Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/11o2iLgDPCuePLQgq2cbeg8IOSU.roa
File:                     11o2iLgDPCuePLQgq2cbeg8IOSU.roa (raw, json)
Hash identifier:          7FivvoKuc8ZAaHXETYuK4eG8oIMl6d9f2SuMter7leo=
Subject key identifier:   D7:5A:36:88:B8:03:3C:2B:9E:3C:B4:20:AB:67:1B:7A:0F:08:39:25
Certificate issuer:       /CN=03d602b9e1da2b568df544bda50e415799bbb1e2
Certificate serial:       019CA43166EC29D3F3E1B7635A24AF6081AC
Authority key identifier: 03:D6:02:B9:E1:DA:2B:56:8D:F5:44:BD:A5:0E:41:57:99:BB:B1:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/11o2iLgDPCuePLQgq2cbeg8IOSU.roa
Signing time:             Sat 28 Feb 2026 12:20:26 +0000
ROA not before:           Sat 28 Feb 2026 12:20:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201112
IP address blocks:        31.3.218.0/23 maxlen: 23
                          194.110.4.0/23 maxlen: 23
                          2a12:4e80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a4:31:66:ec:29:d3:f3:e1:b7:63:5a:24:af:60:81:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03d602b9e1da2b568df544bda50e415799bbb1e2
        Validity
            Not Before: Feb 28 12:20:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d75a3688b8033c2b9e3cb420ab671b7a0f083925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:12:9b:2d:58:98:6d:d8:e6:ca:e5:a1:ac:ea:
                    0f:16:5c:5b:b0:13:5c:35:40:24:a6:14:89:5e:4a:
                    79:2a:98:4a:74:40:7b:e9:49:aa:94:35:6a:7f:81:
                    ad:94:a0:8a:d4:e1:76:9d:1e:88:da:0e:ca:d2:1b:
                    1c:e6:d7:c5:7e:43:68:e8:11:fd:96:3a:1c:1a:91:
                    26:bf:a5:4d:6b:c5:32:47:9b:d7:4e:c1:e5:78:00:
                    bc:f8:ec:11:01:82:5e:3f:d3:45:c0:97:c3:bd:11:
                    b9:e4:1e:d2:d9:d0:03:07:14:08:52:83:b1:2b:41:
                    7e:8c:ba:95:d2:a0:dc:76:3b:f0:2d:51:70:b5:c1:
                    7a:1a:91:a3:5d:4e:75:67:98:c3:d1:97:ac:41:1a:
                    2f:9c:14:79:80:95:17:75:3c:3d:3b:b5:23:5e:35:
                    b4:79:95:07:af:fb:16:9e:65:1d:0a:0b:40:6a:1a:
                    52:e8:b8:f9:0f:d2:f9:c1:8a:30:ee:21:c6:19:b5:
                    53:59:ea:66:96:a9:93:f0:a4:9c:62:61:e5:cc:75:
                    b7:61:f5:81:40:be:34:54:46:a9:22:30:0b:6b:59:
                    b6:43:66:e9:1f:3d:01:00:5b:c1:14:95:84:bd:2d:
                    1b:72:d4:05:82:5d:e5:d9:d3:bd:b5:cb:45:9b:28:
                    58:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:5A:36:88:B8:03:3C:2B:9E:3C:B4:20:AB:67:1B:7A:0F:08:39:25
            X509v3 Authority Key Identifier:
                keyid:03:D6:02:B9:E1:DA:2B:56:8D:F5:44:BD:A5:0E:41:57:99:BB:B1:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/11o2iLgDPCuePLQgq2cbeg8IOSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.218.0/23
