Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u5G73gzq08i5OVdqGwaeZh4QnRE.roa
File:                     u5G73gzq08i5OVdqGwaeZh4QnRE.roa (raw, json)
Hash identifier:          tnLPD++nLZElV6UGSHLiJ7EEijkfNLnZluqqUyblpoQ=
Subject key identifier:   BB:91:BB:DE:0C:EA:D3:C8:B9:39:57:6A:1B:06:9E:66:1E:10:9D:11
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EFF059A3234EE005A7F5F6B4E6B6F2CA4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u5G73gzq08i5OVdqGwaeZh4QnRE.roa
Signing time:             Thu 25 Jun 2026 13:43:37 +0000
ROA not before:           Thu 25 Jun 2026 13:43:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209274
IP address blocks:        31.59.151.0/24 maxlen: 24
                          217.60.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ff:05:9a:32:34:ee:00:5a:7f:5f:6b:4e:6b:6f:2c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 25 13:43:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb91bbde0cead3c8b939576a1b069e661e109d11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3e:50:21:1c:98:f8:7a:aa:df:d3:75:b8:0d:
                    17:99:ae:1d:24:69:22:0f:0b:2d:13:52:55:29:b3:
                    ee:7c:25:03:98:d1:15:cf:b6:2d:95:a7:29:ae:42:
                    04:7d:63:eb:e0:6a:12:13:02:b9:11:36:e0:da:9d:
                    7d:ec:4e:c9:24:36:61:a1:ba:e0:0c:c9:87:b1:1f:
                    1a:a9:b9:01:7f:d5:0f:77:b9:f8:25:ce:0c:43:c7:
                    06:22:e1:fd:16:fe:22:8a:ab:79:e3:01:fd:1a:1d:
                    f1:b6:39:a5:f7:f6:07:db:5a:82:c4:40:1f:fd:cf:
                    c1:f4:0a:33:e4:23:4a:76:7a:de:fc:b7:2c:8b:7a:
                    ed:04:d4:c7:86:fa:37:60:86:6e:c3:62:71:c4:04:
                    2d:31:f6:c9:1d:6d:e7:f9:e3:67:42:bf:b0:46:6a:
                    6b:e6:83:8e:d5:1d:9e:f4:6b:1e:0b:13:72:49:d4:
                    ee:95:86:27:04:ac:4e:c1:8c:93:fa:fb:12:67:5d:
                    bd:8e:16:49:48:7d:d6:f2:5c:2b:4b:c8:f0:46:c8:
                    d3:df:64:2f:81:f3:91:9b:a1:56:f8:15:0e:06:11:
                    1b:f1:18:a1:ff:47:2b:57:e6:b3:ea:e7:4d:d5:0b:
                    1b:e7:2e:33:2b:ee:3e:1b:8b:95:8d:7c:44:a2:b1:
                    81:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:91:BB:DE:0C:EA:D3:C8:B9:39:57:6A:1B:06:9E:66:1E:10:9D:11
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u5G73gzq08i5OVdqGwaeZh4QnRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.151.0/24
                  217.60.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:bd:6c:1a:3f:d4:c0:45:ef:df:41:ef:89:06:58:47:09:1d:
         17:5b:9c:5b:ac:02:c3:7d:a3:ed:9d:3e:52:04:3b:fc:d4:d6:
         40:f2:db:5c:3c:e0:a9:04:9d:d3:97:70:16:f8:ec:26:ef:d4:
         2e:af:ab:41:19:b1:40:d2:83:6b:75:2a:a1:32:d9:b1:e1:a4:
         96:94:19:dd:89:4f:b4:b5:16:3d:51:6a:9c:28:ae:e9:4f:bb:
         1c:2e:4d:99:57:b3:c1:4c:cc:8e:2d:bc:18:83:a3:f3:db:17:
         ed:e1:52:ee:0f:cc:9b:63:ba:7a:ad:3b:02:06:00:f7:0e:38:
         ba:9a:c2:6e:09:88:a5:bf:d6:64:3d:92:06:56:75:9f:8a:ae:
         6b:26:be:26:85:a1:11:d2:8e:ce:f0:7b:75:0d:fd:2e:f4:05:
         bc:f3:34:a4:95:87:d9:92:e6:48:3b:17:b5:31:38:62:e1:04:
         16:a2:a3:cb:ee:dc:41:8f:e3:77:0a:3c:53:64:6a:b1:cf:1f:
         b2:33:a7:4a:8f:09:39:06:74:3a:a7:0b:2a:dd:fa:70:36:d1:
         5c:ab:23:88:9c:4c:48:e4:76:09:1c:56:81:57:7a:5d:c4:68:
         0e:b7:7d:cb:4d:51:11:dd:16:91:53:17:92:8e:32:c4:e8:e2:
         96:55:d8:d3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7/BZoyNO4AWn9fa05rbyykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjI1MTM0MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjkxYmJkZTBjZWFkM2M4YjkzOTU3NmExYjA2OWU2NjFlMTA5ZDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjD5QIRyY+Hqq39N1uA0Xma4dJGki
DwstE1JVKbPufCUDmNEVz7YtlacprkIEfWPr4GoSEwK5ETbg2p197E7JJDZhobrg
DMmHsR8aqbkBf9UPd7n4Jc4MQ8cGIuH9Fv4iiqt54wH9Gh3xtjml9/YH21qCxEAf
/c/B9Aoz5CNKdnre/Lcsi3rtBNTHhvo3YIZuw2JxxAQtMfbJHW3n+eNnQr+wRmpr
5oOO1R2e9GseCxNySdTulYYnBKxOwYyT+vsSZ129jhZJSH3W8lwrS8jwRsjT32Qv
gfORm6FW+BUOBhEb8Rih/0crV+az6udN1Qsb5y4zK+4+G4uVjXxEorGBgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLuRu94M6tPIuTlXahsGnmYeEJ0RMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdTVHNzNnenEwOGk1T1ZkcUd3YWVaaDRRblJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzuXAwQA
2TzHMA0GCSqGSIb3DQEBCwUAA4IBAQBwvWwaP9TARe/fQe+JBlhHCR0XW5xbrALD
faPtnT5SBDv81NZA8ttcPOCpBJ3Tl3AW+Owm79Qur6tBGbFA0oNrdSqhMtmx4aSW
lBndiU+0tRY9UWqcKK7pT7scLk2ZV7PBTMyOLbwYg6Pz2xft4VLuD8ybY7p6rTsC
BgD3Dji6msJuCYilv9ZkPZIGVnWfiq5rJr4mhaER0o7O8Ht1Df0u9AW88zSklYfZ
kuZIOxe1MThi4QQWoqPL7txBj+N3CjxTZGqxzx+yM6dKjwk5BnQ6pwsq3fpwNtFc
qyOInExI5HYJHFaBV3pdxGgOt33LTVER3RaRUxeSjjLE6OKWVdjT
-----END CERTIFICATE-----