Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cIAYYQ4SHvjIatcWqVEyT9zlduQ.roa
File:                     cIAYYQ4SHvjIatcWqVEyT9zlduQ.roa (raw, json)
Hash identifier:          rF1nONFt7PnMdkEr4ZwIBasmlZ9FANca9lnChrHjYv0=
Subject key identifier:   70:80:18:61:0E:12:1E:F8:C8:6A:D7:16:A9:51:32:4F:DC:E5:76:E4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E4A607E0AE224682F084B574DAF0A835E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cIAYYQ4SHvjIatcWqVEyT9zlduQ.roa
Signing time:             Thu 21 May 2026 11:51:38 +0000
ROA not before:           Thu 21 May 2026 11:51:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49608
IP address blocks:        31.58.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:60:7e:0a:e2:24:68:2f:08:4b:57:4d:af:0a:83:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 21 11:51:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=708018610e121ef8c86ad716a951324fdce576e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9d:9a:cd:40:83:b4:29:85:bd:9c:ae:f2:60:
                    fb:f0:6c:4a:1e:13:f6:1c:d4:1a:53:83:b9:30:73:
                    17:47:6d:f8:09:31:b6:e7:99:ba:84:9f:39:8e:d0:
                    94:ad:af:e9:95:8e:04:9d:c7:b2:1a:ae:a8:33:fb:
                    0d:45:2a:d8:e0:a9:7f:3e:cb:a0:d4:1e:a1:9f:15:
                    e6:3d:6b:c4:45:81:8b:74:5a:44:42:48:58:e2:87:
                    71:bb:f7:9e:aa:2c:07:9b:67:43:57:1a:f0:7b:f6:
                    da:53:3f:01:35:f2:6c:0c:fe:25:09:73:13:73:d4:
                    e8:35:31:45:1b:42:2b:5d:3e:73:7c:0c:5f:80:8a:
                    20:5e:d8:1d:14:fa:e1:e9:26:c4:f5:ae:64:b4:ee:
                    65:56:9a:66:66:5e:ec:4b:d8:35:17:a4:cc:94:bf:
                    6b:7d:1e:67:bc:6a:22:b3:0a:e9:55:21:31:97:95:
                    78:06:bd:cd:fd:44:37:d1:71:62:20:a0:4e:ec:3f:
                    15:e8:3b:7f:96:46:ae:a3:4f:4f:68:02:d5:db:d3:
                    f0:0a:2d:f8:14:fa:7a:0c:ee:0d:80:47:89:53:de:
                    30:82:62:0c:23:28:c2:cf:33:c0:09:06:ef:68:9d:
                    f1:42:10:a9:20:1b:c3:27:18:4a:75:ea:84:bc:06:
                    10:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:80:18:61:0E:12:1E:F8:C8:6A:D7:16:A9:51:32:4F:DC:E5:76:E4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cIAYYQ4SHvjIatcWqVEyT9zlduQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f6:37:6b:7b:45:ad:11:03:3d:eb:b7:1b:fa:d5:0a:47:1e:
         76:1a:29:dc:21:01:3e:c1:d5:f9:09:0c:20:62:75:f3:24:eb:
         ec:a3:48:b4:b2:69:1b:f8:48:20:42:40:ac:9c:df:e7:4d:22:
         c5:34:46:53:5f:80:15:f1:00:03:57:9a:bc:b3:67:74:0f:69:
         11:71:87:b3:6e:97:24:63:6f:1e:9b:b2:3e:93:02:25:8d:9f:
         de:7d:95:22:eb:f9:0c:e3:1c:7f:22:26:8d:4d:92:11:59:c0:
         3b:ef:f0:96:d8:f1:8c:1b:a2:29:a5:2d:66:1b:d6:24:f2:19:
         d8:98:9e:f0:a8:52:b8:a9:0e:4d:5f:a2:b8:14:53:dc:69:51:
         f0:57:14:25:71:f6:00:32:b8:09:2b:90:17:30:e1:06:db:b4:
         8c:68:27:1b:0c:cc:02:33:f1:c6:d3:6c:bc:f8:f0:c5:4e:3c:
         7f:00:d5:46:ba:3e:db:43:5b:1d:ff:49:c5:89:1d:5c:c6:8b:
         9d:93:16:7a:d9:01:52:66:d0:0d:cd:97:18:5b:ae:a3:67:ca:
         7b:f6:dc:79:f9:cf:00:0a:22:a4:fb:5f:4b:c6:55:6f:15:1f:
         5c:cc:4b:05:c5:e2:db:34:36:ef:12:11:43:8e:e7:91:37:78:
         84:c1:a1:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5KYH4K4iRoLwhLV02vCoNeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTIxMTE1MTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDgwMTg2MTBlMTIxZWY4Yzg2YWQ3MTZhOTUxMzI0ZmRjZTU3NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlp2azUCDtCmFvZyu8mD78GxKHhP2
HNQaU4O5MHMXR234CTG255m6hJ85jtCUra/plY4EnceyGq6oM/sNRSrY4Kl/Psug
1B6hnxXmPWvERYGLdFpEQkhY4odxu/eeqiwHm2dDVxrwe/baUz8BNfJsDP4lCXMT
c9ToNTFFG0IrXT5zfAxfgIogXtgdFPrh6SbE9a5ktO5lVppmZl7sS9g1F6TMlL9r
fR5nvGoiswrpVSExl5V4Br3N/UQ30XFiIKBO7D8V6Dt/lkauo09PaALV29PwCi34
FPp6DO4NgEeJU94wgmIMIyjCzzPACQbvaJ3xQhCpIBvDJxhKdeqEvAYQjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCAGGEOEh74yGrXFqlRMk/c5XbkMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY0lBWVlRNFNIdmpJYXRjV3FWRXlUOXpsZHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqCMA0G
CSqGSIb3DQEBCwUAA4IBAQAK9jdre0WtEQM967cb+tUKRx52GincIQE+wdX5CQwg
YnXzJOvso0i0smkb+EggQkCsnN/nTSLFNEZTX4AV8QADV5q8s2d0D2kRcYezbpck
Y28em7I+kwIljZ/efZUi6/kM4xx/IiaNTZIRWcA77/CW2PGMG6IppS1mG9Yk8hnY
mJ7wqFK4qQ5NX6K4FFPcaVHwVxQlcfYAMrgJK5AXMOEG27SMaCcbDMwCM/HG02y8
+PDFTjx/ANVGuj7bQ1sd/0nFiR1cxoudkxZ62QFSZtANzZcYW66jZ8p79tx5+c8A
CiKk+19LxlVvFR9czEsFxeLbNDbvEhFDjueRN3iEwaG9
-----END CERTIFICATE-----