Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8YSJgumWEr2mIPJNTqFXwY0Bc2E.roa
File:                     8YSJgumWEr2mIPJNTqFXwY0Bc2E.roa (raw, json)
Hash identifier:          WxfgIfUBENfQupQk6LclPVBedMUphpEi3jH84G68LGY=
Subject key identifier:   F1:84:89:82:E9:96:12:BD:A6:20:F2:4D:4E:A1:57:C1:8D:01:73:61
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E7A006CEFFD89A01D308E02E58FA10322
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8YSJgumWEr2mIPJNTqFXwY0Bc2E.roa
Signing time:             Sat 30 May 2026 17:48:28 +0000
ROA not before:           Sat 30 May 2026 17:48:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204942
IP address blocks:        31.57.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7a:00:6c:ef:fd:89:a0:1d:30:8e:02:e5:8f:a1:03:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 30 17:48:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1848982e99612bda620f24d4ea157c18d017361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4e:26:b3:43:3f:35:c1:5a:67:05:3f:c9:0f:
                    7f:22:eb:81:59:a1:a4:c9:26:b4:47:9c:b5:6b:7f:
                    cb:7b:11:7f:62:52:b3:b2:17:49:80:15:81:db:8b:
                    26:e2:62:86:af:b4:12:75:aa:82:c4:01:ae:bf:c0:
                    dc:cd:8b:1b:ea:dc:24:1b:8c:08:98:ea:fb:1c:26:
                    8a:b6:04:17:b8:02:87:03:a0:46:1e:64:75:11:8c:
                    cf:5a:de:30:41:9b:f6:fc:50:54:0a:83:be:71:ec:
                    45:01:10:17:fa:da:7a:89:f9:db:c4:e9:92:a3:6b:
                    6b:e6:8f:c7:0b:23:ce:3e:ba:11:2c:4e:74:10:67:
                    65:d5:d5:c7:da:13:1d:e5:d3:30:4d:a0:47:6e:87:
                    d7:aa:87:5a:51:a6:aa:a7:19:8d:26:cd:c9:8f:3c:
                    3e:70:4b:24:6a:1b:d5:a4:cb:43:3b:54:dd:5d:b9:
                    c8:73:10:07:6d:71:a3:a7:ac:f7:fe:bd:70:fb:7d:
                    cc:9e:ce:7d:e9:65:60:08:77:d7:7e:0e:d0:5d:11:
                    c2:01:18:e2:5c:f8:5c:be:76:bb:fc:c0:c6:2c:e9:
                    cd:76:1e:e6:34:2e:8b:cd:45:a0:0c:64:39:b7:6a:
                    87:56:fc:1a:8f:e0:5b:f9:13:e7:a9:37:fa:8c:89:
                    a9:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:84:89:82:E9:96:12:BD:A6:20:F2:4D:4E:A1:57:C1:8D:01:73:61
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8YSJgumWEr2mIPJNTqFXwY0Bc2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:60:3e:d4:a5:e4:10:b9:3d:d6:d8:ab:86:0f:dc:b4:bf:c0:
         b3:ab:f6:09:e7:f2:90:8f:d0:02:68:cb:f2:4a:c7:96:6e:3b:
         0a:cf:cf:24:10:ec:50:7e:7a:dc:ae:aa:53:14:24:7f:da:f4:
         ad:9d:a8:0e:a3:63:c4:52:5e:b1:29:b3:ad:75:3d:37:76:b4:
         99:cd:e6:57:15:b3:0f:bb:15:b1:56:31:2d:10:26:0a:5d:32:
         b7:f1:0f:36:5d:f3:ba:9e:21:d9:56:87:20:fc:e2:b3:a7:23:
         da:e2:b4:b6:91:0a:d6:f2:f2:79:d3:13:62:6a:12:cc:a2:26:
         cc:e6:7e:c9:4a:27:e9:73:37:6c:39:13:38:84:4b:d9:f9:14:
         b5:55:33:c8:b1:57:c6:76:f2:f4:34:79:19:3c:f1:15:e4:78:
         c9:e8:e8:ae:4c:ca:a7:62:4a:09:63:11:30:f2:07:c4:13:ba:
         3b:44:62:18:94:c5:db:8f:dc:ca:e7:58:11:88:88:9e:5e:22:
         1e:63:aa:8a:8e:3c:4e:5d:85:3e:e1:9b:15:06:84:83:f7:52:
         4f:7b:38:71:3c:66:ac:ce:e3:e8:01:64:b8:33:c5:8e:0e:77:
         2c:6e:38:79:e2:72:5a:f1:5f:53:36:00:bb:80:80:0c:46:90:
         10:da:98:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ56AGzv/YmgHTCOAuWPoQMiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTMwMTc0ODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTg0ODk4MmU5OTYxMmJkYTYyMGYyNGQ0ZWExNTdjMThkMDE3MzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU4ms0M/NcFaZwU/yQ9/IuuBWaGk
ySa0R5y1a3/LexF/YlKzshdJgBWB24sm4mKGr7QSdaqCxAGuv8DczYsb6twkG4wI
mOr7HCaKtgQXuAKHA6BGHmR1EYzPWt4wQZv2/FBUCoO+cexFARAX+tp6ifnbxOmS
o2tr5o/HCyPOProRLE50EGdl1dXH2hMd5dMwTaBHbofXqodaUaaqpxmNJs3Jjzw+
cEskahvVpMtDO1TdXbnIcxAHbXGjp6z3/r1w+33Mns596WVgCHfXfg7QXRHCARji
XPhcvna7/MDGLOnNdh7mNC6LzUWgDGQ5t2qHVvwaj+Bb+RPnqTf6jImpxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGEiYLplhK9piDyTU6hV8GNAXNhMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOFlTSmd1bVdFcjJtSVBKTlRxRlh3WTBCYzJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzm+MA0G
CSqGSIb3DQEBCwUAA4IBAQBMYD7UpeQQuT3W2KuGD9y0v8Czq/YJ5/KQj9ACaMvy
SseWbjsKz88kEOxQfnrcrqpTFCR/2vStnagOo2PEUl6xKbOtdT03drSZzeZXFbMP
uxWxVjEtECYKXTK38Q82XfO6niHZVocg/OKzpyPa4rS2kQrW8vJ50xNiahLMoibM
5n7JSifpczdsORM4hEvZ+RS1VTPIsVfGdvL0NHkZPPEV5HjJ6OiuTMqnYkoJYxEw
8gfEE7o7RGIYlMXbj9zK51gRiIieXiIeY6qKjjxOXYU+4ZsVBoSD91JPezhxPGas
zuPoAWS4M8WODncsbjh54nJa8V9TNgC7gIAMRpAQ2pi5
-----END CERTIFICATE-----