Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FFRnAjRae4CkP9NHVqcOSmZGw_Y.roa
File:                     FFRnAjRae4CkP9NHVqcOSmZGw_Y.roa (raw, json)
Hash identifier:          wXcW7lltDlBKyNmjurP3ATRUEzEY8kTs5xu5nF8HF1w=
Subject key identifier:   14:54:67:02:34:5A:7B:80:A4:3F:D3:47:56:A7:0E:4A:66:46:C3:F6
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C1341E55BB8FDDDFC2144B1937B42BE32
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FFRnAjRae4CkP9NHVqcOSmZGw_Y.roa
Signing time:             Sat 31 Jan 2026 08:53:31 +0000
ROA not before:           Sat 31 Jan 2026 08:53:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135353
IP address blocks:        31.59.36.0/24 maxlen: 24
                          31.59.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 19:57:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:13:41:e5:5b:b8:fd:dd:fc:21:44:b1:93:7b:42:be:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 31 08:53:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14546702345a7b80a43fd34756a70e4a6646c3f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b4:1f:2c:c7:e9:b9:e5:e0:e8:02:c5:81:2e:
                    58:60:86:88:3d:62:c0:3f:5b:00:6b:62:34:1c:c9:
                    aa:53:10:49:ea:75:a3:ca:ef:01:75:28:84:43:65:
                    3b:1c:f6:29:52:7f:ae:78:6f:66:85:67:03:9e:35:
                    49:27:23:ce:ab:08:36:fb:1c:30:19:fc:4e:98:93:
                    b1:19:f3:71:3c:38:78:a4:66:b6:3a:59:51:8f:99:
                    33:01:9e:34:4b:6d:b1:71:17:de:a1:ad:77:77:3f:
                    21:c9:34:a0:1a:1f:0e:f0:08:aa:2d:f9:19:3d:0c:
                    a5:4d:8b:5a:de:52:58:0e:08:28:2b:d0:47:cc:8a:
                    07:25:9f:0e:22:6f:44:12:40:3f:17:b2:e8:d7:23:
                    a2:80:d1:dc:90:b8:04:c9:0b:3b:95:0c:5b:9e:e7:
                    29:e5:f2:1a:d4:ec:a6:c1:0c:92:95:a9:4f:cb:84:
                    58:c8:be:90:08:b0:b3:7d:0b:9b:6f:30:00:0e:0f:
                    ab:98:2e:81:b1:c2:5f:ad:4e:be:88:cd:0f:02:fd:
                    37:0d:ae:5b:83:82:f1:51:5e:da:6d:25:e0:3e:2b:
                    cb:70:53:2f:25:02:05:a8:91:c8:b6:c9:7d:53:f1:
                    cc:91:2e:66:88:b0:2e:0e:dd:95:ba:53:e4:4a:7a:
                    ee:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:54:67:02:34:5A:7B:80:A4:3F:D3:47:56:A7:0E:4A:66:46:C3:F6
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FFRnAjRae4CkP9NHVqcOSmZGw_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:1d:e1:75:77:5d:d0:e8:45:ac:bd:6f:2c:5f:99:df:ee:c1:
         05:a8:fe:43:84:06:11:f6:54:36:42:69:64:da:f2:61:c3:0e:
         a9:72:be:01:c3:3c:3a:83:4e:de:38:96:9a:f5:a8:92:17:b7:
         43:20:b7:d3:57:e6:e4:12:ad:5f:ec:63:78:16:bf:a2:b2:e3:
         49:70:48:6b:9d:9f:3c:70:53:9d:5d:38:02:c9:bf:03:24:83:
         de:cf:42:6c:d6:96:17:a3:d4:3c:77:1c:10:a5:20:13:a3:2b:
         2f:24:71:aa:8a:8b:4c:55:66:69:88:7a:26:c7:f9:12:47:41:
         fb:0e:e4:51:27:b1:65:2e:1b:7d:f7:6a:67:11:58:88:eb:de:
         a2:4d:cd:9c:d7:e1:a6:df:3e:d1:de:cd:78:71:eb:d1:cf:43:
         6e:72:79:be:ae:ca:20:40:71:59:a2:9b:df:53:d0:2d:c8:55:
         f9:27:f0:28:07:23:b6:9a:66:5c:05:b4:fa:0f:53:98:c4:8c:
         df:ac:bd:df:b7:1a:c1:87:6f:f6:08:dc:21:bf:e8:a4:d7:73:
         ce:35:68:17:13:3e:d5:53:34:43:ef:5c:f2:f2:8f:3b:f1:11:
         dd:05:b2:c2:a7:1d:51:76:10:67:01:65:f0:db:d7:71:0d:5d:
         fe:97:53:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwTQeVbuP3d/CFEsZN7Qr4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTMxMDg1MzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDU0NjcwMjM0NWE3YjgwYTQzZmQzNDc1NmE3MGU0YTY2NDZjM2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LQfLMfpueXg6ALFgS5YYIaIPWLA
P1sAa2I0HMmqUxBJ6nWjyu8BdSiEQ2U7HPYpUn+ueG9mhWcDnjVJJyPOqwg2+xww
GfxOmJOxGfNxPDh4pGa2OllRj5kzAZ40S22xcRfeoa13dz8hyTSgGh8O8AiqLfkZ
PQylTYta3lJYDggoK9BHzIoHJZ8OIm9EEkA/F7Lo1yOigNHckLgEyQs7lQxbnucp
5fIa1OymwQySlalPy4RYyL6QCLCzfQubbzAADg+rmC6BscJfrU6+iM0PAv03Da5b
g4LxUV7abSXgPivLcFMvJQIFqJHItsl9U/HMkS5miLAuDt2VulPkSnruzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRUZwI0WnuApD/TR1anDkpmRsP2MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRkZSbkFqUmFlNENrUDlOSFZxY09TbVpHd19ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzskMA0G
CSqGSIb3DQEBCwUAA4IBAQBKHeF1d13Q6EWsvW8sX5nf7sEFqP5DhAYR9lQ2Qmlk
2vJhww6pcr4Bwzw6g07eOJaa9aiSF7dDILfTV+bkEq1f7GN4Fr+isuNJcEhrnZ88
cFOdXTgCyb8DJIPez0Js1pYXo9Q8dxwQpSAToysvJHGqiotMVWZpiHomx/kSR0H7
DuRRJ7FlLht992pnEViI696iTc2c1+Gm3z7R3s14cevRz0Nucnm+rsogQHFZopvf
U9AtyFX5J/AoByO2mmZcBbT6D1OYxIzfrL3ftxrBh2/2CNwhv+ik13PONWgXEz7V
UzRD71zy8o878RHdBbLCpx1RdhBnAWXw29dxDV3+l1Mw
-----END CERTIFICATE-----