Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cQblpQvLx39pSJjItbJxXmWgNs8.roa
File:                     cQblpQvLx39pSJjItbJxXmWgNs8.roa (raw, json)
Hash identifier:          4jIABJlzsbQmtkNM3q3G8NtNWwfzohn0hokgmjfrNAU=
Subject key identifier:   71:06:E5:A5:0B:CB:C7:7F:69:48:98:C8:B5:B2:71:5E:65:A0:36:CF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D54A586189F238410EB27B4686B36C384
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cQblpQvLx39pSJjItbJxXmWgNs8.roa
Signing time:             Fri 03 Apr 2026 18:40:27 +0000
ROA not before:           Fri 03 Apr 2026 18:40:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        31.57.140.0/24 maxlen: 24
                          94.183.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 03:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:a5:86:18:9f:23:84:10:eb:27:b4:68:6b:36:c3:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  3 18:40:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7106e5a50bcbc77f694898c8b5b2715e65a036cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e7:42:e2:a0:f7:43:b5:7b:cf:45:04:33:2c:
                    0f:52:af:e3:33:b4:e0:58:cb:ec:fe:23:19:be:f5:
                    c7:53:62:47:be:4c:40:79:58:ae:48:41:ab:7c:ac:
                    a5:da:3c:ff:28:a7:51:e0:78:76:88:e6:c9:fb:e4:
                    1a:fc:33:fd:52:2c:2b:cf:12:5a:bf:7d:bb:9a:38:
                    aa:73:91:99:cf:84:a7:1b:26:07:74:c6:be:44:84:
                    00:76:2d:d0:6a:d1:fd:d9:a2:6f:2a:de:e1:01:29:
                    68:28:e4:5b:f6:c9:64:ea:13:c6:22:c8:c0:80:12:
                    8f:bf:e7:c7:85:34:42:db:bc:5d:90:b2:1d:0e:3a:
                    42:f2:06:f9:01:ed:ac:13:7e:5c:5e:99:97:ec:57:
                    44:4a:05:a2:5a:98:4f:32:a8:d5:99:53:34:ba:73:
                    c1:78:b8:e6:8a:c2:00:2d:77:a4:00:dd:35:58:d5:
                    bf:7f:d3:1b:e3:ce:d5:a7:48:a1:aa:7d:83:02:2c:
                    5b:4a:b1:ea:f2:af:e1:1e:7f:5c:ea:d6:40:a6:b0:
                    5f:d3:94:4a:fe:de:8f:c2:30:45:34:47:d8:96:bb:
                    e6:cd:ba:5e:86:1f:94:37:30:be:71:8b:64:93:e0:
                    1e:80:58:9e:f2:09:37:8d:2a:55:51:1b:01:20:00:
                    5e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:06:E5:A5:0B:CB:C7:7F:69:48:98:C8:B5:B2:71:5E:65:A0:36:CF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cQblpQvLx39pSJjItbJxXmWgNs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.140.0/24
                  94.183.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:e9:79:1b:7a:7c:e0:69:19:2d:66:13:4c:91:a6:bc:f8:e9:
         cf:50:95:ea:7d:3f:d1:d3:c8:04:73:9d:67:f5:1f:9c:5d:78:
         cc:f3:3f:fd:69:f7:c6:0a:22:02:4a:b8:73:3c:59:be:92:d1:
         e7:a3:d2:26:12:8f:c4:b9:e7:6f:23:26:a0:d6:75:92:0a:d3:
         dd:ac:26:d7:59:b2:16:36:15:c2:99:8c:79:42:2f:8c:c4:91:
         6f:03:33:f9:24:80:f7:54:d3:ce:b3:fc:7b:53:a7:34:a0:11:
         ab:60:46:13:6c:39:e1:2a:c1:0b:cd:cb:59:7e:7b:e6:1a:3a:
         f8:b6:b5:fd:be:af:20:24:7b:9f:24:6d:69:1c:e2:ce:b7:7e:
         70:eb:08:9d:43:98:c6:ef:47:db:ef:6f:31:36:81:fe:c6:1f:
         04:33:bf:77:a6:53:a4:6a:4f:bd:9f:d1:a0:1d:6b:e7:ee:c9:
         64:9c:41:d9:65:2c:be:3b:4a:a4:56:a4:6a:ec:ec:43:b2:94:
         e6:ec:10:43:0c:2e:df:bc:e8:b2:4a:94:5b:9a:b9:65:a7:27:
         3c:db:6c:08:47:3e:2b:5f:7a:d4:fe:45:e6:fc:80:4f:b4:52:
         55:7e:d4:5a:63:97:dd:69:6f:4d:f3:07:43:29:61:23:db:8f:
         7a:f5:22:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1UpYYYnyOEEOsntGhrNsOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDAzMTg0MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTA2ZTVhNTBiY2JjNzdmNjk0ODk4YzhiNWIyNzE1ZTY1YTAzNmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArudC4qD3Q7V7z0UEMywPUq/jM7Tg
WMvs/iMZvvXHU2JHvkxAeViuSEGrfKyl2jz/KKdR4Hh2iObJ++Qa/DP9UiwrzxJa
v327mjiqc5GZz4SnGyYHdMa+RIQAdi3QatH92aJvKt7hASloKORb9slk6hPGIsjA
gBKPv+fHhTRC27xdkLIdDjpC8gb5Ae2sE35cXpmX7FdESgWiWphPMqjVmVM0unPB
eLjmisIALXekAN01WNW/f9Mb487Vp0ihqn2DAixbSrHq8q/hHn9c6tZAprBf05RK
/t6PwjBFNEfYlrvmzbpehh+UNzC+cYtkk+AegFie8gk3jSpVURsBIABeHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHEG5aULy8d/aUiYyLWycV5loDbPMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY1FibHBRdkx4MzlwU0pqSXRiSnhYbVdnTnM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmMAwQA
XreuMA0GCSqGSIb3DQEBCwUAA4IBAQAc6XkbenzgaRktZhNMkaa8+OnPUJXqfT/R
08gEc51n9R+cXXjM8z/9affGCiICSrhzPFm+ktHno9ImEo/EuedvIyag1nWSCtPd
rCbXWbIWNhXCmYx5Qi+MxJFvAzP5JID3VNPOs/x7U6c0oBGrYEYTbDnhKsELzctZ
fnvmGjr4trX9vq8gJHufJG1pHOLOt35w6widQ5jG70fb728xNoH+xh8EM793plOk
ak+9n9GgHWvn7slknEHZZSy+O0qkVqRq7OxDspTm7BBDDC7fvOiySpRbmrllpyc8
22wIRz4rX3rU/kXm/IBPtFJVftRaY5fdaW9N8wdDKWEj24969SJ4
-----END CERTIFICATE-----