Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/GXhFfzPpIHoP7RLYcFMqTWluEZ0.roa
File:                     GXhFfzPpIHoP7RLYcFMqTWluEZ0.roa (raw, json)
Hash identifier:          Yx/Lhj5zxPnVZAFBihFZiUuZcLJQ578c7k6Oe82WcJ0=
Subject key identifier:   19:78:45:7F:33:E9:20:7A:0F:ED:12:D8:70:53:2A:4D:69:6E:11:9D
Certificate issuer:       /CN=4cabf33b0b380888fe1e3b80eda48b1781bb7709
Certificate serial:       019B78350234986B831E7891C69FE602D696
Authority key identifier: 4C:AB:F3:3B:0B:38:08:88:FE:1E:3B:80:ED:A4:8B:17:81:BB:77:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKvzOws4CIj-HjuA7aSLF4G7dwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/GXhFfzPpIHoP7RLYcFMqTWluEZ0.roa
Signing time:             Thu 01 Jan 2026 06:18:18 +0000
ROA not before:           Thu 01 Jan 2026 06:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209400
IP address blocks:        37.228.140.0/22 maxlen: 22
                          94.199.208.0/22 maxlen: 22
                          185.38.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/TKvzOws4CIj-HjuA7aSLF4G7dwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/TKvzOws4CIj-HjuA7aSLF4G7dwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKvzOws4CIj-HjuA7aSLF4G7dwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:02:34:98:6b:83:1e:78:91:c6:9f:e6:02:d6:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cabf33b0b380888fe1e3b80eda48b1781bb7709
        Validity
            Not Before: Jan  1 06:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1978457f33e9207a0fed12d870532a4d696e119d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:51:e5:5c:ef:fd:17:a7:65:9d:6f:d1:4c:82:
                    ff:f7:8c:0d:4b:d6:49:99:f8:a0:85:5a:c2:19:90:
                    12:14:c7:34:f1:7a:a3:b0:cd:be:60:04:f8:77:3c:
                    e0:62:40:b8:b9:f6:8a:2f:fd:91:be:58:fc:73:65:
                    be:30:b5:7b:2b:8b:37:21:29:1e:c4:fd:19:2e:dc:
                    64:60:52:55:c7:3a:c1:7a:b4:75:0c:88:3f:68:8f:
                    44:6e:8c:84:bf:f5:99:fd:3b:e8:73:fe:cc:db:9b:
                    9e:34:5e:0b:a3:dc:1e:d4:eb:ca:8e:69:d3:25:3d:
                    fa:9e:9d:f0:17:38:c1:dc:e9:69:ea:0d:ac:1a:37:
                    e3:7b:c5:cb:b1:ae:c9:98:75:29:cd:a1:1b:ee:33:
                    48:de:d0:cc:09:98:cb:b2:ec:75:a0:db:ec:ac:f2:
                    12:b1:0d:15:c4:1d:aa:71:6a:40:92:84:22:df:a2:
                    a0:87:80:1e:e5:a0:69:bd:56:86:14:fa:32:da:10:
                    87:1f:6f:c2:07:6a:07:05:62:93:51:93:4d:de:ab:
                    b6:c3:d3:26:47:e5:09:fe:b0:84:0d:a2:1a:ec:94:
                    71:61:45:47:90:e6:b1:8f:e2:ec:5e:20:36:a5:65:
                    f3:1d:a1:20:a8:cc:d6:70:79:77:07:d8:a6:24:7f:
                    3a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:78:45:7F:33:E9:20:7A:0F:ED:12:D8:70:53:2A:4D:69:6E:11:9D
            X509v3 Authority Key Identifier:
