Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS60431.roa
File:                     AS60431.roa (raw, json)
Hash identifier:          aP9SXdcflylfnwYKzsbf1uy8pzp4H+otIRp7YrtMiM0=
Subject key identifier:   B7:EA:0B:D4:78:74:43:52:CF:31:22:83:F3:A5:8E:5E:1A:D4:70:1C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       43D33597CA6266065C070D475F7B2F07A13FF736
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS60431.roa
Signing time:             Fri 20 Feb 2026 06:08:26 +0000
ROA not before:           Fri 20 Feb 2026 06:03:26 +0000
ROA not after:            Fri 19 Feb 2027 06:08:26 +0000
asID:                     60431
IP address blocks:        2a0f:85c1:bc0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:d3:35:97:ca:62:66:06:5c:07:0d:47:5f:7b:2f:07:a1:3f:f7:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 20 06:03:26 2026 GMT
            Not After : Feb 19 06:08:26 2027 GMT
        Subject: CN=B7EA0BD478744352CF312283F3A58E5E1AD4701C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:58:b5:61:cd:0e:7a:71:39:2d:b9:f0:32:97:
                    a4:b9:cd:d5:99:43:51:a9:38:13:2a:12:4b:33:b9:
                    2b:e3:f5:9c:b3:b5:bd:b9:2b:93:62:f0:76:37:72:
                    2e:92:90:fe:9c:c9:f7:77:c3:3e:83:2e:58:eb:a7:
                    b4:78:5b:ff:cf:ee:47:a0:09:a6:b6:62:8b:67:ba:
                    39:c2:bf:20:19:7a:45:70:c5:c0:cf:40:6c:18:77:
                    96:e8:3c:05:69:90:9f:3e:24:17:6a:9a:dd:8b:bf:
                    cc:43:6e:16:95:32:93:49:44:1d:cc:0c:71:f1:27:
                    7f:53:26:87:58:50:e7:3d:84:75:16:4e:77:6e:89:
                    14:ca:87:d8:7b:be:13:88:ce:60:a6:43:43:f9:5d:
                    c6:e6:30:c2:61:32:31:78:91:9f:28:65:d4:21:b8:
                    74:ab:a9:e1:ae:90:b2:3c:99:97:68:fe:a3:03:ae:
                    8f:c7:ec:3d:7e:f2:12:5f:9e:eb:93:ec:da:a6:45:
                    7c:ad:e1:56:84:c5:96:c9:09:33:f9:07:42:93:fb:
                    20:87:8d:b1:64:8b:03:2f:af:e9:42:c9:fb:55:4c:
                    ea:30:ea:23:f1:aa:84:f7:b8:11:82:3a:a3:e1:cf:
                    72:10:45:be:b3:e8:b1:25:2b:06:58:be:b6:59:49:
                    89:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:EA:0B:D4:78:74:43:52:CF:31:22:83:F3:A5:8E:5E:1A:D4:70:1C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS60431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         da:c9:fa:26:ab:ff:25:39:72:85:10:ad:20:6a:69:f0:9a:2d:
         17:d0:48:cb:18:ce:1a:d4:b5:3b:ae:b4:b9:7b:4f:f8:c9:af:
         53:96:8d:b0:d4:f8:0c:d7:38:75:37:45:a0:24:98:46:04:e7:
         f1:37:f6:4c:db:ff:f9:45:4a:77:8b:e9:e1:43:9c:50:7c:d8:
         ec:43:fb:b2:6c:e6:8b:f0:35:7c:72:75:fd:96:78:c5:d1:5e:
         51:2f:61:08:e9:55:08:47:6d:37:88:d3:83:15:64:29:37:92:
         ae:6a:30:31:82:d0:41:55:88:dd:4c:a7:2e:0e:83:52:61:ae:
         65:95:04:d2:05:83:0d:ed:62:9f:c8:d6:37:32:2a:9f:e7:6f:
         2a:b8:0a:cf:b5:cd:2b:42:7e:9c:1b:71:2b:07:ff:37:35:62:
         1e:02:d2:c8:f3:79:c9:ae:34:99:cb:91:10:44:1b:9e:40:2c:
         a1:24:a1:d3:d8:24:ec:5e:56:ab:08:f7:8b:92:ba:37:33:27:
         8c:6b:ed:2c:35:92:90:ec:77:94:f0:b9:8f:96:1b:65:a0:ad:
         50:bd:4c:dd:13:27:ab:63:9d:1b:41:b4:35:67:53:cb:fd:bf:
         42:f6:7a:a4:b5:cf:ec:c3:9c:2e:e3:b2:65:1e:b7:ab:3b:05:
         db:35:34:eb
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUQ9M1l8piZgZcBw1HX3svB6E/9zYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMjAwNjAzMjZaFw0yNzAyMTkwNjA4MjZaMDMxMTAvBgNV
BAMTKEI3RUEwQkQ0Nzg3NDQzNTJDRjMxMjI4M0YzQTU4RTVFMUFENDcwMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLWLVhzQ56cTktufAyl6S5zdWZ
Q1GpOBMqEkszuSvj9Zyztb25K5Ni8HY3ci6SkP6cyfd3wz6DLljrp7R4W//P7keg
Caa2YotnujnCvyAZekVwxcDPQGwYd5boPAVpkJ8+JBdqmt2Lv8xDbhaVMpNJRB3M
DHHxJ39TJodYUOc9hHUWTnduiRTKh9h7vhOIzmCmQ0P5XcbmMMJhMjF4kZ8oZdQh
uHSrqeGukLI8mZdo/qMDro/H7D1+8hJfnuuT7NqmRXyt4VaExZbJCTP5B0KT+yCH
jbFkiwMvr+lCyftVTOow6iPxqoT3uBGCOqPhz3IQRb6z6LElKwZYvrZZSYmnAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUt+oL1Hh0Q1LPMSKD86WOXhrUcBwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTNjA0MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqD4XB
C8AwDQYJKoZIhvcNAQELBQADggEBANrJ+iar/yU5coUQrSBqafCaLRfQSMsYzhrU
tTuutLl7T/jJr1OWjbDU+AzXOHU3RaAkmEYE5/E39kzb//lFSneL6eFDnFB82OxD
+7Js5ovwNXxydf2WeMXRXlEvYQjpVQhHbTeI04MVZCk3kq5qMDGC0EFViN1Mpy4O
g1JhrmWVBNIFgw3tYp/I1jcyKp/nbyq4Cs+1zStCfpwbcSsH/zc1Yh4C0sjzecmu
NJnLkRBEG55ALKEkodPYJOxeVqsI94uSujczJ4xr7Sw1kpDsd5TwuY+WG2WgrVC9
TN0TJ6tjnRtBtDVnU8v9v0L2eqS1z+zDnC7jsmUet6s7Bds1NOs=
-----END CERTIFICATE-----