Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9sP9q01I9jba6FzzHeA1RT3mm1Y.roa
File:                     9sP9q01I9jba6FzzHeA1RT3mm1Y.roa (raw, json)
Hash identifier:          RiFnsUbX5bhCvNHbH66lYYLHqQQgBM6LAPo/fd1gv/0=
Subject key identifier:   F6:C3:FD:AB:4D:48:F6:36:DA:E8:5C:F3:1D:E0:35:45:3D:E6:9B:56
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DE22A39A76B3E175CB5575E218F6936A5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9sP9q01I9jba6FzzHeA1RT3mm1Y.roa
Signing time:             Fri 01 May 2026 06:11:51 +0000
ROA not before:           Fri 01 May 2026 06:11:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208483
IP address blocks:        31.57.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:2a:39:a7:6b:3e:17:5c:b5:57:5e:21:8f:69:36:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  1 06:11:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6c3fdab4d48f636dae85cf31de035453de69b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:84:85:d7:39:5b:43:25:32:9f:05:2f:a4:05:
                    3e:47:8b:08:4d:42:46:f8:49:bb:33:06:07:96:fe:
                    37:ed:2c:55:7f:e6:98:64:30:d3:1e:71:92:95:b9:
                    e4:68:82:e2:5d:fd:cc:60:80:ec:2d:a5:21:09:31:
                    5d:42:16:89:2c:71:43:63:6a:24:97:a6:46:52:c9:
                    f8:d5:8c:ae:46:10:cb:ee:0b:dc:c8:91:e5:3a:ad:
                    4b:5a:17:c2:93:65:f0:3a:54:cc:7c:74:3b:74:03:
                    c1:e2:fc:e1:a5:1e:05:0c:31:c4:f0:bf:86:f0:40:
                    f1:64:e2:2b:a0:5f:7d:00:d2:5e:62:f5:73:02:90:
                    01:dd:e1:10:a3:d2:09:f6:48:0b:b0:0c:f6:d2:29:
                    af:7e:8a:47:f3:d0:46:17:ac:0c:4e:9b:53:06:f7:
                    bf:c6:bb:96:eb:2b:3b:fc:0a:99:42:78:90:eb:1d:
                    0f:0d:2c:07:4a:8e:19:e6:f3:0b:dc:05:0a:51:f2:
                    c8:65:e5:1d:92:a2:ef:61:7d:fc:09:e9:4a:53:0d:
                    ed:73:4d:c1:67:a9:6c:42:f4:eb:1d:93:67:a0:be:
                    66:0c:49:ae:5c:fa:8a:dd:da:c1:20:43:82:72:05:
                    d0:c1:85:cf:28:85:f2:4a:dd:9d:54:c2:4c:ba:87:
                    68:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:C3:FD:AB:4D:48:F6:36:DA:E8:5C:F3:1D:E0:35:45:3D:E6:9B:56
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9sP9q01I9jba6FzzHeA1RT3mm1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:d2:da:3d:3c:94:07:10:2c:2e:53:4a:81:2a:0d:5f:d1:06:
         c3:fb:8b:fb:f7:09:76:e6:d8:cd:df:92:d4:07:5d:db:9a:d7:
         22:4b:ef:2d:c1:de:b1:95:ec:4d:1b:4f:41:62:ab:c2:2f:5d:
         a2:33:fa:12:9b:56:b5:78:50:17:0a:76:67:59:c4:1c:a9:bf:
         c9:3f:46:55:21:8b:61:87:9a:e2:f2:bf:44:b2:f7:6a:da:b0:
         27:3a:ae:4a:00:cd:be:78:50:2c:88:b1:58:3d:44:43:1c:4a:
         a4:66:5e:d4:23:6f:47:b0:b3:fe:64:87:81:53:77:49:ef:03:
         3d:54:aa:c6:93:02:b7:cc:26:a1:c1:7c:6b:6b:66:b1:1a:4f:
         39:a8:f7:50:dc:31:8a:16:c7:07:f4:95:6c:e7:b7:d0:15:02:
         c9:0f:47:62:f0:f6:a8:33:3b:d5:7f:13:f6:8a:28:12:f2:a9:
         78:28:72:64:52:ec:3f:c3:17:aa:58:fa:78:e9:24:1e:8a:9b:
         6a:de:4b:b7:86:22:99:4e:a6:37:a1:4b:7d:e5:16:82:66:1e:
         72:07:58:1d:c1:e1:bf:0f:2e:40:90:26:45:37:fa:19:24:d3:
         91:e3:1b:64:6b:8c:3d:95:dd:38:2e:70:65:81:e7:59:20:86:
         6a:e9:49:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3iKjmnaz4XXLVXXiGPaTalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTAxMDYxMTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmMzZmRhYjRkNDhmNjM2ZGFlODVjZjMxZGUwMzU0NTNkZTY5YjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYSF1zlbQyUynwUvpAU+R4sITUJG
+Em7MwYHlv437SxVf+aYZDDTHnGSlbnkaILiXf3MYIDsLaUhCTFdQhaJLHFDY2ok
l6ZGUsn41YyuRhDL7gvcyJHlOq1LWhfCk2XwOlTMfHQ7dAPB4vzhpR4FDDHE8L+G
8EDxZOIroF99ANJeYvVzApAB3eEQo9IJ9kgLsAz20imvfopH89BGF6wMTptTBve/
xruW6ys7/AqZQniQ6x0PDSwHSo4Z5vML3AUKUfLIZeUdkqLvYX38CelKUw3tc03B
Z6lsQvTrHZNnoL5mDEmuXPqK3drBIEOCcgXQwYXPKIXySt2dVMJMuodo5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbD/atNSPY22uhc8x3gNUU95ptWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOXNQOXEwMUk5amJhNkZ6ekhlQTFSVDNtbTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmHMA0G
CSqGSIb3DQEBCwUAA4IBAQCp0to9PJQHECwuU0qBKg1f0QbD+4v79wl25tjN35LU
B13bmtciS+8twd6xlexNG09BYqvCL12iM/oSm1a1eFAXCnZnWcQcqb/JP0ZVIYth
h5ri8r9Esvdq2rAnOq5KAM2+eFAsiLFYPURDHEqkZl7UI29HsLP+ZIeBU3dJ7wM9
VKrGkwK3zCahwXxra2axGk85qPdQ3DGKFscH9JVs57fQFQLJD0di8PaoMzvVfxP2
iigS8ql4KHJkUuw/wxeqWPp46SQeiptq3ku3hiKZTqY3oUt95RaCZh5yB1gdweG/
Dy5AkCZFN/oZJNOR4xtka4w9ld04LnBlgedZIIZq6Unu
-----END CERTIFICATE-----