                keyid:4C:AB:F3:3B:0B:38:08:88:FE:1E:3B:80:ED:A4:8B:17:81:BB:77:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKvzOws4CIj-HjuA7aSLF4G7dwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/GXhFfzPpIHoP7RLYcFMqTWluEZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/TKvzOws4CIj-HjuA7aSLF4G7dwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.228.140.0/22
                  94.199.208.0/22
                  185.38.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:f3:e2:2c:a8:9b:5f:e7:2c:95:92:24:66:37:f4:b0:89:51:
         f4:4f:0b:37:fa:96:51:1f:58:f7:be:c3:93:26:f8:de:13:41:
         67:0b:99:5e:d0:b5:b0:5d:9b:b0:4f:49:58:37:9a:11:92:db:
         6d:d6:d0:a1:c2:e8:01:a9:9d:a4:0f:83:af:c8:ed:e7:41:14:
         c9:da:87:a4:ac:fc:e7:d0:67:8b:b0:61:d2:db:7d:b5:4b:49:
         dc:96:51:4a:4a:cf:11:d9:93:fe:88:4b:c9:cc:4c:90:4a:60:
         8f:5d:21:75:24:6d:50:7a:f3:7d:8a:02:dc:4a:94:5e:3e:0e:
         24:b3:1b:00:a5:cb:1d:d9:86:d3:20:85:13:8b:48:99:f7:63:
         ca:bf:fa:c5:83:6b:11:3e:4a:b5:61:81:ba:20:9c:15:06:40:
         b1:64:39:a8:bc:30:ff:73:f5:5f:15:87:36:0e:ce:ca:eb:84:
         57:f9:81:30:ea:c7:89:a1:1e:31:74:f6:d7:76:0c:70:b1:01:
         ff:08:ce:21:db:e0:fe:70:e3:3a:97:1a:b2:0c:52:0b:1a:0f:
         ea:c6:b5:25:36:64:c6:0a:84:53:4b:8d:ad:63:fc:40:76:be:
         ce:55:8d:83:fd:f2:71:52:ea:ee:c1:22:20:14:89:ee:07:fc:
         02:90:84:d3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt4NQI0mGuDHniRxp/mAtaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYWJmMzNiMGIzODA4ODhmZTFlM2I4MGVkYTQ4YjE3ODFi
Yjc3MDkwHhcNMjYwMTAxMDYxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTc4NDU3ZjMzZTkyMDdhMGZlZDEyZDg3MDUzMmE0ZDY5NmUxMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31HlXO/9F6dlnW/RTIL/94wNS9ZJ
mfighVrCGZASFMc08XqjsM2+YAT4dzzgYkC4ufaKL/2Rvlj8c2W+MLV7K4s3ISke
xP0ZLtxkYFJVxzrBerR1DIg/aI9EboyEv/WZ/Tvoc/7M25ueNF4Lo9we1OvKjmnT
JT36np3wFzjB3Olp6g2sGjfje8XLsa7JmHUpzaEb7jNI3tDMCZjLsux1oNvsrPIS
sQ0VxB2qcWpAkoQi36Kgh4Ae5aBpvVaGFPoy2hCHH2/CB2oHBWKTUZNN3qu2w9Mm
R+UJ/rCEDaIa7JRxYUVHkOaxj+LsXiA2pWXzHaEgqMzWcHl3B9imJH86oQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBl4RX8z6SB6D+0S2HBTKk1pbhGdMB8GA1UdIwQY
MBaAFEyr8zsLOAiI/h47gO2kixeBu3cJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEt2ek93czRDSWotSGp1QTdhU0xGNEc3ZHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xODVhNDItY2I3Zi00MDU4LTg2ZjUt
NDFhZTVmNGE1MDU1LzEvR1hoRmZ6UHBJSG9QN1JMWWNGTXFUV2x1RVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xODVhNDItY2I3Zi00MDU4LTg2ZjUtNDFhZTVmNGE1MDU1
LzEvVEt2ek93czRDSWotSGp1QTdhU0xGNEc3ZHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCJeSMAwQC
XsfQAwQCuSYoMA0GCSqGSIb3DQEBCwUAA4IBAQCW8+IsqJtf5yyVkiRmN/SwiVH0
Tws3+pZRH1j3vsOTJvjeE0FnC5le0LWwXZuwT0lYN5oRkttt1tChwugBqZ2kD4Ov
yO3nQRTJ2oekrPzn0GeLsGHS2321S0ncllFKSs8R2ZP+iEvJzEyQSmCPXSF1JG1Q
evN9igLcSpRePg4ksxsApcsd2YbTIIUTi0iZ92PKv/rFg2sRPkq1YYG6IJwVBkCx
ZDmovDD/c/VfFYc2Ds7K64RX+YEw6seJoR4xdPbXdgxwsQH/CM4h2+D+cOM6lxqy
DFILGg/qxrUlNmTGCoRTS42tY/xAdr7OVY2D/fJxUuruwSIgFInuB/wCkITT
-----END CERTIFICATE-----