Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4kDGU2r13imcMAYV-q8yibhfSys.roa
File:                     4kDGU2r13imcMAYV-q8yibhfSys.roa (raw, json)
Hash identifier:          rbPHr3s5Zpj436q7TJaruk206pMFdDdFjmOolDkrg9A=
Subject key identifier:   E2:40:C6:53:6A:F5:DE:29:9C:30:06:15:FA:AF:32:89:B8:5F:4B:2B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D6E1594AB75ECEEB41F1B6FB0DB76DC5B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4kDGU2r13imcMAYV-q8yibhfSys.roa
Signing time:             Wed 08 Apr 2026 17:13:21 +0000
ROA not before:           Wed 08 Apr 2026 17:13:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        31.56.68.0/24 maxlen: 24
                          31.56.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 16:26:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6e:15:94:ab:75:ec:ee:b4:1f:1b:6f:b0:db:76:dc:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  8 17:13:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e240c6536af5de299c300615faaf3289b85f4b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:54:86:28:13:84:06:fd:3c:01:57:30:33:63:
                    64:0d:94:b2:6f:a1:75:86:73:86:4c:a6:3c:fd:4b:
                    ee:00:c4:09:45:de:85:c6:2a:f3:73:e6:7e:0f:50:
                    bd:6c:10:d5:74:b9:26:a8:11:10:45:20:dd:3b:0b:
                    b9:ce:29:db:db:15:3c:ef:8c:bd:95:31:d8:02:58:
                    7c:f3:63:3b:c6:df:17:a7:c3:fa:6e:f2:68:81:9a:
                    2c:a1:f3:9d:ec:ed:a6:1e:57:53:16:34:3f:21:83:
                    d4:46:69:e0:21:d3:07:70:e1:73:ea:af:39:ae:e3:
                    94:92:8f:d0:7b:11:12:3e:f1:90:f8:72:4d:dc:e5:
                    b1:77:3d:61:f2:af:4d:40:92:fc:a1:af:d6:f6:db:
                    91:ea:ab:90:8c:f5:64:b0:b7:5b:16:83:ff:f1:11:
                    1b:1c:d2:ed:a2:d9:ce:a6:46:72:6e:88:1f:03:48:
                    02:cf:b2:27:cb:eb:79:f2:36:a9:7c:2a:94:13:68:
                    08:bb:3f:36:11:fe:4a:9c:45:4b:a7:1d:dc:bc:76:
                    7d:33:a2:7c:13:d4:1d:c9:eb:4d:04:35:4a:90:3e:
                    97:69:5a:45:d1:1b:c7:a4:7b:29:38:9f:1d:ab:ff:
                    f2:75:a1:8f:72:b4:62:a4:49:f0:6e:11:29:91:a9:
                    51:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:40:C6:53:6A:F5:DE:29:9C:30:06:15:FA:AF:32:89:B8:5F:4B:2B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4kDGU2r13imcMAYV-q8yibhfSys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.68.0/24
                  31.56.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:94:e2:8d:e4:17:f8:31:bd:65:ce:2d:50:8a:be:a5:83:3d:
         af:0b:0f:2f:36:81:51:ba:6b:6c:72:a3:a1:85:31:63:a2:b2:
         a1:6a:19:74:51:0a:7c:c1:9e:60:a3:34:af:3e:f9:2b:53:95:
         4c:e1:a1:ab:63:87:d4:76:04:14:bb:7b:85:98:2a:1e:32:c8:
         3b:60:ea:b4:e1:1a:e0:02:85:5e:a4:6d:3a:f0:88:65:60:0f:
         ec:85:83:74:5b:29:0f:ee:73:6e:b6:a8:ec:d5:1f:99:62:de:
         51:4d:08:7a:6c:b1:8b:f6:b0:db:b2:0c:e3:3e:e1:88:2d:00:
         22:4a:cc:e4:f8:8b:8c:c1:3e:fe:05:f5:17:57:7c:09:d2:21:
         c8:27:4e:0e:45:56:80:51:fa:2d:34:02:0a:8f:0e:6f:60:5d:
         5a:a1:a8:b1:9e:62:41:a1:95:60:d1:ed:93:60:c8:4f:25:e5:
         20:7a:a8:49:0a:fa:ae:2b:59:e8:94:30:90:5c:1a:5a:71:39:
         c3:63:c7:d2:d3:39:4b:41:f5:24:a8:b4:98:f3:ca:b6:f8:68:
         58:54:2c:93:77:2c:bf:bc:f1:42:4c:a9:88:cb:2a:4e:8e:76:
         f2:02:6d:e6:68:49:72:67:e6:1c:95:45:88:b5:99:d3:5e:8a:
         f8:72:75:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1uFZSrdezutB8bb7DbdtxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDA4MTcxMzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjQwYzY1MzZhZjVkZTI5OWMzMDA2MTVmYWFmMzI4OWI4NWY0YjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVSGKBOEBv08AVcwM2NkDZSyb6F1
hnOGTKY8/UvuAMQJRd6Fxirzc+Z+D1C9bBDVdLkmqBEQRSDdOwu5zinb2xU874y9
lTHYAlh882M7xt8Xp8P6bvJogZosofOd7O2mHldTFjQ/IYPURmngIdMHcOFz6q85
ruOUko/QexESPvGQ+HJN3OWxdz1h8q9NQJL8oa/W9tuR6quQjPVksLdbFoP/8REb
HNLtotnOpkZybogfA0gCz7Iny+t58japfCqUE2gIuz82Ef5KnEVLpx3cvHZ9M6J8
E9QdyetNBDVKkD6XaVpF0RvHpHspOJ8dq//ydaGPcrRipEnwbhEpkalRBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOJAxlNq9d4pnDAGFfqvMom4X0srMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNGtER1UycjEzaW1jTUFZVi1xOHlpYmhmU3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzhEAwQA
HziYMA0GCSqGSIb3DQEBCwUAA4IBAQBKlOKN5Bf4Mb1lzi1Qir6lgz2vCw8vNoFR
umtscqOhhTFjorKhahl0UQp8wZ5gozSvPvkrU5VM4aGrY4fUdgQUu3uFmCoeMsg7
YOq04RrgAoVepG068IhlYA/shYN0WykP7nNutqjs1R+ZYt5RTQh6bLGL9rDbsgzj
PuGILQAiSszk+IuMwT7+BfUXV3wJ0iHIJ04ORVaAUfotNAIKjw5vYF1aoaixnmJB
oZVg0e2TYMhPJeUgeqhJCvquK1nolDCQXBpacTnDY8fS0zlLQfUkqLSY88q2+GhY
VCyTdyy/vPFCTKmIyypOjnbyAm3maElyZ+YclUWItZnTXor4cnU/
-----END CERTIFICATE-----