Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/qULAWziRR6EpNTlUGRYiVItcoc0.roa
File:                     qULAWziRR6EpNTlUGRYiVItcoc0.roa (raw, json)
Hash identifier:          mkeeUvNAxFPl7/hk9APPcp6mDqYe93qja/XRGGlJYVg=
Subject key identifier:   A9:42:C0:5B:38:91:47:A1:29:35:39:54:19:16:22:54:8B:5C:A1:CD
Certificate issuer:       /CN=473b09b8fdede6cab524fcaa3b31e616ba2e4896
Certificate serial:       019B7C7EEB1435EE5601AA4F491EA611672C
Authority key identifier: 47:3B:09:B8:FD:ED:E6:CA:B5:24:FC:AA:3B:31:E6:16:BA:2E:48:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RzsJuP3t5sq1JPyqOzHmFrouSJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/qULAWziRR6EpNTlUGRYiVItcoc0.roa
Signing time:             Fri 02 Jan 2026 02:17:31 +0000
ROA not before:           Fri 02 Jan 2026 02:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49221
IP address blocks:        31.7.48.0/21 maxlen: 21
                          185.94.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/RzsJuP3t5sq1JPyqOzHmFrouSJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/RzsJuP3t5sq1JPyqOzHmFrouSJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RzsJuP3t5sq1JPyqOzHmFrouSJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7e:eb:14:35:ee:56:01:aa:4f:49:1e:a6:11:67:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473b09b8fdede6cab524fcaa3b31e616ba2e4896
        Validity
            Not Before: Jan  2 02:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a942c05b389147a129353954191622548b5ca1cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:63:4d:ab:76:6c:5a:0c:bc:92:3d:90:df:4f:
                    15:6b:1d:9f:14:06:cf:e3:12:8e:d7:4a:09:5b:ea:
                    88:f7:d5:a1:38:b3:22:67:f5:4b:cb:f4:60:31:bf:
                    74:bc:30:70:9a:fb:63:61:2e:c4:bb:e9:47:6c:24:
                    bc:85:a6:15:6b:a8:23:fc:18:79:ef:de:a7:da:00:
                    55:7e:18:0b:2a:ff:fc:9c:74:07:3e:eb:ba:dd:e5:
                    46:60:a1:1e:2f:11:9b:58:d7:0a:84:1e:26:94:fd:
                    72:80:eb:37:b5:15:47:de:16:9e:dd:d5:4c:2b:e3:
                    3e:95:74:0b:47:d4:a0:2c:86:f3:59:4f:7e:4f:b9:
                    97:5e:d5:31:db:8f:4c:55:97:cd:fd:03:aa:40:38:
                    32:fd:29:49:b3:7a:68:57:18:dc:99:d5:f7:60:ab:
                    ce:66:e8:ad:23:f9:ab:e5:3f:30:15:b5:15:4d:c6:
                    2d:db:c9:d3:d3:97:37:9c:38:f5:2b:c1:8b:4c:dd:
                    df:b9:20:8b:e0:12:04:48:84:62:14:31:c3:6e:21:
                    98:eb:6d:f7:0e:47:4d:dd:51:e4:bf:fb:c7:e8:b2:
                    25:ae:83:f7:72:75:87:be:92:87:e1:f9:30:3d:e8:
                    75:3b:90:91:0c:c9:34:9c:69:dd:df:7c:88:1d:b5:
                    a0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:42:C0:5B:38:91:47:A1:29:35:39:54:19:16:22:54:8B:5C:A1:CD
            X509v3 Authority Key Identifier:
                keyid:47:3B:09:B8:FD:ED:E6:CA:B5:24:FC:AA:3B:31:E6:16:BA:2E:48:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzsJuP3t5sq1JPyqOzHmFrouSJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/qULAWziRR6EpNTlUGRYiVItcoc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/RzsJuP3t5sq1JPyqOzHmFrouSJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.7.48.0/21
                  185.94.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:bf:26:74:dc:16:74:ad:6c:0e:fb:07:d0:b4:ba:19:06:a0:
         2c:7d:01:22:9b:9c:c9:b1:3b:12:e2:95:b2:99:8c:84:58:8c:
         db:f2:c6:61:db:30:05:3f:03:82:cb:13:a9:c3:40:3c:3c:1c:
         2e:98:b1:b4:1f:2a:72:70:c0:cc:3b:ca:b7:08:c7:c9:35:bf:
         d4:43:60:11:3e:ac:a3:3a:5c:5f:b7:e8:ba:bb:03:dc:40:1f:
         82:be:66:da:d4:6f:d0:2f:19:9d:90:13:45:ad:5e:6a:18:a9:
         da:77:6a:e7:12:c2:21:fa:8c:1a:40:dd:84:e5:24:41:5b:c4:
         0d:fb:b4:58:0e:e2:47:2a:94:9a:70:01:bd:c2:e5:d9:41:f2:
         9d:75:73:6c:6f:d1:67:82:da:49:60:f3:1e:72:e6:20:43:08:
         fd:48:27:54:6a:77:28:92:6d:f2:2b:8b:10:cd:af:54:d5:a3:
         52:08:5e:3b:f9:ee:68:7a:e6:cc:82:56:92:c9:84:80:67:bd:
         1b:2d:9c:6b:5d:51:d2:30:5c:73:15:13:1b:01:cd:32:4c:94:
         5a:35:5d:58:cb:be:4f:a6:b8:8b:53:47:6f:82:be:16:60:27:
         67:ab:b0:88:19:ec:96:c1:46:dd:65:a1:40:84:25:d7:99:e1:
         b9:e1:22:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt8fusUNe5WAapPSR6mEWcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3M2IwOWI4ZmRlZGU2Y2FiNTI0ZmNhYTNiMzFlNjE2YmEy
ZTQ4OTYwHhcNMjYwMTAyMDIxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTQyYzA1YjM4OTE0N2ExMjkzNTM5NTQxOTE2MjI1NDhiNWNhMWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWNNq3ZsWgy8kj2Q308Vax2fFAbP
4xKO10oJW+qI99WhOLMiZ/VLy/RgMb90vDBwmvtjYS7Eu+lHbCS8haYVa6gj/Bh5
796n2gBVfhgLKv/8nHQHPuu63eVGYKEeLxGbWNcKhB4mlP1ygOs3tRVH3hae3dVM
K+M+lXQLR9SgLIbzWU9+T7mXXtUx249MVZfN/QOqQDgy/SlJs3poVxjcmdX3YKvO
ZuitI/mr5T8wFbUVTcYt28nT05c3nDj1K8GLTN3fuSCL4BIESIRiFDHDbiGY6233
DkdN3VHkv/vH6LIlroP3cnWHvpKH4fkwPeh1O5CRDMk0nGnd33yIHbWghwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKlCwFs4kUehKTU5VBkWIlSLXKHNMB8GA1UdIwQY
MBaAFEc7Cbj97ebKtST8qjsx5ha6LkiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpzSnVQM3Q1c3ExSlB5cU96SG1Gcm91U0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9jMDQ2NzQtZTlhYy00NTQ3LWJjZGEt
MjU4ODU0ZTUwY2Y4LzEvcVVMQVd6aVJSNkVwTlRsVUdSWWlWSXRjb2MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9jMDQ2NzQtZTlhYy00NTQ3LWJjZGEtMjU4ODU0ZTUwY2Y4
LzEvUnpzSnVQM3Q1c3ExSlB5cU96SG1Gcm91U0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDHwcwAwQC
uV7IMA0GCSqGSIb3DQEBCwUAA4IBAQBfvyZ03BZ0rWwO+wfQtLoZBqAsfQEim5zJ
sTsS4pWymYyEWIzb8sZh2zAFPwOCyxOpw0A8PBwumLG0HypycMDMO8q3CMfJNb/U
Q2ARPqyjOlxft+i6uwPcQB+Cvmba1G/QLxmdkBNFrV5qGKnad2rnEsIh+owaQN2E
5SRBW8QN+7RYDuJHKpSacAG9wuXZQfKddXNsb9FngtpJYPMecuYgQwj9SCdUanco
km3yK4sQza9U1aNSCF47+e5oeubMglaSyYSAZ70bLZxrXVHSMFxzFRMbAc0yTJRa
NV1Yy75PpriLU0dvgr4WYCdnq7CIGeyWwUbdZaFAhCXXmeG54SL1
-----END CERTIFICATE-----