Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/Gj3q6BUrOlXkSFTxYL-qpFmf_vk.roa
File:                     Gj3q6BUrOlXkSFTxYL-qpFmf_vk.roa (raw, json)
Hash identifier:          whp8DDz0dPW4+zkA02OHiJY2B4aYPpsEKoqbxk/AXoU=
Subject key identifier:   1A:3D:EA:E8:15:2B:3A:55:E4:48:54:F1:60:BF:AA:A4:59:9F:FE:F9
Certificate issuer:       /CN=74e133ea1e40fc13e074e327710a5344a960b5c0
Certificate serial:       019CFAC5907E4C8580EFDE06BC00AC6CA9BD
Authority key identifier: 74:E1:33:EA:1E:40:FC:13:E0:74:E3:27:71:0A:53:44:A9:60:B5:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOEz6h5A_BPgdOMncQpTRKlgtcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/Gj3q6BUrOlXkSFTxYL-qpFmf_vk.roa
Signing time:             Tue 17 Mar 2026 07:49:37 +0000
ROA not before:           Tue 17 Mar 2026 07:49:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34984
IP address blocks:        31.169.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/dOEz6h5A_BPgdOMncQpTRKlgtcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/dOEz6h5A_BPgdOMncQpTRKlgtcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOEz6h5A_BPgdOMncQpTRKlgtcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fa:c5:90:7e:4c:85:80:ef:de:06:bc:00:ac:6c:a9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e133ea1e40fc13e074e327710a5344a960b5c0
        Validity
            Not Before: Mar 17 07:49:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a3deae8152b3a55e44854f160bfaaa4599ffef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:18:ce:e2:4e:ec:31:7f:46:da:db:05:62:02:
                    39:b4:86:ab:a0:b2:92:39:1f:82:4b:48:99:fb:d6:
                    97:65:40:d1:15:1a:5f:a2:df:72:24:ce:b7:77:c0:
                    a6:f2:78:4e:a8:3c:de:3a:85:fe:05:90:0e:c4:2e:
                    fc:9b:9a:2d:61:5c:fb:cb:a1:7f:d6:12:d5:b4:33:
                    17:85:36:7c:60:6c:5c:d2:4c:e2:e2:bd:6e:19:11:
                    48:f4:20:ac:24:c3:fb:b2:4d:05:05:ed:13:db:bd:
                    a5:ad:db:6b:c1:dc:2a:4c:08:ba:c6:49:eb:19:ba:
                    d4:a2:1e:c4:b4:3c:d7:d1:f1:fc:5d:b5:b4:4c:48:
                    91:3a:f1:1d:3d:9d:1b:d5:8f:15:4a:c1:07:1a:e7:
                    9f:e2:f4:4f:bb:f6:73:89:65:b9:60:77:89:29:6b:
                    da:e5:9c:3b:a8:f1:3d:d3:fc:80:2e:37:9b:f9:83:
                    d9:d0:6c:30:ed:47:ab:e0:df:21:3e:19:81:74:bd:
                    d5:2b:6b:bb:1c:98:ba:5b:84:3a:72:8e:c0:bd:5c:
                    ad:12:6d:65:a2:19:9a:ed:bf:12:8b:5d:e8:d3:86:
                    48:d9:41:98:f9:34:cd:c3:6d:ad:48:4b:76:ba:89:
                    c0:af:ee:95:61:01:84:da:eb:aa:ab:fa:75:a3:1d:
                    72:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:3D:EA:E8:15:2B:3A:55:E4:48:54:F1:60:BF:AA:A4:59:9F:FE:F9
            X509v3 Authority Key Identifier:
                keyid:74:E1:33:EA:1E:40:FC:13:E0:74:E3:27:71:0A:53:44:A9:60:B5:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOEz6h5A_BPgdOMncQpTRKlgtcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/Gj3q6BUrOlXkSFTxYL-qpFmf_vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/dOEz6h5A_BPgdOMncQpTRKlgtcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:79:fd:01:61:d2:7d:16:23:49:5c:f9:48:3b:8d:2d:3f:25:
         66:a1:f6:bc:06:e2:73:aa:82:c6:b8:fd:0d:ef:43:0d:3d:9f:
         f3:65:8f:ef:66:a1:cb:4d:28:23:65:f9:70:d3:b0:bd:f0:a1:
         85:0f:ce:5c:f3:b5:b6:7b:34:e8:fb:6d:85:33:03:eb:0b:60:
         f0:5b:e2:78:77:94:eb:e1:64:8e:77:4b:ad:90:bf:39:9b:eb:
         1d:74:3f:19:ed:fa:fd:ea:4a:5f:f5:e4:f9:d3:49:71:ea:19:
         3d:b1:50:71:41:8c:41:d9:1c:fc:c0:ac:a6:e6:74:43:65:5e:
         36:58:5e:3d:5b:a7:a4:a2:25:97:68:94:6e:9b:eb:79:24:69:
         ec:19:64:3b:bf:1e:72:0b:58:ee:e5:30:ed:8c:fa:be:08:9c:
         af:26:d3:35:fd:86:6f:e8:67:47:90:84:a7:4a:1f:7c:da:ce:
         ce:f2:94:d8:3d:dd:cd:54:11:82:24:c9:ff:45:3b:33:62:19:
         15:34:9b:36:62:eb:b9:74:1e:b9:26:b4:16:53:44:9f:60:a6:
         b3:59:87:0d:b1:97:3e:45:80:c2:a8:58:40:e9:13:84:25:02:
         84:da:62:c7:22:2b:3e:bb:b9:b9:72:de:b8:c0:8d:a8:e7:b7:
         f7:bc:2f:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz6xZB+TIWA794GvACsbKm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTEzM2VhMWU0MGZjMTNlMDc0ZTMyNzcxMGE1MzQ0YTk2
MGI1YzAwHhcNMjYwMzE3MDc0OTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTNkZWFlODE1MmIzYTU1ZTQ0ODU0ZjE2MGJmYWFhNDU5OWZmZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxjO4k7sMX9G2tsFYgI5tIaroLKS
OR+CS0iZ+9aXZUDRFRpfot9yJM63d8Cm8nhOqDzeOoX+BZAOxC78m5otYVz7y6F/
1hLVtDMXhTZ8YGxc0kzi4r1uGRFI9CCsJMP7sk0FBe0T272lrdtrwdwqTAi6xknr
GbrUoh7EtDzX0fH8XbW0TEiROvEdPZ0b1Y8VSsEHGuef4vRPu/ZziWW5YHeJKWva
5Zw7qPE90/yALjeb+YPZ0Gww7Uer4N8hPhmBdL3VK2u7HJi6W4Q6co7AvVytEm1l
ohma7b8Si13o04ZI2UGY+TTNw22tSEt2uonAr+6VYQGE2uuqq/p1ox1ySwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBo96ugVKzpV5EhU8WC/qqRZn/75MB8GA1UdIwQY
MBaAFHThM+oeQPwT4HTjJ3EKU0SpYLXAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9FejZoNUFfQlBnZE9NbmNRcFRSS2xndGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xZjU1ODctY2I5Mi00OTE3LThjZjMt
MmNiOWUyMTcyZjk3LzEvR2ozcTZCVXJPbFhrU0ZUeFlMLXFwRm1mX3ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8xZjU1ODctY2I5Mi00OTE3LThjZjMtMmNiOWUyMTcyZjk3
LzEvZE9FejZoNUFfQlBnZE9NbmNRcFRSS2xndGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6lEMA0G
CSqGSIb3DQEBCwUAA4IBAQC7ef0BYdJ9FiNJXPlIO40tPyVmofa8BuJzqoLGuP0N
70MNPZ/zZY/vZqHLTSgjZflw07C98KGFD85c87W2ezTo+22FMwPrC2DwW+J4d5Tr
4WSOd0utkL85m+sddD8Z7fr96kpf9eT500lx6hk9sVBxQYxB2Rz8wKym5nRDZV42
WF49W6ekoiWXaJRum+t5JGnsGWQ7vx5yC1ju5TDtjPq+CJyvJtM1/YZv6GdHkISn
Sh982s7O8pTYPd3NVBGCJMn/RTszYhkVNJs2Yuu5dB65JrQWU0SfYKazWYcNsZc+
RYDCqFhA6ROEJQKE2mLHIis+u7m5ct64wI2o57f3vC+j
-----END CERTIFICATE-----