                  194.110.4.0/23
                IPv6:
                  2a12:4e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         c6:cc:38:fe:27:95:12:a0:0d:ba:ed:b8:61:f6:ec:f6:25:e8:
         c9:68:9f:d0:ac:d3:79:16:97:95:8a:58:c5:11:dd:31:70:2f:
         3e:62:68:7f:b0:43:a4:88:8c:67:f9:d7:f0:3a:f7:0e:fd:28:
         87:e6:2a:1d:6e:c8:9f:b8:5b:00:bd:47:91:08:81:65:79:7d:
         ee:5a:a4:57:07:12:1d:f5:91:26:c9:bd:c3:d1:4f:a8:22:7d:
         0a:c4:3e:98:a7:45:74:e2:d7:bc:ef:fe:39:cc:8c:08:28:f8:
         4b:5a:64:04:5d:5e:cd:6e:20:fe:67:39:d8:ad:d7:af:9a:62:
         ca:c7:10:d2:54:32:ce:0b:cc:48:66:c6:aa:f0:d3:f7:78:31:
         b4:1c:76:5c:c3:d2:f8:8b:ec:47:58:21:2c:b8:3a:21:a1:6f:
         b4:9d:66:52:dd:0c:5a:88:62:a7:b4:c7:c5:48:f4:00:ea:8b:
         a2:5a:8d:ca:5f:49:4b:b9:43:00:c1:a9:fb:ef:68:7a:a9:39:
         61:18:93:a4:d4:11:52:04:43:f2:53:89:1a:db:83:03:23:fd:
         fc:74:cb:97:50:57:2c:c2:3d:7b:22:05:42:68:bc:96:74:78:
         7f:85:82:d5:8d:74:49:41:d5:4d:24:c9:fc:cb:67:02:d0:b7:
         f0:12:fe:90
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZykMWbsKdPz4bdjWiSvYIGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZDYwMmI5ZTFkYTJiNTY4ZGY1NDRiZGE1MGU0MTU3OTli
YmIxZTIwHhcNMjYwMjI4MTIyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzVhMzY4OGI4MDMzYzJiOWUzY2I0MjBhYjY3MWI3YTBmMDgzOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBKbLViYbdjmyuWhrOoPFlxbsBNc
NUAkphSJXkp5KphKdEB76UmqlDVqf4GtlKCK1OF2nR6I2g7K0hsc5tfFfkNo6BH9
ljocGpEmv6VNa8UyR5vXTsHleAC8+OwRAYJeP9NFwJfDvRG55B7S2dADBxQIUoOx
K0F+jLqV0qDcdjvwLVFwtcF6GpGjXU51Z5jD0ZesQRovnBR5gJUXdTw9O7UjXjW0
eZUHr/sWnmUdCgtAahpS6Lj5D9L5wYow7iHGGbVTWepmlqmT8KScYmHlzHW3YfWB
QL40VEapIjALa1m2Q2bpHz0BAFvBFJWEvS0bctQFgl3l2dO9tctFmyhYjwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNdaNoi4Azwrnjy0IKtnG3oPCDklMB8GA1UdIwQY
MBaAFAPWArnh2itWjfVEvaUOQVeZu7HiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTlZQ3VlSGFLMWFOOVVTOXBRNUJWNW03c2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85MmZiZDktYjllZS00MmZjLWFhYzEt
ZmI5N2RkZDU0ODkxLzEvMTFvMmlMZ0RQQ3VlUExRZ3EyY2JlZzhJT1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85MmZiZDktYjllZS00MmZjLWFhYzEtZmI5N2RkZDU0ODkx
LzEvQTlZQ3VlSGFLMWFOOVVTOXBRNUJWNW03c2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBHwPaAwQB
wm4EMA0EAgACMAcDBQAqEk6AMA0GCSqGSIb3DQEBCwUAA4IBAQDGzDj+J5USoA26
7bhh9uz2JejJaJ/QrNN5FpeViljFEd0xcC8+Ymh/sEOkiIxn+dfwOvcO/SiH5iod
bsifuFsAvUeRCIFleX3uWqRXBxId9ZEmyb3D0U+oIn0KxD6Yp0V04te87/45zIwI
KPhLWmQEXV7NbiD+ZznYrdevmmLKxxDSVDLOC8xIZsaq8NP3eDG0HHZcw9L4i+xH
WCEsuDohoW+0nWZS3QxaiGKntMfFSPQA6ouiWo3KX0lLuUMAwan772h6qTlhGJOk
1BFSBEPyU4ka24MDI/38dMuXUFcswj17IgVCaLyWdHh/hYLVjXRJQdVNJMn8y2cC
0LfwEv6Q
-----END CERTIFICATE-----