Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Qc5rk4SrG12CWELDdsxbohjIWYE.roa
File:                     Qc5rk4SrG12CWELDdsxbohjIWYE.roa (raw, json)
Hash identifier:          kzyfhMBC0gX+5FD84ykfwsLGo9w4/G+NMGY5oesMb9M=
Subject key identifier:   41:CE:6B:93:84:AB:1B:5D:82:58:42:C3:76:CC:5B:A2:18:C8:59:81
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CD3CAD8F13FFD5BBDBC6A3CC623229E52
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Qc5rk4SrG12CWELDdsxbohjIWYE.roa
Signing time:             Mon 09 Mar 2026 18:10:12 +0000
ROA not before:           Mon 09 Mar 2026 18:10:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213799
IP address blocks:        31.56.214.0/24 maxlen: 24
                          31.58.247.0/24 maxlen: 24
                          31.58.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d3:ca:d8:f1:3f:fd:5b:bd:bc:6a:3c:c6:23:22:9e:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  9 18:10:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41ce6b9384ab1b5d825842c376cc5ba218c85981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:c0:07:09:35:54:a6:57:26:0a:48:af:9b:cd:
                    88:00:17:0b:c5:45:7e:9f:20:cb:c9:ad:37:41:90:
                    aa:87:d6:72:ed:77:51:55:9c:4e:84:b9:e9:e9:0b:
                    b2:ea:9e:03:ef:e4:3e:d8:cf:c8:dd:e3:db:ad:54:
                    b1:32:5a:f1:e6:d5:1c:fa:a6:60:8e:2e:27:58:03:
                    93:bc:23:3d:c8:4e:9d:83:22:bb:24:e3:af:ac:83:
                    df:e0:24:df:b6:2e:ac:c4:b7:6c:17:bd:0d:64:bc:
                    28:4d:48:81:73:15:6f:ef:3b:08:1a:82:ad:66:27:
                    4b:0e:76:dd:14:bd:2b:7a:56:6c:9a:d3:a4:56:64:
                    f4:be:75:1e:c2:10:88:14:d9:e7:78:ca:9f:f7:5d:
                    d1:ab:61:cc:a3:12:36:be:04:12:6d:87:e0:26:d4:
                    4c:dd:6d:52:4a:e5:9f:23:7f:ca:88:d8:1a:31:2a:
                    28:f4:cd:3b:71:5f:ef:40:4b:13:fa:5a:b6:1b:37:
                    4b:15:d4:b8:4b:09:74:94:06:4a:81:01:fd:58:a4:
                    d5:39:a6:24:c3:fe:7e:82:3d:32:7f:be:45:89:b0:
                    6d:b1:20:69:1f:25:40:71:8a:c2:98:db:4f:39:0d:
                    fd:fe:76:7b:57:76:64:c6:a5:6e:bb:97:5d:08:d9:
                    31:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CE:6B:93:84:AB:1B:5D:82:58:42:C3:76:CC:5B:A2:18:C8:59:81
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Qc5rk4SrG12CWELDdsxbohjIWYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.214.0/24
                  31.58.247.0/24
                  31.58.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:15:e8:18:ce:ec:ac:57:90:5d:7a:8b:e7:73:fc:81:6c:00:
         6a:b1:97:d2:4c:6a:85:05:1d:ea:eb:9e:bd:81:85:12:c6:ee:
         eb:33:e8:cd:d3:7b:fd:fc:65:ec:79:55:16:e0:3b:b0:83:97:
         17:5b:67:ad:6a:e4:ad:5c:46:32:f5:28:35:b5:83:0f:f5:37:
         cb:99:41:d4:71:02:85:24:10:0b:26:67:3d:2f:6b:4a:db:fa:
         b7:ee:06:9e:9d:f1:9a:31:fa:a5:60:fd:ae:71:3c:73:c2:59:
         68:c9:01:91:68:97:89:75:f0:63:0a:13:c6:1a:30:30:b6:a7:
         4b:98:a0:66:f2:51:32:59:6e:1b:ca:ba:42:21:c6:01:40:2b:
         f5:72:aa:59:b9:77:54:c3:41:fa:f0:2c:7a:54:c7:33:e9:f4:
         55:1b:a2:1f:2b:ab:d4:8f:85:d2:42:43:1d:92:4f:6d:a3:01:
         1e:00:33:c4:1d:52:0f:65:d3:f5:fa:85:49:fc:28:13:c9:4e:
         1f:53:e9:d0:13:57:96:1f:c6:13:fd:4e:16:d4:47:4d:73:00:
         4d:ab:4b:b0:f9:c3:2f:2c:c9:75:c9:dc:41:dd:62:0a:7e:77:
         dc:ea:c3:98:01:41:2f:15:1a:41:5e:a9:00:90:e5:18:21:7f:
         3a:c8:f4:f7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzTytjxP/1bvbxqPMYjIp5SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzA5MTgxMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWNlNmI5Mzg0YWIxYjVkODI1ODQyYzM3NmNjNWJhMjE4Yzg1OTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+cAHCTVUplcmCkivm82IABcLxUV+
nyDLya03QZCqh9Zy7XdRVZxOhLnp6Quy6p4D7+Q+2M/I3ePbrVSxMlrx5tUc+qZg
ji4nWAOTvCM9yE6dgyK7JOOvrIPf4CTfti6sxLdsF70NZLwoTUiBcxVv7zsIGoKt
ZidLDnbdFL0relZsmtOkVmT0vnUewhCIFNnneMqf913Rq2HMoxI2vgQSbYfgJtRM
3W1SSuWfI3/KiNgaMSoo9M07cV/vQEsT+lq2GzdLFdS4Swl0lAZKgQH9WKTVOaYk
w/5+gj0yf75FibBtsSBpHyVAcYrCmNtPOQ39/nZ7V3ZkxqVuu5ddCNkxLwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEHOa5OEqxtdglhCw3bMW6IYyFmBMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUWM1cms0U3JHMTJDV0VMRGRzeGJvaGpJV1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzjWAwQA
Hzr3AwQAHzr6MA0GCSqGSIb3DQEBCwUAA4IBAQBwFegYzuysV5Bdeovnc/yBbABq
sZfSTGqFBR3q6569gYUSxu7rM+jN03v9/GXseVUW4Duwg5cXW2etauStXEYy9Sg1
tYMP9TfLmUHUcQKFJBALJmc9L2tK2/q37gaenfGaMfqlYP2ucTxzwlloyQGRaJeJ
dfBjChPGGjAwtqdLmKBm8lEyWW4byrpCIcYBQCv1cqpZuXdUw0H68Cx6VMcz6fRV
G6IfK6vUj4XSQkMdkk9towEeADPEHVIPZdP1+oVJ/CgTyU4fU+nQE1eWH8YT/U4W
1EdNcwBNq0uw+cMvLMl1ydxB3WIKfnfc6sOYAUEvFRpBXqkAkOUYIX86yPT3
-----END CERTIFICATE-----