Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Z1iEoLEvFpJgPg2S-sP5L4-Er6A.roa
File:                     Z1iEoLEvFpJgPg2S-sP5L4-Er6A.roa (raw, json)
Hash identifier:          k8QC9LBG4KspQSmx4ChiI4FMBMd9MVBdqJ9yJY3B0cw=
Subject key identifier:   67:58:84:A0:B1:2F:16:92:60:3E:0D:92:FA:C3:F9:2F:8F:84:AF:A0
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E4BEEBE94F004DD638A4C519E133252D6
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Z1iEoLEvFpJgPg2S-sP5L4-Er6A.roa
Signing time:             Thu 21 May 2026 19:06:37 +0000
ROA not before:           Thu 21 May 2026 19:06:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215659
IP address blocks:        31.57.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:ee:be:94:f0:04:dd:63:8a:4c:51:9e:13:32:52:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 21 19:06:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=675884a0b12f1692603e0d92fac3f92f8f84afa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:2e:24:4b:d8:e5:32:53:80:01:4d:9c:a0:25:
                    bd:41:cf:e2:dc:0a:ed:8f:a1:da:35:7b:b8:02:7a:
                    97:ba:60:51:64:7e:66:bf:b6:84:f9:50:e9:55:4c:
                    5e:d8:41:71:c6:5c:d6:54:5d:6e:15:dc:04:ea:c1:
                    d1:3d:e1:e2:e8:0e:2c:6e:e2:78:05:25:21:5d:58:
                    ea:cb:d9:8e:39:36:27:90:00:81:1b:1a:65:54:69:
                    0a:65:15:12:7d:99:35:d7:b6:86:3d:2f:3e:42:4f:
                    55:98:80:9c:c9:45:19:56:68:2b:80:0b:33:eb:ca:
                    73:46:71:8f:63:60:12:29:59:c4:9f:b8:91:69:3b:
                    71:69:d3:3f:71:0c:ba:02:29:d3:d7:f6:22:04:13:
                    f1:49:b6:59:b6:ce:47:7a:97:42:6b:ad:ca:fc:82:
                    ed:a1:67:40:f2:e1:b3:9e:a3:f6:1d:05:7b:dc:49:
                    27:bf:4b:45:94:49:80:e2:a0:9c:68:ea:07:f9:d0:
                    df:66:35:9f:e2:28:30:89:24:7d:fd:a6:d2:c3:bd:
                    31:08:f3:67:19:c6:62:ff:73:2b:22:51:0b:87:c7:
                    c4:0d:8f:25:fe:0d:35:d9:7f:cf:60:86:c3:a5:1f:
                    6e:96:2e:5c:c3:25:6f:a9:49:31:87:56:f1:19:90:
                    f8:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:58:84:A0:B1:2F:16:92:60:3E:0D:92:FA:C3:F9:2F:8F:84:AF:A0
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Z1iEoLEvFpJgPg2S-sP5L4-Er6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:94:c9:11:ab:d2:1a:a7:54:4f:36:c3:3b:d2:11:41:40:f5:
         e8:de:f2:5c:c5:aa:b1:8b:20:2b:3f:e5:f1:b9:10:a0:c6:87:
         70:32:d0:d1:38:0f:04:1c:f3:54:a5:58:54:19:9a:ea:2d:26:
         67:e0:45:11:74:4a:50:c2:74:e7:ac:68:97:05:4b:fb:59:cc:
         50:26:bc:fc:2a:b1:f2:c5:7e:bd:f8:f6:fa:f9:34:9e:55:d8:
         a2:e9:45:6b:62:58:e4:e9:f1:ad:03:ba:08:a5:2d:0f:ee:c4:
         e7:78:f8:47:37:0a:8a:0e:33:31:5d:a7:ab:29:28:4a:1d:b6:
         bd:7b:3e:60:80:90:1e:aa:ef:84:02:21:60:2a:75:0f:92:f5:
         00:58:29:ad:f7:e9:2f:b4:45:24:ef:0c:bc:9c:39:58:21:19:
         73:99:50:e7:b8:ec:3e:3e:9e:2b:86:0d:4e:45:7f:7b:e1:79:
         7a:b0:14:e6:95:3e:ca:c6:92:e6:12:2f:10:16:09:68:6b:22:
         cf:79:15:be:24:94:81:d6:f1:3f:0d:96:b2:9e:c3:aa:c9:66:
         8a:c0:f2:c5:af:10:44:56:c0:30:47:72:ea:a9:91:af:f7:8d:
         af:4f:dd:c7:63:d6:03:c9:18:90:ba:9a:e5:4b:c4:19:a1:f2:
         c9:ee:91:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5L7r6U8ATdY4pMUZ4TMlLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTIxMTkwNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzU4ODRhMGIxMmYxNjkyNjAzZTBkOTJmYWMzZjkyZjhmODRhZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3i4kS9jlMlOAAU2coCW9Qc/i3Art
j6HaNXu4AnqXumBRZH5mv7aE+VDpVUxe2EFxxlzWVF1uFdwE6sHRPeHi6A4sbuJ4
BSUhXVjqy9mOOTYnkACBGxplVGkKZRUSfZk117aGPS8+Qk9VmICcyUUZVmgrgAsz
68pzRnGPY2ASKVnEn7iRaTtxadM/cQy6AinT1/YiBBPxSbZZts5HepdCa63K/ILt
oWdA8uGznqP2HQV73Eknv0tFlEmA4qCcaOoH+dDfZjWf4igwiSR9/abSw70xCPNn
GcZi/3MrIlELh8fEDY8l/g012X/PYIbDpR9uli5cwyVvqUkxh1bxGZD4RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdYhKCxLxaSYD4NkvrD+S+PhK+gMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWjFpRW9MRXZGcEpnUGcyUy1zUDVMNC1FcjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmBMA0G
CSqGSIb3DQEBCwUAA4IBAQA/lMkRq9Iap1RPNsM70hFBQPXo3vJcxaqxiyArP+Xx
uRCgxodwMtDROA8EHPNUpVhUGZrqLSZn4EURdEpQwnTnrGiXBUv7WcxQJrz8KrHy
xX69+Pb6+TSeVdii6UVrYljk6fGtA7oIpS0P7sTnePhHNwqKDjMxXaerKShKHba9
ez5ggJAequ+EAiFgKnUPkvUAWCmt9+kvtEUk7wy8nDlYIRlzmVDnuOw+Pp4rhg1O
RX974Xl6sBTmlT7KxpLmEi8QFgloayLPeRW+JJSB1vE/DZaynsOqyWaKwPLFrxBE
VsAwR3LqqZGv942vT93HY9YDyRiQuprlS8QZofLJ7pE6
-----END CERTIFICATE-----