Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AlzAH-Wkf5uD0EH6KHpG5ty0UTU.roa
File:                     AlzAH-Wkf5uD0EH6KHpG5ty0UTU.roa (raw, json)
Hash identifier:          MOgGzY8OvIalNg//vtcBFBJFs/yRgYnpl9mROt2DBik=
Subject key identifier:   02:5C:C0:1F:E5:A4:7F:9B:83:D0:41:FA:28:7A:46:E6:DC:B4:51:35
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C626BBDB2A985332F5876E45BD33A2123
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AlzAH-Wkf5uD0EH6KHpG5ty0UTU.roa
Signing time:             Sun 15 Feb 2026 17:49:14 +0000
ROA not before:           Sun 15 Feb 2026 17:49:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199524
IP address blocks:        31.57.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:62:6b:bd:b2:a9:85:33:2f:58:76:e4:5b:d3:3a:21:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 15 17:49:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=025cc01fe5a47f9b83d041fa287a46e6dcb45135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:4e:73:0b:b5:f0:11:62:76:84:3f:47:fe:76:
                    28:4d:ef:7e:06:e0:5e:2f:ed:68:86:76:c8:4a:94:
                    84:a4:10:00:d1:ff:f4:16:fb:e4:7f:f0:d8:4d:89:
                    38:b3:41:a4:1c:24:f9:53:47:30:8d:91:4c:ae:67:
                    cc:21:74:1b:76:15:e4:1c:06:b2:bc:4e:53:68:67:
                    3b:0c:28:ea:64:05:8c:44:4c:2f:16:cc:43:ec:6f:
                    1f:bb:5c:9f:d0:b4:96:05:c5:ad:39:da:6e:cf:22:
                    94:4c:ea:a0:2c:46:d8:92:c6:a4:dd:31:d5:0e:02:
                    43:57:f5:3f:b0:48:14:26:4b:90:f4:e7:1f:82:63:
                    12:c6:e6:0b:4c:4f:e9:7e:ca:5a:64:00:6d:4d:54:
                    e6:bf:9d:3f:30:76:d8:67:c8:67:72:92:64:e1:44:
                    b1:14:9c:1f:33:0e:fe:65:f2:9c:21:5d:69:cc:fa:
                    d7:e4:05:8b:0d:d2:be:5a:30:f8:f3:fd:2a:8f:c0:
                    a5:69:88:fa:0d:91:da:16:b3:ec:65:de:23:eb:9e:
                    8a:60:4d:3d:24:60:1d:a5:d3:5f:cf:a5:ed:da:99:
                    37:4e:5e:1e:36:40:c6:63:64:96:a1:00:07:b4:24:
                    98:b7:a4:ca:8d:2a:a6:7a:fe:aa:6c:64:c0:82:af:
                    7b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:5C:C0:1F:E5:A4:7F:9B:83:D0:41:FA:28:7A:46:E6:DC:B4:51:35
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AlzAH-Wkf5uD0EH6KHpG5ty0UTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:12:95:d6:d4:cb:f5:9f:92:20:e0:b3:13:e9:99:da:54:5b:
         fa:b7:ba:ff:48:d9:3a:1a:66:67:e7:87:6b:cb:97:ec:15:b9:
         18:68:de:02:21:62:a0:01:47:32:fb:72:10:23:6c:25:98:a6:
         91:40:d4:37:f5:fc:6f:94:55:00:8e:c7:7c:bc:37:c2:9e:1f:
         3d:cd:51:63:00:e4:c0:26:4b:f5:e7:88:29:f7:61:dc:f4:b5:
         5d:3c:c1:5a:8c:3d:27:43:ab:65:d7:bb:90:02:50:15:6e:cb:
         c7:9b:f3:d3:f6:5d:03:86:7a:b0:43:00:96:30:0d:8f:c5:48:
         d3:5a:3e:9d:3b:03:41:c7:9a:5c:34:21:73:f2:1f:37:82:dd:
         db:e1:da:c4:39:cf:86:3f:e9:61:5e:e8:f8:8d:53:b3:25:86:
         6e:ef:30:2f:67:ab:9e:0f:41:f5:46:30:54:03:c4:cf:1a:12:
         03:d3:68:7a:56:71:db:8b:53:57:c2:dc:cb:54:1e:0f:06:b4:
         bc:f3:f4:24:70:ec:9a:07:6a:1c:ee:f3:f5:e4:a6:af:9a:17:
         1b:82:23:e2:83:24:fb:69:d0:2b:ad:51:27:1e:a6:cc:db:e2:
         12:a4:ab:ce:a4:ac:05:b3:70:1b:a6:a7:91:a9:bd:7c:f1:a5:
         2a:d6:69:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxia72yqYUzL1h25FvTOiEjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjE1MTc0OTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjVjYzAxZmU1YTQ3ZjliODNkMDQxZmEyODdhNDZlNmRjYjQ1MTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8E5zC7XwEWJ2hD9H/nYoTe9+BuBe
L+1ohnbISpSEpBAA0f/0Fvvkf/DYTYk4s0GkHCT5U0cwjZFMrmfMIXQbdhXkHAay
vE5TaGc7DCjqZAWMREwvFsxD7G8fu1yf0LSWBcWtOdpuzyKUTOqgLEbYksak3THV
DgJDV/U/sEgUJkuQ9OcfgmMSxuYLTE/pfspaZABtTVTmv50/MHbYZ8hncpJk4USx
FJwfMw7+ZfKcIV1pzPrX5AWLDdK+WjD48/0qj8ClaYj6DZHaFrPsZd4j656KYE09
JGAdpdNfz6Xt2pk3Tl4eNkDGY2SWoQAHtCSYt6TKjSqmev6qbGTAgq97BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJcwB/lpH+bg9BB+ih6RubctFE1MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQWx6QUgtV2tmNXVEMEVINktIcEc1dHkwVVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmKMA0G
CSqGSIb3DQEBCwUAA4IBAQArEpXW1Mv1n5Ig4LMT6ZnaVFv6t7r/SNk6GmZn54dr
y5fsFbkYaN4CIWKgAUcy+3IQI2wlmKaRQNQ39fxvlFUAjsd8vDfCnh89zVFjAOTA
Jkv154gp92Hc9LVdPMFajD0nQ6tl17uQAlAVbsvHm/PT9l0DhnqwQwCWMA2PxUjT
Wj6dOwNBx5pcNCFz8h83gt3b4drEOc+GP+lhXuj4jVOzJYZu7zAvZ6ueD0H1RjBU
A8TPGhID02h6VnHbi1NXwtzLVB4PBrS88/QkcOyaB2oc7vP15KavmhcbgiPigyT7
adArrVEnHqbM2+ISpKvOpKwFs3AbpqeRqb188aUq1mkK
-----END CERTIFICATE-----