Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Z5xiCmTJhEIzwg4a2mmU4ajSRz8.roa
File:                     Z5xiCmTJhEIzwg4a2mmU4ajSRz8.roa (raw, json)
Hash identifier:          2pxE+sXUAVepMTNFYOiJ2jAyEIp9qLADuA2MKg4zPqs=
Subject key identifier:   67:9C:62:0A:64:C9:84:42:33:C2:0E:1A:DA:69:94:E1:A8:D2:47:3F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D54A49D3341BF2361BD218C75217759E2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Z5xiCmTJhEIzwg4a2mmU4ajSRz8.roa
Signing time:             Fri 03 Apr 2026 18:39:27 +0000
ROA not before:           Fri 03 Apr 2026 18:39:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402257
IP address blocks:        31.57.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Apr 2026 08:49:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:a4:9d:33:41:bf:23:61:bd:21:8c:75:21:77:59:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  3 18:39:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=679c620a64c9844233c20e1ada6994e1a8d2473f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:13:55:4c:ed:21:84:15:f6:63:e2:49:34:a8:
                    f3:6a:1a:87:db:fe:b5:62:b4:6d:46:16:48:8d:dd:
                    48:55:50:de:b9:03:67:ab:3e:4b:05:96:e0:00:8c:
                    f8:48:a4:a0:d0:75:ed:38:1c:36:0d:cb:84:2b:6b:
                    93:bc:b7:7f:1d:ff:99:d8:70:c9:69:c9:c9:68:52:
                    58:6d:08:5b:c5:7d:5f:e4:ae:9a:f9:d3:28:19:ea:
                    e9:42:e9:28:8d:5b:3e:8c:09:a9:c8:85:36:21:7f:
                    ae:ef:3e:8d:50:85:97:39:2e:af:c2:02:d5:fc:00:
                    b1:cc:4c:05:ad:9f:47:7b:7b:b3:3f:03:d9:b5:de:
                    7c:48:36:77:aa:96:de:30:58:a6:28:f6:9b:01:8a:
                    e1:b9:8f:a2:71:31:1e:52:b9:0c:54:6b:91:b3:46:
                    8f:07:3a:e3:e2:50:af:bd:2f:5f:36:b6:93:7e:33:
                    aa:ee:7a:e3:6d:15:a6:46:7f:d4:ab:63:d0:79:a1:
                    f2:15:55:69:0f:a9:25:59:52:61:65:02:7a:f2:7d:
                    07:02:0e:29:e7:37:52:75:61:0d:c3:41:4a:8d:2c:
                    55:cd:9f:4b:f2:30:ae:bc:d8:bb:d9:05:da:64:db:
                    c5:1f:77:60:0b:02:9d:26:58:1b:8b:c5:7c:94:c1:
                    e1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:9C:62:0A:64:C9:84:42:33:C2:0E:1A:DA:69:94:E1:A8:D2:47:3F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Z5xiCmTJhEIzwg4a2mmU4ajSRz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:66:7f:95:44:ed:74:d2:09:0a:4f:73:de:c4:69:58:ad:e5:
         3a:c4:ad:30:a6:c5:98:00:ee:c8:93:d2:1d:1f:e1:b6:e2:fe:
         82:2e:c3:fa:02:7a:c3:6b:15:9f:7a:d9:36:a3:a4:e6:46:2c:
         c6:3d:24:76:78:b6:76:40:3c:c1:b5:65:4a:bd:4e:e2:1e:19:
         42:80:f4:86:cf:86:8c:22:94:b2:35:4b:39:ed:c4:48:c7:1e:
         21:eb:a6:0c:4d:de:b2:5a:31:4f:d1:4d:30:b0:88:65:a6:8f:
         bd:2c:10:b6:1e:a4:1b:e5:e1:e2:36:c7:49:1b:80:8b:be:2f:
         68:c9:4d:92:da:14:a6:00:2e:c2:e7:79:78:62:5a:81:a6:dd:
         07:a7:25:53:93:5f:96:13:6c:a4:2c:a7:b4:ba:7a:b3:34:51:
         f7:86:67:1f:f2:af:fc:7e:8e:15:82:a0:73:75:eb:8f:51:86:
         05:65:35:b7:b3:3a:73:0a:b0:cf:69:4a:37:7e:2f:76:21:5f:
         76:98:3d:f7:82:e1:03:84:61:8d:bd:98:40:7c:19:87:90:82:
         32:e9:f9:41:fe:e2:c5:61:8b:0f:43:04:b6:ff:83:f2:36:57:
         6e:e2:23:b9:32:b1:2c:48:0e:ce:b2:f3:4b:27:8d:9e:fa:e4:
         14:b7:80:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1UpJ0zQb8jYb0hjHUhd1niMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDAzMTgzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzljNjIwYTY0Yzk4NDQyMzNjMjBlMWFkYTY5OTRlMWE4ZDI0NzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRNVTO0hhBX2Y+JJNKjzahqH2/61
YrRtRhZIjd1IVVDeuQNnqz5LBZbgAIz4SKSg0HXtOBw2DcuEK2uTvLd/Hf+Z2HDJ
acnJaFJYbQhbxX1f5K6a+dMoGerpQukojVs+jAmpyIU2IX+u7z6NUIWXOS6vwgLV
/ACxzEwFrZ9He3uzPwPZtd58SDZ3qpbeMFimKPabAYrhuY+icTEeUrkMVGuRs0aP
Bzrj4lCvvS9fNraTfjOq7nrjbRWmRn/Uq2PQeaHyFVVpD6klWVJhZQJ68n0HAg4p
5zdSdWENw0FKjSxVzZ9L8jCuvNi72QXaZNvFH3dgCwKdJlgbi8V8lMHhuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGecYgpkyYRCM8IOGtpplOGo0kc/MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWjV4aUNtVEpoRUl6d2c0YTJtbVU0YWpTUno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznuMA0G
CSqGSIb3DQEBCwUAA4IBAQBEZn+VRO100gkKT3PexGlYreU6xK0wpsWYAO7Ik9Id
H+G24v6CLsP6AnrDaxWfetk2o6TmRizGPSR2eLZ2QDzBtWVKvU7iHhlCgPSGz4aM
IpSyNUs57cRIxx4h66YMTd6yWjFP0U0wsIhlpo+9LBC2HqQb5eHiNsdJG4CLvi9o
yU2S2hSmAC7C53l4YlqBpt0HpyVTk1+WE2ykLKe0unqzNFH3hmcf8q/8fo4VgqBz
deuPUYYFZTW3szpzCrDPaUo3fi92IV92mD33guEDhGGNvZhAfBmHkIIy6flB/uLF
YYsPQwS2/4PyNldu4iO5MrEsSA7OsvNLJ42e+uQUt4CI
-----END CERTIFICATE-----