Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4_FuYPMCEogz7kjY_tsmGwq-Oz0.roa
File:                     4_FuYPMCEogz7kjY_tsmGwq-Oz0.roa (raw, json)
Hash identifier:          f4VQrptHU4Sf5h+n+Dpo+f/Yl+Zb92sgNI5mfFiut9A=
Subject key identifier:   E3:F1:6E:60:F3:02:12:88:33:EE:48:D8:FE:DB:26:1B:0A:BE:3B:3D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C2CAE1CA6291A65E3551ED2C029A9FF45
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4_FuYPMCEogz7kjY_tsmGwq-Oz0.roa
Signing time:             Thu 05 Feb 2026 07:22:13 +0000
ROA not before:           Thu 05 Feb 2026 07:22:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213618
IP address blocks:        31.56.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:37:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2c:ae:1c:a6:29:1a:65:e3:55:1e:d2:c0:29:a9:ff:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb  5 07:22:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3f16e60f302128833ee48d8fedb261b0abe3b3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d4:2f:e3:90:c2:aa:2e:e6:52:6b:35:3f:bb:
                    31:59:b3:82:9f:07:ab:4c:88:cd:c4:7b:ee:17:0c:
                    0d:11:ba:26:b6:b8:0b:fb:98:db:07:2b:69:01:c1:
                    43:39:0d:70:9b:7e:6e:77:aa:43:15:97:41:9c:8c:
                    9d:aa:ff:2c:67:a7:60:ef:21:c6:ee:f5:91:90:d0:
                    4f:07:4f:23:d7:9c:e7:ed:64:df:37:fd:6a:2d:9e:
                    14:48:b1:07:4a:c6:51:72:b8:55:5a:56:4e:ec:2e:
                    95:a2:b1:87:a3:89:20:7e:d5:52:2b:0c:99:6a:a4:
                    d0:fb:a2:61:a3:51:6b:32:b0:4f:d8:ac:33:1a:c0:
                    6c:28:16:fe:fc:b8:19:24:6d:6b:f2:9a:32:e8:67:
                    1a:be:a7:44:a0:21:82:f7:96:43:ad:5a:93:d4:03:
                    cf:25:8f:ea:f1:0d:00:31:4f:db:48:3e:e5:92:30:
                    e7:7d:97:94:c7:3a:48:14:e7:ed:c8:34:98:5c:3d:
                    5f:98:71:6f:5f:cb:06:f7:f5:33:8c:b3:f0:4d:56:
                    47:3d:e7:40:10:84:53:8d:b8:aa:be:f5:86:39:9c:
                    5b:da:7a:ab:68:76:aa:93:e8:01:53:2d:31:2e:1c:
                    dd:22:42:49:dd:de:7c:b1:b1:a0:b8:f8:cf:67:b3:
                    a3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:F1:6E:60:F3:02:12:88:33:EE:48:D8:FE:DB:26:1B:0A:BE:3B:3D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4_FuYPMCEogz7kjY_tsmGwq-Oz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:20:b7:0d:1d:9e:ee:40:b2:51:02:1a:d8:31:17:f6:bc:f6:
         b4:a7:25:86:76:22:f3:bf:9b:e4:2a:e4:fe:e3:8d:8d:c0:4c:
         ff:fc:eb:45:ad:e9:f8:0a:78:19:36:60:23:43:c2:81:a7:70:
         5d:4f:fc:bd:5a:23:13:36:43:95:f7:0b:b2:4d:73:af:8e:5f:
         ba:01:4d:30:0f:07:d7:5a:47:3e:4f:fc:92:00:83:64:9c:1d:
         6b:50:91:39:b4:49:65:21:d9:94:23:1d:20:f9:c6:a6:4f:69:
         1a:74:13:bb:d2:5b:66:66:cd:38:18:5d:88:94:79:e9:26:37:
         aa:db:52:c9:0f:3d:f6:fb:fc:b4:6e:4c:2a:9c:21:b9:f0:28:
         fe:5f:d4:92:9a:02:c2:1c:47:15:4c:09:8d:21:68:8b:2d:f9:
         90:98:fb:b5:2c:67:4f:60:7d:80:84:ad:84:e4:24:5d:c7:89:
         07:e5:3c:81:62:02:a4:4e:50:17:36:f0:44:53:20:f6:e9:3a:
         bb:76:70:49:3c:3d:76:e2:bd:f2:cc:41:9f:35:00:84:b8:1a:
         7d:5e:6b:6d:67:20:cb:8b:11:1b:13:92:f8:6a:10:a5:79:c7:
         9f:0a:e5:11:b4:fc:25:62:de:af:18:1e:80:14:e5:1c:c0:12:
         91:0c:8b:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwsrhymKRpl41Ue0sApqf9FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjA1MDcyMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2YxNmU2MGYzMDIxMjg4MzNlZTQ4ZDhmZWRiMjYxYjBhYmUzYjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9Qv45DCqi7mUms1P7sxWbOCnwer
TIjNxHvuFwwNEbomtrgL+5jbBytpAcFDOQ1wm35ud6pDFZdBnIydqv8sZ6dg7yHG
7vWRkNBPB08j15zn7WTfN/1qLZ4USLEHSsZRcrhVWlZO7C6VorGHo4kgftVSKwyZ
aqTQ+6Jho1FrMrBP2KwzGsBsKBb+/LgZJG1r8poy6GcavqdEoCGC95ZDrVqT1APP
JY/q8Q0AMU/bSD7lkjDnfZeUxzpIFOftyDSYXD1fmHFvX8sG9/UzjLPwTVZHPedA
EIRTjbiqvvWGOZxb2nqraHaqk+gBUy0xLhzdIkJJ3d58sbGguPjPZ7OjnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPxbmDzAhKIM+5I2P7bJhsKvjs9MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNF9GdVlQTUNFb2d6N2tqWV90c21Hd3EtT3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjtMA0G
CSqGSIb3DQEBCwUAA4IBAQBTILcNHZ7uQLJRAhrYMRf2vPa0pyWGdiLzv5vkKuT+
442NwEz//OtFren4CngZNmAjQ8KBp3BdT/y9WiMTNkOV9wuyTXOvjl+6AU0wDwfX
Wkc+T/ySAINknB1rUJE5tEllIdmUIx0g+camT2kadBO70ltmZs04GF2IlHnpJjeq
21LJDz32+/y0bkwqnCG58Cj+X9SSmgLCHEcVTAmNIWiLLfmQmPu1LGdPYH2AhK2E
5CRdx4kH5TyBYgKkTlAXNvBEUyD26Tq7dnBJPD124r3yzEGfNQCEuBp9XmttZyDL
ixEbE5L4ahClecefCuURtPwlYt6vGB6AFOUcwBKRDIuQ
-----END CERTIFICATE-----