Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ntCYxYAb0Lmx5eGVxcTT6yWolg4.roa
File:                     ntCYxYAb0Lmx5eGVxcTT6yWolg4.roa (raw, json)
Hash identifier:          4PwHH4S9zt/tAA7ZRAG+Fg7SJXtG7UoRHuaiyv22ax8=
Subject key identifier:   9E:D0:98:C5:80:1B:D0:B9:B1:E5:E1:95:C5:C4:D3:EB:25:A8:96:0E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C04748607DF61FAFCC7DA832BA870060E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ntCYxYAb0Lmx5eGVxcTT6yWolg4.roa
Signing time:             Wed 28 Jan 2026 11:54:31 +0000
ROA not before:           Wed 28 Jan 2026 11:54:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214024
IP address blocks:        31.56.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:04:74:86:07:df:61:fa:fc:c7:da:83:2b:a8:70:06:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 28 11:54:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ed098c5801bd0b9b1e5e195c5c4d3eb25a8960e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c8:e1:dc:ae:d7:59:e1:d7:30:f9:b1:db:0a:
                    a8:d1:f8:b6:4f:61:52:4a:a6:3f:83:47:b7:8c:98:
                    6e:b1:97:88:7d:0c:de:a8:ec:cf:5b:c5:7a:db:be:
                    ba:52:85:2f:2d:94:82:3f:32:83:6c:bb:b9:cf:fd:
                    e4:08:f6:f2:8b:56:14:c7:44:1e:28:84:67:92:7e:
                    a1:ca:e0:4d:b0:32:20:a9:5b:0f:d7:40:82:41:4b:
                    e9:c5:38:5e:a2:36:b1:42:3e:96:33:0f:40:af:b6:
                    c5:ef:f8:10:c9:ae:92:39:e5:32:e2:6c:d0:bf:fb:
                    91:4e:3b:88:b8:e9:d3:c5:cc:85:35:80:57:45:d3:
                    a9:fa:0b:9c:59:4e:1d:06:88:a3:eb:be:f9:ae:d2:
                    a8:0c:3d:0c:b9:9b:0e:a3:9a:57:2b:4e:cb:7d:42:
                    cd:bf:94:21:14:0c:b0:13:60:a6:76:49:72:82:d5:
                    ed:c1:f6:9e:f8:2b:f3:49:7f:de:36:18:c4:44:4e:
                    98:b5:85:a4:33:70:01:18:a0:c8:88:e1:28:42:3d:
                    64:00:c1:a2:73:6e:fd:90:ff:81:80:24:e3:50:de:
                    7d:2b:eb:1f:ec:69:26:44:5a:03:e8:cf:4b:7a:20:
                    37:8c:a3:51:78:de:a4:34:36:32:88:3c:93:4b:df:
                    86:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D0:98:C5:80:1B:D0:B9:B1:E5:E1:95:C5:C4:D3:EB:25:A8:96:0E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ntCYxYAb0Lmx5eGVxcTT6yWolg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:2d:62:58:db:8a:35:9f:d2:e3:af:6a:c4:8b:92:da:d8:0b:
         44:9b:46:6b:e4:12:d4:78:06:19:bc:82:42:b4:23:49:a3:94:
         d6:b7:3a:58:a0:67:18:63:d8:eb:0b:2c:d6:f4:67:93:b2:36:
         c4:5e:f9:2d:72:46:fd:93:77:64:de:3c:41:16:0a:00:9a:a2:
         b9:38:94:69:4a:8a:c2:ab:2e:01:10:38:0c:81:5f:c8:f5:6d:
         82:17:ad:4f:1c:9a:74:de:e5:77:ba:13:8d:3b:a7:f1:c6:84:
         bc:c1:7d:31:d2:49:29:88:63:b1:83:9f:04:26:fc:d5:65:72:
         15:51:d6:e3:59:f7:e2:b2:12:0e:2f:98:57:a6:88:f9:7f:07:
         55:f3:e5:63:b0:1e:9a:78:ca:bd:9b:d3:98:c5:16:46:97:f2:
         1a:70:f5:2e:ec:3d:36:08:39:29:0e:88:42:22:a2:d1:04:9b:
         3c:ad:20:d1:ac:13:04:dd:ca:32:53:e8:25:92:fd:38:d1:4b:
         fa:d2:e4:e1:28:5f:4d:2b:dd:e3:eb:09:f5:a5:ea:df:81:22:
         11:3b:7d:73:68:03:83:4c:49:79:de:7f:b9:70:74:30:24:82:
         d5:7f:79:38:d2:8f:86:44:25:9a:a0:22:ef:29:57:0b:cf:1e:
         45:fd:98:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwEdIYH32H6/MfagyuocAYOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTI4MTE1NDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQwOThjNTgwMWJkMGI5YjFlNWUxOTVjNWM0ZDNlYjI1YTg5NjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsjh3K7XWeHXMPmx2wqo0fi2T2FS
SqY/g0e3jJhusZeIfQzeqOzPW8V62766UoUvLZSCPzKDbLu5z/3kCPbyi1YUx0Qe
KIRnkn6hyuBNsDIgqVsP10CCQUvpxTheojaxQj6WMw9Ar7bF7/gQya6SOeUy4mzQ
v/uRTjuIuOnTxcyFNYBXRdOp+gucWU4dBoij6775rtKoDD0MuZsOo5pXK07LfULN
v5QhFAywE2CmdklygtXtwfae+CvzSX/eNhjERE6YtYWkM3ABGKDIiOEoQj1kAMGi
c279kP+BgCTjUN59K+sf7GkmRFoD6M9LeiA3jKNReN6kNDYyiDyTS9+GCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7QmMWAG9C5seXhlcXE0+slqJYOMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbnRDWXhZQWIwTG14NWVHVnhjVFQ2eVdvbGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhUMA0G
CSqGSIb3DQEBCwUAA4IBAQBJLWJY24o1n9Ljr2rEi5La2AtEm0Zr5BLUeAYZvIJC
tCNJo5TWtzpYoGcYY9jrCyzW9GeTsjbEXvktckb9k3dk3jxBFgoAmqK5OJRpSorC
qy4BEDgMgV/I9W2CF61PHJp03uV3uhONO6fxxoS8wX0x0kkpiGOxg58EJvzVZXIV
UdbjWffishIOL5hXpoj5fwdV8+VjsB6aeMq9m9OYxRZGl/IacPUu7D02CDkpDohC
IqLRBJs8rSDRrBME3coyU+glkv040Uv60uThKF9NK93j6wn1perfgSIRO31zaAOD
TEl53n+5cHQwJILVf3k40o+GRCWaoCLvKVcLzx5F/Zii
-----END CERTIFICATE-----