Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bEYksC5UlkcvGYM5IiYDAhkx1Q8.roa
File:                     bEYksC5UlkcvGYM5IiYDAhkx1Q8.roa (raw, json)
Hash identifier:          QzNnBM4e7boLf2ygh/yHY9YRqXQM4SJPdK62TbI3rd0=
Subject key identifier:   6C:46:24:B0:2E:54:96:47:2F:19:83:39:22:26:03:02:19:31:D5:0F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CD26F112FCE4A735BACAB6D8CDD78B4EC
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bEYksC5UlkcvGYM5IiYDAhkx1Q8.roa
Signing time:             Mon 09 Mar 2026 11:50:20 +0000
ROA not before:           Mon 09 Mar 2026 11:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     393942
IP address blocks:        31.56.238.0/24 maxlen: 24
                          31.58.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:6f:11:2f:ce:4a:73:5b:ac:ab:6d:8c:dd:78:b4:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  9 11:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c4624b02e5496472f198339222603021931d50f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:57:20:09:1c:54:e3:5a:ea:0a:54:52:1f:49:
                    b0:6d:2e:89:75:53:d8:c9:51:9b:5c:c5:8a:b7:8c:
                    6d:88:59:e8:48:08:6d:78:e5:45:5b:07:16:41:a4:
                    3b:81:8d:bd:49:62:63:35:e5:65:b1:1c:d7:6e:9b:
                    1a:18:6b:74:1a:23:5d:f8:75:89:fb:7f:3e:a8:52:
                    f5:9f:ba:c7:5b:7b:a6:04:d5:2f:f5:de:bf:79:01:
                    90:af:56:b7:bd:25:26:ab:4d:b0:77:69:7a:c0:4d:
                    83:49:f6:83:24:55:7f:33:35:7d:04:10:38:8a:15:
                    59:83:b8:ea:c5:b1:87:a5:31:29:88:0b:10:76:68:
                    6e:17:f6:97:54:07:c7:7c:d4:cb:2f:7a:a8:71:25:
                    9c:35:ae:c9:31:89:af:ba:a4:d1:2a:7b:eb:c1:9e:
                    97:c3:80:6b:eb:a3:d9:f2:d0:20:1a:41:8b:da:af:
                    c8:45:a9:d4:72:fa:b5:94:2e:9b:02:3f:6c:9b:45:
                    1a:2d:48:8a:bd:cc:dc:43:93:f9:30:a8:99:d1:6c:
                    d5:57:7c:e9:d7:4f:a5:5a:40:e1:a0:6e:ae:96:3a:
                    b5:66:11:be:60:62:2f:c3:5b:48:9c:7d:f6:53:78:
                    b9:7c:9d:bb:44:8d:b4:ee:86:73:3c:64:ba:94:50:
                    2b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:46:24:B0:2E:54:96:47:2F:19:83:39:22:26:03:02:19:31:D5:0F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bEYksC5UlkcvGYM5IiYDAhkx1Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.238.0/24
                  31.58.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:fd:ff:db:f1:ff:3e:9f:07:08:0a:fc:25:94:16:6b:2a:16:
         6f:0d:b3:9a:e5:3e:bc:ec:a5:70:e4:30:fe:6b:f8:04:41:61:
         f2:0d:ba:61:68:dd:b2:93:ff:ee:18:32:df:f8:03:aa:26:d4:
         b6:79:3b:02:cd:1e:a8:04:87:2f:3c:16:77:7b:df:26:e9:b9:
         4e:fd:29:b4:d5:94:77:73:11:34:ae:53:83:18:3c:56:c5:37:
         40:36:58:f3:78:1d:d6:78:82:75:23:f0:f0:0e:9a:2d:a9:80:
         13:83:a8:f4:3d:e8:5d:ac:57:a0:0d:e7:ef:50:f8:66:cf:cf:
         d2:5c:92:43:11:20:68:81:3d:35:38:d5:d7:38:23:36:35:47:
         d2:85:12:90:56:bd:64:36:6c:f8:53:7b:46:f3:7a:91:d5:d2:
         bd:8f:0f:c7:15:c7:dc:5f:f7:0c:7c:e4:b2:5d:b7:cc:68:7d:
         fd:d1:e3:ca:ee:a8:1f:fe:14:48:a9:94:38:e6:22:8d:3c:4c:
         d8:ba:c7:92:a0:96:0c:57:6d:ed:58:b4:fb:ba:16:0f:f2:c3:
         01:ff:10:6b:cd:a5:b6:df:40:5e:f3:fc:1c:c5:ba:a9:a4:5f:
         02:f3:dd:8e:0b:b8:9f:f8:43:cc:dc:df:f0:0f:54:bc:83:9b:
         38:e7:a2:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzSbxEvzkpzW6yrbYzdeLTsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzA5MTE1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzQ2MjRiMDJlNTQ5NjQ3MmYxOTgzMzkyMjI2MDMwMjE5MzFkNTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA91cgCRxU41rqClRSH0mwbS6JdVPY
yVGbXMWKt4xtiFnoSAhteOVFWwcWQaQ7gY29SWJjNeVlsRzXbpsaGGt0GiNd+HWJ
+38+qFL1n7rHW3umBNUv9d6/eQGQr1a3vSUmq02wd2l6wE2DSfaDJFV/MzV9BBA4
ihVZg7jqxbGHpTEpiAsQdmhuF/aXVAfHfNTLL3qocSWcNa7JMYmvuqTRKnvrwZ6X
w4Br66PZ8tAgGkGL2q/IRanUcvq1lC6bAj9sm0UaLUiKvczcQ5P5MKiZ0WzVV3zp
10+lWkDhoG6uljq1ZhG+YGIvw1tInH32U3i5fJ27RI207oZzPGS6lFArrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGxGJLAuVJZHLxmDOSImAwIZMdUPMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYkVZa3NDNVVsa2N2R1lNNUlpWURBaGt4MVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzjuAwQA
HzpFMA0GCSqGSIb3DQEBCwUAA4IBAQAs/f/b8f8+nwcICvwllBZrKhZvDbOa5T68
7KVw5DD+a/gEQWHyDbphaN2yk//uGDLf+AOqJtS2eTsCzR6oBIcvPBZ3e98m6blO
/Sm01ZR3cxE0rlODGDxWxTdANljzeB3WeIJ1I/DwDpotqYATg6j0PehdrFegDefv
UPhmz8/SXJJDESBogT01ONXXOCM2NUfShRKQVr1kNmz4U3tG83qR1dK9jw/HFcfc
X/cMfOSyXbfMaH390ePK7qgf/hRIqZQ45iKNPEzYuseSoJYMV23tWLT7uhYP8sMB
/xBrzaW230Be8/wcxbqppF8C892OC7if+EPM3N/wD1S8g5s456IA
-----END CERTIFICATE-----