Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/r11KRQSXkBbcM9Gc8yhXlQs9_VU.roa
File:                     r11KRQSXkBbcM9Gc8yhXlQs9_VU.roa (raw, json)
Hash identifier:          NEyNYd+bVH/m5l/N2ekVxiB69BcxAKclO7TyhQN+T1Y=
Subject key identifier:   AF:5D:4A:45:04:97:90:16:DC:33:D1:9C:F3:28:57:95:0B:3D:FD:55
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CE775AD0127CF3519944F16DFB33E96CB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/r11KRQSXkBbcM9Gc8yhXlQs9_VU.roa
Signing time:             Fri 13 Mar 2026 13:49:34 +0000
ROA not before:           Fri 13 Mar 2026 13:49:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201269
IP address blocks:        217.60.237.0/24 maxlen: 24
                          217.60.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e7:75:ad:01:27:cf:35:19:94:4f:16:df:b3:3e:96:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 13 13:49:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af5d4a4504979016dc33d19cf32857950b3dfd55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7a:a6:9f:42:ff:c6:8a:b6:e3:2a:47:b5:6c:
                    88:77:15:f0:ea:6b:4d:fe:90:ff:ed:9f:39:13:fa:
                    3d:6d:49:f9:0d:1e:79:1b:07:e7:8a:a8:59:ac:79:
                    4b:59:b8:6a:1a:45:74:1c:bf:a4:5a:50:b4:32:63:
                    66:45:a6:cb:b2:15:1e:0b:ba:fb:a1:c0:af:32:90:
                    ab:a0:ce:52:8e:f6:ae:09:64:9e:38:10:85:c4:40:
                    be:95:08:8d:1c:86:2b:c8:ce:22:55:96:eb:58:59:
                    60:a1:d6:c4:f3:02:8b:65:1f:26:c2:fb:c1:e4:66:
                    1e:a9:5f:e8:51:b8:85:bf:34:b2:e7:1f:95:72:ba:
                    bf:fb:15:9f:77:38:44:cf:ad:09:b4:85:1e:33:55:
                    92:e7:f1:c9:5b:31:90:f1:46:54:e6:a6:a8:35:7f:
                    be:ec:3c:f5:29:49:53:bd:a9:00:93:34:38:d1:10:
                    19:a3:bc:ce:8f:9b:5e:ba:2b:f5:b4:3b:4f:88:95:
                    ff:91:7e:b7:5a:13:37:58:44:b1:bb:ec:57:7a:cd:
                    b7:ea:eb:43:ec:cd:02:84:b7:1f:be:56:44:1a:d1:
                    7d:6c:f7:83:a2:3c:c0:21:02:d6:20:b2:a2:b0:6d:
                    7a:46:24:a7:33:3d:0a:35:68:9d:d2:bd:5f:26:5a:
                    b6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:5D:4A:45:04:97:90:16:DC:33:D1:9C:F3:28:57:95:0B:3D:FD:55
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/r11KRQSXkBbcM9Gc8yhXlQs9_VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.237.0/24
                  217.60.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:1f:77:c1:08:c6:3f:60:a7:40:3f:8a:33:4e:57:b1:00:79:
         96:bd:9d:57:c8:ba:ff:16:dc:bd:bb:88:e7:ef:e0:3c:48:dd:
         34:5b:60:7c:07:ca:c0:af:aa:c1:9a:14:14:a1:8e:97:00:b0:
         de:49:0a:fb:3a:46:84:69:be:06:7f:ec:f8:70:bc:db:b0:4e:
         f6:61:2a:1a:23:40:90:53:6a:a9:4c:21:6e:b8:96:24:a5:8c:
         b7:7e:70:17:b2:fe:d5:a6:fc:41:61:a7:5d:93:53:18:da:cc:
         47:f0:80:b2:b5:7a:20:20:c1:fb:92:ea:75:18:1a:1d:91:c6:
         fa:b4:40:62:a6:f8:d1:d2:89:11:40:20:df:42:6a:a1:73:37:
         7f:5a:53:20:14:b7:b1:74:b9:15:82:b9:83:f3:60:6b:3c:7c:
         66:f6:76:cb:98:9b:61:a0:2c:14:e9:d0:47:8d:d3:f3:ba:de:
         fa:e3:29:df:aa:04:2c:c9:f0:43:7f:58:da:f1:c8:b2:f8:35:
         66:5f:43:40:88:c3:b7:3e:28:09:4b:60:9d:44:1f:98:61:d1:
         3e:8e:4a:b9:dd:08:d1:86:68:c9:32:c7:c2:6b:53:81:6d:b7:
         fc:cc:93:ec:2a:13:21:ee:f7:f7:a8:eb:4d:58:bc:6d:92:75:
         36:51:08:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZznda0BJ881GZRPFt+zPpbLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzEzMTM0OTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjVkNGE0NTA0OTc5MDE2ZGMzM2QxOWNmMzI4NTc5NTBiM2RmZDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXqmn0L/xoq24ypHtWyIdxXw6mtN
/pD/7Z85E/o9bUn5DR55GwfniqhZrHlLWbhqGkV0HL+kWlC0MmNmRabLshUeC7r7
ocCvMpCroM5SjvauCWSeOBCFxEC+lQiNHIYryM4iVZbrWFlgodbE8wKLZR8mwvvB
5GYeqV/oUbiFvzSy5x+Vcrq/+xWfdzhEz60JtIUeM1WS5/HJWzGQ8UZU5qaoNX++
7Dz1KUlTvakAkzQ40RAZo7zOj5teuiv1tDtPiJX/kX63WhM3WESxu+xXes236utD
7M0ChLcfvlZEGtF9bPeDojzAIQLWILKisG16RiSnMz0KNWid0r1fJlq2owIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK9dSkUEl5AW3DPRnPMoV5ULPf1VMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcjExS1JRU1hrQmJjTTlHYzh5aFhsUXM5X1ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2TztAwQA
2TzwMA0GCSqGSIb3DQEBCwUAA4IBAQCvH3fBCMY/YKdAP4ozTlexAHmWvZ1XyLr/
Fty9u4jn7+A8SN00W2B8B8rAr6rBmhQUoY6XALDeSQr7OkaEab4Gf+z4cLzbsE72
YSoaI0CQU2qpTCFuuJYkpYy3fnAXsv7VpvxBYaddk1MY2sxH8ICytXogIMH7kup1
GBodkcb6tEBipvjR0okRQCDfQmqhczd/WlMgFLexdLkVgrmD82BrPHxm9nbLmJth
oCwU6dBHjdPzut764ynfqgQsyfBDf1ja8ciy+DVmX0NAiMO3PigJS2CdRB+YYdE+
jkq53QjRhmjJMsfCa1OBbbf8zJPsKhMh7vf3qOtNWLxtknU2UQgi
-----END CERTIFICATE-----