Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fby5MSGRr3AjnJ2Y6q5xh7971iE.roa
File:                     fby5MSGRr3AjnJ2Y6q5xh7971iE.roa (raw, json)
Hash identifier:          j6avHWnb/plrPFAb/rLvqovcAucWX48kFwmB/+mCYWo=
Subject key identifier:   7D:BC:B9:31:21:91:AF:70:23:9C:9D:98:EA:AE:71:87:BF:7B:D6:21
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E98C81B62BE8C6FDB0CB7BDFB494D1AA3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fby5MSGRr3AjnJ2Y6q5xh7971iE.roa
Signing time:             Fri 05 Jun 2026 17:15:11 +0000
ROA not before:           Fri 05 Jun 2026 17:15:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211577
IP address blocks:        31.58.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:98:c8:1b:62:be:8c:6f:db:0c:b7:bd:fb:49:4d:1a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  5 17:15:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7dbcb9312191af70239c9d98eaae7187bf7bd621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c5:1a:42:30:f5:a4:56:8c:51:d1:5e:f5:86:
                    25:20:57:44:28:00:f9:dc:91:d2:a0:52:b1:57:4b:
                    ba:48:87:ae:3f:41:27:72:4f:74:7e:42:11:c7:0d:
                    4c:6c:c4:e8:03:44:59:b5:d7:65:be:3a:12:f2:2f:
                    65:fd:dd:2e:95:f5:c1:fe:ae:b8:c1:b0:f8:f9:58:
                    d0:c5:b1:c0:e2:41:50:13:37:db:1e:f4:63:a8:4a:
                    44:37:b2:9e:7d:f7:e3:63:3f:f4:87:41:17:9e:5f:
                    35:fb:08:b7:1b:bd:89:60:9a:03:08:19:77:32:55:
                    d2:a4:a6:f1:f1:4a:88:87:7d:ed:87:49:32:9b:12:
                    29:ad:c9:37:8a:db:49:17:b5:9c:a4:a0:c3:12:26:
                    a0:85:7f:96:65:b5:63:ec:4c:77:d0:43:98:a5:48:
                    12:35:62:c3:33:0b:e4:fd:bd:b2:9d:e9:ae:da:49:
                    42:b8:8e:8c:43:f7:aa:d0:8a:d6:27:3f:ba:64:62:
                    fc:24:22:cd:ba:9d:b4:2d:7e:0e:28:2f:94:05:3b:
                    a2:d1:8c:1d:64:60:65:77:2f:be:a9:53:26:29:e8:
                    47:e1:48:71:82:06:33:52:65:ad:80:a0:a2:87:ac:
                    14:fe:18:da:ad:b5:b4:5e:b0:79:b3:f9:d3:01:b3:
                    82:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:BC:B9:31:21:91:AF:70:23:9C:9D:98:EA:AE:71:87:BF:7B:D6:21
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fby5MSGRr3AjnJ2Y6q5xh7971iE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:9b:37:97:c5:37:ed:4d:27:57:11:1c:00:bb:55:92:2b:ca:
         5d:5e:1f:c4:0a:3c:87:c5:1f:ad:92:9b:47:45:a2:ef:63:95:
         af:77:ab:d6:66:67:dd:b2:1d:bf:83:60:1c:03:8c:04:87:0a:
         5c:7c:10:7d:b3:1d:ce:95:91:2a:2d:80:b6:d8:cf:cf:59:a4:
         d5:60:96:81:43:0b:71:d5:82:2d:bb:9f:98:7c:c0:85:13:44:
         da:dd:8b:f3:78:53:85:61:38:44:db:11:71:93:4b:dc:bf:df:
         aa:f2:9f:0d:66:17:62:19:83:2a:1e:c9:4d:81:6f:27:a1:83:
         3c:e4:e5:b6:ac:38:6a:f9:6a:72:21:36:0a:a4:3e:15:e6:74:
         77:c6:24:e4:c7:4d:6e:20:24:60:11:3b:0d:88:6c:bd:40:de:
         50:71:cb:fa:cd:50:11:5b:87:72:4d:ee:06:f9:f1:07:96:9a:
         e9:8d:2e:09:ca:3d:4a:84:80:ca:ca:e9:97:40:5a:cd:b9:ce:
         51:5b:1e:87:76:e1:4b:87:ea:51:1e:1c:0c:48:0d:12:2b:c9:
         f8:06:6c:a3:8b:34:3b:43:58:26:b4:ad:0d:5a:e4:8a:04:12:
         ca:2b:16:8d:bd:17:d0:f3:12:39:f5:5f:db:50:47:5e:53:83:
         6e:90:74:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6YyBtivoxv2wy3vftJTRqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA1MTcxNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGJjYjkzMTIxOTFhZjcwMjM5YzlkOThlYWFlNzE4N2JmN2JkNjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMUaQjD1pFaMUdFe9YYlIFdEKAD5
3JHSoFKxV0u6SIeuP0Enck90fkIRxw1MbMToA0RZtddlvjoS8i9l/d0ulfXB/q64
wbD4+VjQxbHA4kFQEzfbHvRjqEpEN7KefffjYz/0h0EXnl81+wi3G72JYJoDCBl3
MlXSpKbx8UqIh33th0kymxIprck3ittJF7WcpKDDEiaghX+WZbVj7Ex30EOYpUgS
NWLDMwvk/b2ynemu2klCuI6MQ/eq0IrWJz+6ZGL8JCLNup20LX4OKC+UBTui0Ywd
ZGBldy++qVMmKehH4UhxggYzUmWtgKCih6wU/hjarbW0XrB5s/nTAbOClwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH28uTEhka9wI5ydmOqucYe/e9YhMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZmJ5NU1TR1JyM0FqbkoyWTZxNXhoNzk3MWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzopMA0G
CSqGSIb3DQEBCwUAA4IBAQComzeXxTftTSdXERwAu1WSK8pdXh/ECjyHxR+tkptH
RaLvY5Wvd6vWZmfdsh2/g2AcA4wEhwpcfBB9sx3OlZEqLYC22M/PWaTVYJaBQwtx
1YItu5+YfMCFE0Ta3YvzeFOFYThE2xFxk0vcv9+q8p8NZhdiGYMqHslNgW8noYM8
5OW2rDhq+WpyITYKpD4V5nR3xiTkx01uICRgETsNiGy9QN5Qccv6zVARW4dyTe4G
+fEHlprpjS4Jyj1KhIDKyumXQFrNuc5RWx6HduFLh+pRHhwMSA0SK8n4BmyjizQ7
Q1gmtK0NWuSKBBLKKxaNvRfQ8xI59V/bUEdeU4NukHQH
-----END CERTIFICATE-----