Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WxVGqHyQ1HBb-rwXLG2EVuvryeU.roa
File:                     WxVGqHyQ1HBb-rwXLG2EVuvryeU.roa (raw, json)
Hash identifier:          jbMRDaGoy40c4L96GwL9e5dGW2PQX0PS/mbxVp/GHsA=
Subject key identifier:   5B:15:46:A8:7C:90:D4:70:5B:FA:BC:17:2C:6D:84:56:EB:EB:C9:E5
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CA4D1A36A9F74D0B79C53EC594C7F1D55
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WxVGqHyQ1HBb-rwXLG2EVuvryeU.roa
Signing time:             Sat 28 Feb 2026 15:15:28 +0000
ROA not before:           Sat 28 Feb 2026 15:15:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48529
IP address blocks:        31.58.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a4:d1:a3:6a:9f:74:d0:b7:9c:53:ec:59:4c:7f:1d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 28 15:15:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b1546a87c90d4705bfabc172c6d8456ebebc9e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4a:d7:de:c8:69:76:6f:7c:e0:ee:23:2b:43:
                    32:d6:82:ef:9f:44:47:f2:7d:7a:0b:90:31:09:27:
                    31:fe:db:fe:f0:d5:7d:2d:4b:09:80:7e:a8:4c:02:
                    72:ff:8a:c8:c2:de:97:60:28:c3:aa:0f:14:13:0b:
                    45:88:35:67:33:ae:fb:36:3d:cf:b2:83:8a:65:a7:
                    c6:a2:20:6d:75:b4:09:8a:40:f2:67:a7:15:6a:f7:
                    64:63:16:10:2a:24:6e:07:8b:52:cd:ce:45:56:77:
                    b1:aa:9e:29:55:05:f5:2b:90:08:02:8f:90:9c:c6:
                    3b:4d:7b:2d:f7:18:03:9d:fd:f4:26:67:0a:27:b4:
                    c3:fb:58:44:c0:da:ec:ea:a2:f5:08:60:1d:a0:e5:
                    65:5e:6a:82:e8:bd:bf:38:b4:da:c8:28:f7:be:f7:
                    1e:39:f3:07:61:42:68:08:b3:16:5e:a3:37:a2:78:
                    90:81:48:28:0f:6c:a7:24:3a:6b:18:9a:30:8e:64:
                    de:53:3d:1a:9e:13:29:25:cf:8a:69:11:b7:a6:46:
                    61:c7:db:08:2a:73:e8:45:74:66:43:1c:87:a0:c2:
                    5d:fc:0a:b4:7a:fa:a7:94:a2:d4:c5:9c:16:ec:f4:
                    41:da:9d:84:d1:72:a3:83:58:7a:98:f2:21:b5:ed:
                    a7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:15:46:A8:7C:90:D4:70:5B:FA:BC:17:2C:6D:84:56:EB:EB:C9:E5
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WxVGqHyQ1HBb-rwXLG2EVuvryeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:4b:50:05:16:40:12:23:ff:90:e5:c1:09:9b:8d:b1:33:90:
         8b:b6:bf:4e:c9:71:46:47:d0:ad:98:2d:2e:36:57:54:4f:8c:
         b1:17:41:0f:ad:b2:08:ce:7d:21:f6:d7:8d:5a:b4:c8:48:21:
         7e:ed:f4:c0:7e:aa:1a:67:c3:6b:66:08:61:a9:28:0f:b4:26:
         45:96:20:0d:34:d6:40:db:dc:ef:0c:88:33:2b:b9:f9:c0:42:
         e5:90:4d:e7:23:5a:46:1b:da:6a:e8:fa:d1:01:a6:0f:ba:ae:
         fd:7a:70:25:2a:91:4f:0e:5d:5c:dc:d8:07:bc:20:0e:5f:5d:
         74:14:4d:ad:31:1b:ef:f6:1e:ca:db:b9:fd:5a:da:f8:f5:7c:
         d7:4f:4f:e3:eb:05:3d:dc:f0:f6:f5:67:79:06:e3:e7:0a:1a:
         0f:ac:d3:47:09:01:32:11:6d:5b:fc:ca:a8:dc:cd:30:94:e5:
         86:6d:d7:41:15:72:d9:dd:49:6a:cd:9d:24:39:b9:df:f8:18:
         04:b1:98:c0:3d:e0:1e:28:6b:de:df:ca:4c:b0:a7:f3:f6:98:
         bf:b2:1f:34:92:0e:9c:6e:33:82:cf:54:be:d1:c3:b0:1c:ea:
         39:ae:83:46:a2:3f:cf:ae:80:23:be:b3:d3:4a:ba:bd:c0:78:
         21:6b:1f:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyk0aNqn3TQt5xT7FlMfx1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjI4MTUxNTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjE1NDZhODdjOTBkNDcwNWJmYWJjMTcyYzZkODQ1NmViZWJjOWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ErX3shpdm984O4jK0My1oLvn0RH
8n16C5AxCScx/tv+8NV9LUsJgH6oTAJy/4rIwt6XYCjDqg8UEwtFiDVnM677Nj3P
soOKZafGoiBtdbQJikDyZ6cVavdkYxYQKiRuB4tSzc5FVnexqp4pVQX1K5AIAo+Q
nMY7TXst9xgDnf30JmcKJ7TD+1hEwNrs6qL1CGAdoOVlXmqC6L2/OLTayCj3vvce
OfMHYUJoCLMWXqM3oniQgUgoD2ynJDprGJowjmTeUz0anhMpJc+KaRG3pkZhx9sI
KnPoRXRmQxyHoMJd/Aq0evqnlKLUxZwW7PRB2p2E0XKjg1h6mPIhte2nTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsVRqh8kNRwW/q8FyxthFbr68nlMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvV3hWR3FIeVExSEJiLXJ3WExHMkVWdXZyeWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzrjMA0G
CSqGSIb3DQEBCwUAA4IBAQC5S1AFFkASI/+Q5cEJm42xM5CLtr9OyXFGR9CtmC0u
NldUT4yxF0EPrbIIzn0h9teNWrTISCF+7fTAfqoaZ8NrZghhqSgPtCZFliANNNZA
29zvDIgzK7n5wELlkE3nI1pGG9pq6PrRAaYPuq79enAlKpFPDl1c3NgHvCAOX110
FE2tMRvv9h7K27n9Wtr49XzXT0/j6wU93PD29Wd5BuPnChoPrNNHCQEyEW1b/Mqo
3M0wlOWGbddBFXLZ3UlqzZ0kObnf+BgEsZjAPeAeKGve38pMsKfz9pi/sh80kg6c
bjOCz1S+0cOwHOo5roNGoj/ProAjvrPTSrq9wHghax/M
-----END CERTIFICATE-----