC:0E:26:22:A5:05:E5:15:12:EF:6F:5A:5B:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opu5R2dQ7A4mIqUF5RUS729aW7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/c1182e-e387-4c83-9726-cad9510206ab/1/gSw2I7cSynhsa1v5yL1GK2liJV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/c1182e-e387-4c83-9726-cad9510206ab/1/opu5R2dQ7A4mIqUF5RUS729aW7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.222.105.0/24
                IPv6:
                  2001:67c:4f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:a0:df:7e:bc:c6:7c:d2:23:ce:70:7c:f3:89:b3:b8:b5:7f:
         b0:55:39:1b:3a:5c:13:72:6c:ad:c6:8c:18:58:d7:58:47:02:
         a9:bf:07:0d:45:2d:7f:cc:ec:93:83:76:2d:65:0e:cc:88:a0:
         eb:8a:54:8f:54:f5:71:a0:a6:53:4b:98:3d:40:b2:8d:25:e8:
         74:33:40:51:c9:71:74:80:5a:82:a1:97:fe:77:6f:a5:c4:7f:
         12:84:ea:dd:79:c0:26:3f:99:8c:ae:5a:fa:0a:9b:27:0b:32:
         37:b1:61:0e:5b:8a:99:4d:89:f9:30:a4:ac:85:5b:d0:73:4f:
         65:d6:50:75:f3:fa:a6:de:d7:16:0e:15:ab:e6:7e:12:32:9d:
         69:ca:d3:43:ea:e7:1f:dc:e3:a5:d8:5a:d8:7b:fb:7b:fb:17:
         28:9d:fe:54:83:f2:64:a3:b9:71:31:89:f9:03:e3:b1:6d:98:
         32:e5:30:fa:a9:11:7e:ce:e1:2a:8b:d2:01:f3:ee:05:12:56:
         c4:34:24:68:a0:65:38:93:23:6b:16:02:68:39:e7:8f:dd:da:
         6b:22:a4:e2:39:2b:62:ab:65:0c:ab:a6:0d:bc:e6:cb:d0:d0:
         7f:a3:7c:ec:10:91:b5:5f:1a:0e:b0:f9:f0:24:b7:b8:54:33:
         0b:91:f5:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZxG5r62bwYxzw0sVjv75UsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOWJiOTQ3Njc1MGVjMGUyNjIyYTUwNWU1MTUxMmVmNmY1
YTViYjQwHhcNMjYwMjEwMDkzNDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTJjMzYyM2I3MTJjYTc4NmM2YjViZjljOGJkNDYyYjY5NjIyNTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh7TFfURu+oVId/U+XW6LD2gjmOq
WH1/0mBkMOwkGXHgp6BzdRpe05P5aAlxqY5acKWn+v9Pbwj3lQlezY2JqdxQyAwH
1FdmHv08d/qdK0NnaUH3limw3y6cgCNSXuUHw/38mD6wAXE/MrtckYvkvbP19t/9
rPYCL2p/F8dGBdNsg7e7CPTDltV9zm+iv8z/BitDhE5Nr9Gq4czMf8w33mvucp2T
on2OdVHhz2DVpPfVW3sgdLKLpcKxtXu95qpyHpePQGzxF9idl3MSyGhhOg+XLJzJ
S/QJigV7Z3h0Eu1kKvZUIoyQrMu4y6BBng4lA+CGFSOI85oQZbjqN0kOXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIEsNiO3Esp4bGtb+ci9RitpYiVdMB8GA1UdIwQY
MBaAFKKbuUdnUOwOJiKlBeUVEu9vWlu0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3B1NVIyZFE3QTRtSXFVRjVSVVM3MjlhVzdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9jMTE4MmUtZTM4Ny00YzgzLTk3MjYt
Y2FkOTUxMDIwNmFiLzEvZ1N3Mkk3Y1N5bmhzYTF2NXlMMUdLMmxpSlYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9jMTE4MmUtZTM4Ny00YzgzLTk3MjYtY2FkOTUxMDIwNmFi
LzEvb3B1NVIyZFE3QTRtSXFVRjVSVVM3MjlhVzdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw95pMA8E
AgACMAkDBwAgAQZ8BPgwDQYJKoZIhvcNAQELBQADggEBALig3368xnzSI85wfPOJ
s7i1f7BVORs6XBNybK3GjBhY11hHAqm/Bw1FLX/M7JODdi1lDsyIoOuKVI9U9XGg
plNLmD1Aso0l6HQzQFHJcXSAWoKhl/53b6XEfxKE6t15wCY/mYyuWvoKmycLMjex
YQ5biplNifkwpKyFW9BzT2XWUHXz+qbe1xYOFavmfhIynWnK00Pq5x/c46XYWth7
+3v7Fyid/lSD8mSjuXExifkD47FtmDLlMPqpEX7O4SqL0gHz7gUSVsQ0JGigZTiT
I2sWAmg554/d2msipOI5K2KrZQyrpg285svQ0H+jfOwQkbVfGg6w+fAkt7hUMwuR
9Tg=
-----END CERTIFICATE-----