Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-9uhiAMRGjsCt5A9hVzL70OP-4w.roa
File:                     1-9uhiAMRGjsCt5A9hVzL70OP-4w.roa (raw, json)
Hash identifier:          Gh+m4FNk4IxFvE127YYFkHgvDefQ+aLUtsXU5BhGH9Y=
Subject key identifier:   FB:DB:A1:88:03:11:1A:3B:02:B7:90:3D:85:5C:CB:EF:43:8F:FB:8C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019CE264079E53A3BBD64CB59355F50CFAC6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-9uhiAMRGjsCt5A9hVzL70OP-4w.roa
Signing time:             Thu 12 Mar 2026 14:12:12 +0000
ROA not before:           Thu 12 Mar 2026 14:12:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212591
IP address blocks:        31.13.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 14:12:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:64:07:9e:53:a3:bb:d6:4c:b5:93:55:f5:0c:fa:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 12 14:12:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fbdba18803111a3b02b7903d855ccbef438ffb8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c7:ca:ef:5e:1d:00:d2:ff:47:56:80:d0:88:
                    6c:c7:76:a1:18:4e:1d:83:4b:96:59:e9:a8:69:1b:
                    3e:72:8e:4b:7d:f1:8b:30:ad:b0:e0:43:32:3c:9f:
                    56:fc:5b:c5:04:99:30:04:94:23:1e:bf:bc:1f:c2:
                    1f:d6:16:22:5f:5d:d1:9b:5f:65:85:2e:c0:69:d6:
                    d4:c9:6e:b5:cf:f3:a7:03:f8:2f:d9:c4:b2:59:b3:
                    09:0c:e6:d8:7b:a2:8e:cd:bf:89:c3:1b:f6:14:9e:
                    05:f2:9a:1a:ad:2f:64:cc:6a:71:a6:00:f9:1a:35:
                    57:c6:dd:7c:db:a0:f9:b7:ec:1d:d1:37:83:72:22:
                    d7:4d:65:b3:46:66:73:e5:8e:69:8f:78:23:bd:d0:
                    84:30:33:4f:c1:97:a6:3d:3d:d3:13:65:2d:51:3d:
                    ee:18:0d:90:e9:74:53:f2:87:9c:93:09:9c:e8:07:
                    4d:a7:bb:27:4d:95:2b:0c:84:5e:ed:84:98:58:c3:
                    c9:d7:3a:39:6e:bf:fa:49:cc:f0:a2:8b:ad:09:80:
                    fd:b7:08:1d:11:7d:37:5c:84:e4:3d:ff:2c:8c:42:
                    7e:2b:b0:ed:53:98:40:51:bb:6a:6d:cc:5e:a1:04:
                    b6:05:89:ce:e2:a0:27:93:85:50:fc:09:b5:98:b3:
                    22:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:DB:A1:88:03:11:1A:3B:02:B7:90:3D:85:5C:CB:EF:43:8F:FB:8C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-9uhiAMRGjsCt5A9hVzL70OP-4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:75:00:d8:47:19:b0:c5:15:31:d3:e3:f7:c4:ff:c3:d5:db:
         b1:9a:b2:6f:fe:c6:32:19:61:76:9d:91:f3:e3:0d:68:52:9e:
         64:c7:e5:f5:40:40:3d:81:19:0e:ae:a9:1e:f0:d1:93:30:3a:
         b6:99:85:3d:c1:13:33:b0:84:05:59:22:16:66:a7:16:68:56:
         de:b7:5d:20:e7:b9:84:d0:15:81:67:88:11:cb:59:e1:25:29:
         8c:7d:2a:f3:21:d0:d4:83:6b:45:9c:2b:9c:6d:04:0d:ab:05:
         9c:46:73:a1:8d:ec:55:19:f7:6d:ba:fe:f4:aa:ad:b1:2c:db:
         05:4b:25:8e:db:b4:a5:f0:0c:35:0c:15:ab:32:aa:71:b2:98:
         11:8c:03:51:b3:15:18:a8:04:61:75:dc:78:f5:0c:1a:b1:4f:
         df:77:bf:bd:e0:56:5a:7d:d6:db:e9:82:5c:9e:53:45:56:41:
         f4:c4:43:58:dd:46:26:3e:d4:06:47:87:cb:67:c8:61:dd:20:
         b9:d7:6e:bb:cf:a8:fb:7f:f9:d1:ff:0c:38:89:96:a1:7e:d8:
         49:05:fe:d1:ed:98:09:61:f1:81:92:56:88:86:7f:28:ef:a3:
         42:8b:f5:70:a3:95:02:83:1e:81:ec:fc:b2:99:33:4d:0d:ab:
         60:72:41:bb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZziZAeeU6O71ky1k1X1DPrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzEyMTQxMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmRiYTE4ODAzMTExYTNiMDJiNzkwM2Q4NTVjY2JlZjQzOGZmYjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMfK714dANL/R1aA0Ihsx3ahGE4d
g0uWWemoaRs+co5LffGLMK2w4EMyPJ9W/FvFBJkwBJQjHr+8H8If1hYiX13Rm19l
hS7AadbUyW61z/OnA/gv2cSyWbMJDObYe6KOzb+Jwxv2FJ4F8poarS9kzGpxpgD5
GjVXxt1826D5t+wd0TeDciLXTWWzRmZz5Y5pj3gjvdCEMDNPwZemPT3TE2UtUT3u
GA2Q6XRT8oeckwmc6AdNp7snTZUrDIRe7YSYWMPJ1zo5br/6SczwooutCYD9twgd
EX03XITkPf8sjEJ+K7DtU5hAUbtqbcxeoQS2BYnO4qAnk4VQ/Am1mLMiMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvboYgDERo7AreQPYVcy+9Dj/uMMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMS05dWhpQU1SR2pzQ3Q1QTloVnpMNzBPUC00dy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcx
Mi8xL0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8N4TAN
BgkqhkiG9w0BAQsFAAOCAQEAjXUA2EcZsMUVMdPj98T/w9XbsZqyb/7GMhlhdp2R
8+MNaFKeZMfl9UBAPYEZDq6pHvDRkzA6tpmFPcETM7CEBVkiFmanFmhW3rddIOe5
hNAVgWeIEctZ4SUpjH0q8yHQ1INrRZwrnG0EDasFnEZzoY3sVRn3bbr+9KqtsSzb
BUsljtu0pfAMNQwVqzKqcbKYEYwDUbMVGKgEYXXcePUMGrFP33e/veBWWn3W2+mC
XJ5TRVZB9MRDWN1GJj7UBkeHy2fIYd0gudduu8+o+3/50f8MOImWoX7YSQX+0e2Y
CWHxgZJWiIZ/KO+jQov1cKOVAoMegez8spkzTQ2rYHJBuw==
-----END CERTIFICATE-----