Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/mbyA6vdQMSBW3WxWupKgDCh_e6c.roa
File:                     mbyA6vdQMSBW3WxWupKgDCh_e6c.roa (raw, json)
Hash identifier:          rWKSrCafIcjPuXAmsvPAQZuQE+HvjoNdvKSTBv3pvUE=
Subject key identifier:   99:BC:80:EA:F7:50:31:20:56:DD:6C:56:BA:92:A0:0C:28:7F:7B:A7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D925649856280EA27E1D8C1CC7AB3D3F2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/mbyA6vdQMSBW3WxWupKgDCh_e6c.roa
Signing time:             Wed 15 Apr 2026 18:10:21 +0000
ROA not before:           Wed 15 Apr 2026 18:10:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199524
IP address blocks:        31.58.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:48:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:92:56:49:85:62:80:ea:27:e1:d8:c1:cc:7a:b3:d3:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 15 18:10:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99bc80eaf750312056dd6c56ba92a00c287f7ba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d3:63:85:b2:91:36:fa:1b:14:b9:fb:1d:30:
                    3d:b5:09:95:4e:e8:32:56:4e:c2:21:5e:08:59:55:
                    5a:d4:39:ff:b7:d2:83:52:da:09:7d:14:e1:aa:4e:
                    77:8e:0e:9f:1c:b4:4e:f3:fa:70:94:58:42:44:4c:
                    26:d9:88:f4:c0:c2:59:8c:d5:55:c8:d8:95:97:65:
                    1a:1d:99:7a:79:cd:8e:78:a4:5c:d4:5a:b2:7a:00:
                    27:1b:99:17:2c:d7:c9:93:c5:4d:d9:c0:95:72:dc:
                    3a:fd:17:9f:fe:c9:81:7c:81:ac:cc:c3:79:7d:61:
                    be:77:a6:df:25:79:2c:df:72:05:ae:00:4b:cb:01:
                    09:42:1f:6a:84:75:34:97:ce:19:79:96:ea:e8:12:
                    f8:e2:9e:0a:60:9e:1b:d0:eb:07:69:27:f7:52:99:
                    33:74:0e:8d:25:6a:66:df:59:72:1f:12:a9:c9:7e:
                    1b:91:7c:bd:91:5e:0d:c0:e4:ad:fb:0b:13:9c:3f:
                    9f:7a:c0:b2:c3:7a:33:ec:a9:9b:7b:ee:75:d3:1e:
                    cb:67:63:c1:11:c8:6b:88:c2:be:3d:0a:f7:0c:5b:
                    15:b5:89:75:ff:ef:e4:7b:6c:ab:5d:c4:2d:e5:30:
                    57:b5:50:73:9f:ae:16:dc:c6:ab:63:43:c2:cf:f2:
                    0d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:BC:80:EA:F7:50:31:20:56:DD:6C:56:BA:92:A0:0C:28:7F:7B:A7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/mbyA6vdQMSBW3WxWupKgDCh_e6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:34:b1:90:e1:6f:28:e6:01:ed:4d:d5:28:56:d3:c2:ac:e7:
         72:f2:94:55:c3:af:09:1a:62:a6:4a:d9:81:de:21:4f:e3:ed:
         2f:fd:61:ee:03:c4:7a:86:20:e2:37:79:6c:42:28:ff:f5:ea:
         35:78:4a:15:bb:1a:a5:98:19:a7:bc:12:9e:85:26:dd:31:bd:
         37:d2:52:9b:bb:c2:2d:ad:da:68:51:91:4b:b8:6a:25:90:30:
         1f:1f:a3:a8:30:dc:df:0d:e2:62:5e:01:2c:1b:fa:15:cd:86:
         54:a0:e6:ee:f7:ed:24:e2:72:aa:a2:00:1b:83:f4:a1:d0:d8:
         41:e2:ac:44:ef:13:1b:2d:06:fe:02:c8:23:18:31:6a:e9:33:
         5b:eb:76:6c:d9:8c:9d:b3:b5:7f:91:9d:74:11:85:57:e5:50:
         d4:07:b9:2b:ce:60:fd:e9:56:6f:a0:13:e0:57:bb:39:24:0c:
         12:7a:aa:cc:aa:4e:86:51:94:cf:22:dc:7f:ec:f6:a6:b6:d3:
         61:c6:83:88:2f:1d:31:33:5b:11:0c:bb:db:a2:ca:ba:f8:91:
         c8:60:19:9c:f5:97:44:d0:09:2d:18:49:50:bc:64:29:03:b3:
         06:92:c1:e1:0f:21:cf:c0:6d:8b:50:7e:1f:20:16:0e:9a:77:
         d9:09:0a:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2SVkmFYoDqJ+HYwcx6s9PyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDE1MTgxMDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWJjODBlYWY3NTAzMTIwNTZkZDZjNTZiYTkyYTAwYzI4N2Y3YmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdNjhbKRNvobFLn7HTA9tQmVTugy
Vk7CIV4IWVVa1Dn/t9KDUtoJfRThqk53jg6fHLRO8/pwlFhCREwm2Yj0wMJZjNVV
yNiVl2UaHZl6ec2OeKRc1FqyegAnG5kXLNfJk8VN2cCVctw6/Ref/smBfIGszMN5
fWG+d6bfJXks33IFrgBLywEJQh9qhHU0l84ZeZbq6BL44p4KYJ4b0OsHaSf3Upkz
dA6NJWpm31lyHxKpyX4bkXy9kV4NwOSt+wsTnD+fesCyw3oz7Kmbe+510x7LZ2PB
EchriMK+PQr3DFsVtYl1/+/ke2yrXcQt5TBXtVBzn64W3MarY0PCz/INhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJm8gOr3UDEgVt1sVrqSoAwof3unMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbWJ5QTZ2ZFFNU0JXM1d4V3VwS2dEQ2hfZTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzolMA0G
CSqGSIb3DQEBCwUAA4IBAQAkNLGQ4W8o5gHtTdUoVtPCrOdy8pRVw68JGmKmStmB
3iFP4+0v/WHuA8R6hiDiN3lsQij/9eo1eEoVuxqlmBmnvBKehSbdMb030lKbu8It
rdpoUZFLuGolkDAfH6OoMNzfDeJiXgEsG/oVzYZUoObu9+0k4nKqogAbg/Sh0NhB
4qxE7xMbLQb+AsgjGDFq6TNb63Zs2Yyds7V/kZ10EYVX5VDUB7krzmD96VZvoBPg
V7s5JAwSeqrMqk6GUZTPItx/7PamttNhxoOILx0xM1sRDLvbosq6+JHIYBmc9ZdE
0AktGElQvGQpA7MGksHhDyHPwG2LUH4fIBYOmnfZCQqu
-----END CERTIFICATE-----