Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/Gppiqe66tYvTY_bvhtdffeBDXfU.roa
File:                     Gppiqe66tYvTY_bvhtdffeBDXfU.roa (raw, json)
Hash identifier:          1bDkhYgVlINVvrOvoqRYuV0vUhahgYtSIbQpuqAq/WE=
Subject key identifier:   1A:9A:62:A9:EE:BA:B5:8B:D3:63:F6:EF:86:D7:5F:7D:E0:43:5D:F5
Certificate issuer:       /CN=f6b54e15714c23f35fdcf5a316c6b99a35410588
Certificate serial:       019B79EC8DB06C8E3D9F6DB9415906A36CA6
Authority key identifier: F6:B5:4E:15:71:4C:23:F3:5F:DC:F5:A3:16:C6:B9:9A:35:41:05:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/Gppiqe66tYvTY_bvhtdffeBDXfU.roa
Signing time:             Thu 01 Jan 2026 14:18:24 +0000
ROA not before:           Thu 01 Jan 2026 14:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211785
IP address blocks:        185.241.11.0/24 maxlen: 24
                          2a10:9ec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:8d:b0:6c:8e:3d:9f:6d:b9:41:59:06:a3:6c:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6b54e15714c23f35fdcf5a316c6b99a35410588
        Validity
            Not Before: Jan  1 14:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a9a62a9eebab58bd363f6ef86d75f7de0435df5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:37:e1:2f:53:05:5a:ef:f8:f5:32:73:2b:d7:
                    74:cc:73:e5:21:6d:e7:60:02:1e:7a:b2:22:72:26:
                    1f:0a:46:1d:4b:43:6f:e5:fe:d2:b9:c4:f1:75:be:
                    a3:2e:63:5f:52:88:21:35:eb:b5:2f:f0:e2:ed:00:
                    a8:f1:76:f3:49:9c:6e:01:81:cb:2e:e1:6e:74:96:
                    26:46:91:21:a2:14:c8:47:be:b4:3c:5f:01:d9:ea:
                    a4:55:77:6d:b6:28:1b:20:e7:34:82:77:01:c7:83:
                    cc:d5:d5:e8:64:81:ee:f6:34:ef:e9:eb:f5:c2:37:
                    f2:73:18:2c:f4:ed:41:b8:f0:8a:50:21:20:77:a5:
                    38:04:4c:ab:c6:a4:d7:03:1a:4e:87:ef:7f:7b:a3:
                    64:1b:c0:67:86:5f:b1:f3:6d:72:38:3e:eb:4b:37:
                    18:21:a7:4e:e9:cb:dd:08:fd:94:79:b2:d6:d1:7e:
                    ad:40:6d:48:e9:5c:36:2d:a5:a3:63:1b:7f:d5:4e:
                    47:d6:0a:c9:7f:e8:a4:59:96:a1:78:39:95:8b:59:
                    bd:d9:1c:73:28:fa:55:6f:f5:7c:81:09:db:43:53:
                    47:66:e4:40:15:38:db:0c:40:17:19:e4:a9:1f:c6:
                    5f:90:09:42:55:dc:66:32:da:50:50:65:b2:52:b8:
                    d4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:9A:62:A9:EE:BA:B5:8B:D3:63:F6:EF:86:D7:5F:7D:E0:43:5D:F5
            X509v3 Authority Key Identifier:
                keyid:F6:B5:4E:15:71:4C:23:F3:5F:DC:F5:A3:16:C6:B9:9A:35:41:05:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/Gppiqe66tYvTY_bvhtdffeBDXfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.11.0/24
