Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2gn4m3z2ZMfp_Z5oBtjRlYbuT-E.roa
File:                     2gn4m3z2ZMfp_Z5oBtjRlYbuT-E.roa (raw, json)
Hash identifier:          fKgmTHBetJ87vVhRrAmnkR8/bYeoDSXry9sVyIS5Iuc=
Subject key identifier:   DA:09:F8:9B:7C:F6:64:C7:E9:FD:9E:68:06:D8:D1:95:86:EE:4F:E1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D433D0B2788DB71109128A90562897EF9
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2gn4m3z2ZMfp_Z5oBtjRlYbuT-E.roa
Signing time:             Tue 31 Mar 2026 09:32:46 +0000
ROA not before:           Tue 31 Mar 2026 09:32:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200506
IP address blocks:        31.57.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Apr 2026 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:3d:0b:27:88:db:71:10:91:28:a9:05:62:89:7e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 31 09:32:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da09f89b7cf664c7e9fd9e6806d8d19586ee4fe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5e:e5:e7:b1:dc:37:22:8b:26:08:2a:cb:d4:
                    3d:84:45:dc:08:9c:d9:18:98:b9:cd:48:b5:b1:9c:
                    50:15:d4:55:89:3d:2b:2e:79:78:fa:3b:99:0f:31:
                    05:b0:13:49:57:1b:f2:c7:73:df:2b:83:6d:69:9f:
                    9c:31:ce:08:d8:b3:b7:af:fa:40:b0:89:40:68:97:
                    27:cc:da:e3:db:70:5a:b2:6c:c3:79:6e:ec:54:8d:
                    a9:52:42:ee:8b:ca:74:67:b2:63:cf:c1:96:e2:a6:
                    18:e7:b9:f0:32:c4:ad:a3:1b:00:e2:e9:fe:cb:ef:
                    af:8c:ad:08:77:11:5a:a1:2d:ad:33:b3:15:e4:5a:
                    af:20:a8:8d:84:1d:86:9f:d6:60:ff:f1:fc:35:22:
                    cb:d1:7c:25:ac:59:8b:86:be:4e:a4:05:8e:d7:ee:
                    94:f0:97:76:66:53:6d:bf:d5:68:77:cb:93:52:6b:
                    e6:16:6d:30:81:8a:17:67:87:f9:6e:06:29:73:ca:
                    f4:3d:84:b7:77:19:96:ac:61:a6:30:8b:57:e7:74:
                    de:a7:bf:a8:ae:34:83:ac:b8:d4:67:b7:1d:ea:75:
                    d1:29:31:38:28:91:11:9b:0b:da:aa:a5:d5:a2:20:
                    d6:9d:b5:62:d4:b1:4b:9c:2a:94:24:52:09:a5:52:
                    28:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:09:F8:9B:7C:F6:64:C7:E9:FD:9E:68:06:D8:D1:95:86:EE:4F:E1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2gn4m3z2ZMfp_Z5oBtjRlYbuT-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:b9:c5:d3:11:dd:14:2b:51:f0:67:78:e9:79:d1:fc:b1:f6:
         03:62:0f:de:17:f2:0d:ec:90:a7:99:5b:a1:99:82:54:e7:fc:
         cd:fb:44:c4:3f:d5:3e:e6:20:cb:0c:30:1a:19:83:56:08:45:
         31:94:84:4d:90:c2:6b:f3:6b:a5:99:29:66:c5:5e:a6:92:b6:
         5a:b2:92:04:22:22:86:40:29:8f:d7:7d:1a:6e:f8:cf:c1:40:
         0f:ab:43:c1:55:7d:33:26:0a:59:18:14:e1:7b:f1:ec:0e:81:
         ee:74:13:84:21:ea:8d:d3:5d:aa:8e:3d:48:27:4d:70:ea:95:
         7d:7c:c2:a4:62:d1:1f:23:cc:8c:71:38:59:46:71:80:76:ba:
         89:ca:7e:3b:4a:e4:09:1c:26:56:da:c6:66:9f:62:7c:92:ac:
         c9:fa:64:61:b1:f9:60:03:09:73:46:60:18:c7:2c:5c:d6:4c:
         84:02:00:00:56:4b:a0:31:08:cf:3c:39:8e:54:13:01:a9:05:
         a4:16:75:9e:90:38:20:b4:7e:4b:58:3f:72:4f:ef:3c:f8:03:
         28:7b:e1:4c:57:e3:60:b4:15:7d:0c:ef:ae:b1:40:86:44:71:
         1d:17:46:c1:30:5a:50:7c:d7:3f:bf:21:3d:c7:56:76:64:f0:
         8e:86:bc:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1DPQsniNtxEJEoqQViiX75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzMxMDkzMjQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTA5Zjg5YjdjZjY2NGM3ZTlmZDllNjgwNmQ4ZDE5NTg2ZWU0ZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV7l57HcNyKLJggqy9Q9hEXcCJzZ
GJi5zUi1sZxQFdRViT0rLnl4+juZDzEFsBNJVxvyx3PfK4NtaZ+cMc4I2LO3r/pA
sIlAaJcnzNrj23BasmzDeW7sVI2pUkLui8p0Z7Jjz8GW4qYY57nwMsStoxsA4un+
y++vjK0IdxFaoS2tM7MV5FqvIKiNhB2Gn9Zg//H8NSLL0XwlrFmLhr5OpAWO1+6U
8Jd2ZlNtv9Vod8uTUmvmFm0wgYoXZ4f5bgYpc8r0PYS3dxmWrGGmMItX53Tep7+o
rjSDrLjUZ7cd6nXRKTE4KJERmwvaqqXVoiDWnbVi1LFLnCqUJFIJpVIo9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoJ+Jt89mTH6f2eaAbY0ZWG7k/hMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMmduNG0zejJaTWZwX1o1b0J0alJsWWJ1VC1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzknMA0G
CSqGSIb3DQEBCwUAA4IBAQAbucXTEd0UK1HwZ3jpedH8sfYDYg/eF/IN7JCnmVuh
mYJU5/zN+0TEP9U+5iDLDDAaGYNWCEUxlIRNkMJr82ulmSlmxV6mkrZaspIEIiKG
QCmP130abvjPwUAPq0PBVX0zJgpZGBThe/HsDoHudBOEIeqN012qjj1IJ01w6pV9
fMKkYtEfI8yMcThZRnGAdrqJyn47SuQJHCZW2sZmn2J8kqzJ+mRhsflgAwlzRmAY
xyxc1kyEAgAAVkugMQjPPDmOVBMBqQWkFnWekDggtH5LWD9yT+88+AMoe+FMV+Ng
tBV9DO+usUCGRHEdF0bBMFpQfNc/vyE9x1Z2ZPCOhrxh
-----END CERTIFICATE-----