Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hbWPGXE2vMjlzgV8Q-iAss9w4NM.roa
File:                     hbWPGXE2vMjlzgV8Q-iAss9w4NM.roa (raw, json)
Hash identifier:          2T+UzF90egxmvwWOraDAvZwCSALBa9tzQbvYFMz+aHI=
Subject key identifier:   85:B5:8F:19:71:36:BC:C8:E5:CE:05:7C:43:E8:80:B2:CF:70:E0:D3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DFE9A63BD84C35BF9F2FCC10364837938
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hbWPGXE2vMjlzgV8Q-iAss9w4NM.roa
Signing time:             Wed 06 May 2026 18:43:44 +0000
ROA not before:           Wed 06 May 2026 18:43:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55177
IP address blocks:        31.57.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:9a:63:bd:84:c3:5b:f9:f2:fc:c1:03:64:83:79:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  6 18:43:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85b58f197136bcc8e5ce057c43e880b2cf70e0d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c8:fd:55:57:b4:2f:5f:43:48:01:a4:07:83:
                    1b:3f:fb:c0:18:0d:9e:9f:e1:bd:b4:0d:b8:63:7c:
                    b9:b3:2c:23:76:cf:62:bf:d1:90:ed:e4:76:e7:69:
                    cb:ea:37:fb:81:58:3e:57:42:7c:f7:14:75:4f:98:
                    1f:16:9c:63:d7:62:0a:1f:3c:a0:1c:5a:85:e7:aa:
                    d2:12:e6:8f:8b:1d:a9:07:ed:6e:64:68:2a:fb:84:
                    a7:72:4a:eb:22:7a:15:c0:41:62:18:fa:a3:18:9a:
                    fe:d0:2d:bb:69:2a:19:b6:c4:0d:ab:2b:85:f6:dd:
                    d8:80:83:00:b8:97:17:3d:f6:bd:cb:65:8b:ae:29:
                    90:c6:ab:0c:46:7d:57:8d:b0:de:bc:93:34:7d:29:
                    f1:a7:1a:f4:4f:2f:62:12:95:53:a4:47:0b:ea:c3:
                    b8:6c:36:4c:7e:82:c6:11:65:70:8a:69:24:7a:7f:
                    a6:ab:10:27:59:3f:da:4a:75:fb:94:7c:2a:c1:a1:
                    c2:a9:2e:8c:8e:b0:6a:14:5a:30:d7:5a:3d:a7:a3:
                    6b:a1:8d:6e:48:4d:de:a2:97:69:44:51:3f:fb:f2:
                    dc:50:6f:27:11:41:6d:af:4f:fe:f7:10:b1:d4:03:
                    66:c2:95:41:b3:79:cc:ac:16:a8:f0:9c:3a:ba:2b:
                    d2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B5:8F:19:71:36:BC:C8:E5:CE:05:7C:43:E8:80:B2:CF:70:E0:D3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hbWPGXE2vMjlzgV8Q-iAss9w4NM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:c4:77:46:7d:29:41:21:ce:26:96:c4:ac:24:6e:7f:a5:c6:
         66:ab:43:ef:4f:cd:bb:04:53:18:fe:18:99:7a:9a:9e:3c:f1:
         34:d2:6b:5f:61:aa:58:fe:00:c5:70:98:02:51:87:50:b8:f6:
         d4:cc:46:81:d9:6d:90:87:84:f6:f2:80:75:fa:3c:ef:c8:b5:
         16:da:f3:bb:05:36:b1:f9:b6:46:1f:22:49:56:17:d3:e8:71:
         6d:09:f0:b5:14:28:19:12:37:a0:a8:e8:7d:5d:e1:fa:97:8b:
         39:8c:c3:61:6e:4b:dd:9e:e8:7a:59:9c:09:ae:05:73:16:29:
         bd:9d:b1:a9:07:d3:c9:ab:75:a6:1f:44:9b:e3:08:ed:15:63:
         c7:72:6f:dc:7f:8e:f0:46:b7:29:30:60:b1:66:c0:2a:51:59:
         65:6b:f2:b6:6e:85:b0:79:4a:71:c5:8b:4a:eb:a3:f1:c0:a9:
         41:bf:67:f9:3f:a4:20:36:55:0f:33:51:06:17:5c:8b:54:0c:
         85:53:22:1f:2b:3f:57:cd:fe:3e:36:f7:f5:7e:77:f0:47:7c:
         70:e7:35:bf:8c:76:c9:2a:b1:35:22:ba:97:2d:10:5a:f2:b1:
         a1:a5:6f:a1:02:6f:2a:48:01:e3:13:36:16:0f:86:b9:33:96:
         32:28:9e:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+mmO9hMNb+fL8wQNkg3k4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTA2MTg0MzQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI1OGYxOTcxMzZiY2M4ZTVjZTA1N2M0M2U4ODBiMmNmNzBlMGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcj9VVe0L19DSAGkB4MbP/vAGA2e
n+G9tA24Y3y5sywjds9iv9GQ7eR252nL6jf7gVg+V0J89xR1T5gfFpxj12IKHzyg
HFqF56rSEuaPix2pB+1uZGgq+4SnckrrInoVwEFiGPqjGJr+0C27aSoZtsQNqyuF
9t3YgIMAuJcXPfa9y2WLrimQxqsMRn1XjbDevJM0fSnxpxr0Ty9iEpVTpEcL6sO4
bDZMfoLGEWVwimkken+mqxAnWT/aSnX7lHwqwaHCqS6MjrBqFFow11o9p6NroY1u
SE3eopdpRFE/+/LcUG8nEUFtr0/+9xCx1ANmwpVBs3nMrBao8Jw6uivSRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW1jxlxNrzI5c4FfEPogLLPcODTMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaGJXUEdYRTJ2TWpsemdWOFEtaUFzczl3NE5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmmMA0G
CSqGSIb3DQEBCwUAA4IBAQBZxHdGfSlBIc4mlsSsJG5/pcZmq0PvT827BFMY/hiZ
epqePPE00mtfYapY/gDFcJgCUYdQuPbUzEaB2W2Qh4T28oB1+jzvyLUW2vO7BTax
+bZGHyJJVhfT6HFtCfC1FCgZEjegqOh9XeH6l4s5jMNhbkvdnuh6WZwJrgVzFim9
nbGpB9PJq3WmH0Sb4wjtFWPHcm/cf47wRrcpMGCxZsAqUVlla/K2boWweUpxxYtK
66PxwKlBv2f5P6QgNlUPM1EGF1yLVAyFUyIfKz9Xzf4+Nvf1fnfwR3xw5zW/jHbJ
KrE1IrqXLRBa8rGhpW+hAm8qSAHjEzYWD4a5M5YyKJ7v
-----END CERTIFICATE-----