                IPv6:
                  2a10:9ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:66:fe:29:af:24:0a:66:da:c8:24:39:63:b1:86:44:da:62:
         c3:f2:c7:0e:f0:36:af:de:68:ff:2c:0c:39:3e:7e:f0:84:57:
         ac:f2:ca:b6:3c:20:38:48:24:39:17:f9:da:01:ba:ce:34:96:
         2b:07:fa:f7:be:7a:85:cd:04:7b:64:f1:75:1a:2a:08:b8:93:
         d0:0d:61:c8:d5:68:c2:f6:10:72:50:08:52:ed:a4:a0:62:30:
         77:12:91:69:ff:1a:b3:74:75:ec:b3:ec:eb:9d:6a:e7:8d:88:
         da:3a:48:4f:3a:22:23:0f:b5:70:b0:9a:09:52:51:55:41:20:
         05:21:30:27:9e:24:a1:c9:3e:96:36:09:bd:a1:1e:9e:de:80:
         15:52:6c:72:da:35:3b:06:08:90:d7:47:b3:80:b6:e2:19:26:
         11:82:c9:92:35:5d:24:29:6a:8c:9b:b5:32:8d:3a:36:7d:28:
         d4:4c:6d:0f:cc:23:de:d8:94:e0:5f:4a:23:45:37:35:52:ff:
         72:96:0d:14:ce:7c:56:3b:a9:aa:45:c8:53:63:87:f9:ec:f8:
         27:7b:f4:36:9d:3d:92:e5:15:69:e5:8f:04:cb:3b:e7:5a:04:
         91:56:fd:1e:bc:46:23:37:ae:2d:7c:dd:79:29:98:cb:ab:01:
         be:1f:2d:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt57I2wbI49n225QVkGo2ymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YjU0ZTE1NzE0YzIzZjM1ZmRjZjVhMzE2YzZiOTlhMzU0
MTA1ODgwHhcNMjYwMTAxMTQxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTlhNjJhOWVlYmFiNThiZDM2M2Y2ZWY4NmQ3NWY3ZGUwNDM1ZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzfhL1MFWu/49TJzK9d0zHPlIW3n
YAIeerIiciYfCkYdS0Nv5f7SucTxdb6jLmNfUoghNeu1L/Di7QCo8XbzSZxuAYHL
LuFudJYmRpEhohTIR760PF8B2eqkVXdttigbIOc0gncBx4PM1dXoZIHu9jTv6ev1
wjfycxgs9O1BuPCKUCEgd6U4BEyrxqTXAxpOh+9/e6NkG8Bnhl+x821yOD7rSzcY
IadO6cvdCP2UebLW0X6tQG1I6Vw2LaWjYxt/1U5H1grJf+ikWZaheDmVi1m92Rxz
KPpVb/V8gQnbQ1NHZuRAFTjbDEAXGeSpH8ZfkAlCVdxmMtpQUGWyUrjUxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBqaYqnuurWL02P274bXX33gQ131MB8GA1UdIwQY
MBaAFPa1ThVxTCPzX9z1oxbGuZo1QQWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXJWT0ZYRk1JX05mM1BXakZzYTVtalZCQllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8wOTcyNzgtZWFiNi00MWY3LTgyYWMt
YTA3OGM2Y2NiZTZiLzEvR3BwaXFlNjZ0WXZUWV9idmh0ZGZmZUJEWGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8wOTcyNzgtZWFiNi00MWY3LTgyYWMtYTA3OGM2Y2NiZTZi
LzEvOXJWT0ZYRk1JX05mM1BXakZzYTVtalZCQllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufELMA0E
AgACMAcDBQMqEJ7AMA0GCSqGSIb3DQEBCwUAA4IBAQApZv4pryQKZtrIJDljsYZE
2mLD8scO8Dav3mj/LAw5Pn7whFes8sq2PCA4SCQ5F/naAbrONJYrB/r3vnqFzQR7
ZPF1GioIuJPQDWHI1WjC9hByUAhS7aSgYjB3EpFp/xqzdHXss+zrnWrnjYjaOkhP
OiIjD7VwsJoJUlFVQSAFITAnniShyT6WNgm9oR6e3oAVUmxy2jU7BgiQ10ezgLbi
GSYRgsmSNV0kKWqMm7UyjTo2fSjUTG0PzCPe2JTgX0ojRTc1Uv9ylg0UznxWO6mq
RchTY4f57Pgne/Q2nT2S5RVp5Y8EyzvnWgSRVv0evEYjN64tfN15KZjLqwG+Hy3+
-----END CERTIFICATE-----