Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9qNrJmMQSBMBlhUTEILevY3nF90.roa
File:                     9qNrJmMQSBMBlhUTEILevY3nF90.roa (raw, json)
Hash identifier:          XiE8XLhhmwlvsEJ/dQBrExFV0eutzqaa4bLX86stYbM=
Subject key identifier:   F6:A3:6B:26:63:10:48:13:01:96:15:13:10:82:DE:BD:8D:E7:17:DD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E418A3865CAF562BC23D33F3285738597
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9qNrJmMQSBMBlhUTEILevY3nF90.roa
Signing time:             Tue 19 May 2026 18:40:37 +0000
ROA not before:           Tue 19 May 2026 18:40:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        31.57.131.0/24 maxlen: 24
                          31.58.52.0/24 maxlen: 24
                          31.58.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 04:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:41:8a:38:65:ca:f5:62:bc:23:d3:3f:32:85:73:85:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 19 18:40:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6a36b2663104813019615131082debd8de717dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ed:f5:88:23:14:d9:48:4b:f7:25:d1:61:bb:
                    5b:ce:c4:a7:39:34:36:d7:ea:08:bb:46:49:de:4d:
                    91:8e:83:04:e9:5d:c4:14:ef:c5:bb:29:5c:ed:4a:
                    c0:73:6f:72:e0:b0:d3:1d:c2:6e:45:a2:1d:55:52:
                    a8:c1:35:6b:6a:c9:6b:3b:7c:be:94:4f:79:6a:ad:
                    89:ac:4f:12:f2:0e:fd:ac:e0:ec:c8:c8:29:9c:a3:
                    19:72:ec:d9:1b:6a:41:27:e0:d9:2c:40:aa:cd:ec:
                    3e:73:42:bb:46:99:fa:56:dd:1d:ce:13:5c:2c:3c:
                    26:0c:2a:7a:db:8e:5f:b3:e5:d7:ab:0b:42:15:79:
                    89:31:7a:35:90:75:97:b3:fc:06:ad:56:5a:60:9f:
                    72:ba:da:57:d5:ff:dc:d5:09:a3:94:53:37:94:e2:
                    36:49:44:6a:88:e9:fb:1b:e8:59:9d:79:44:12:04:
                    24:90:20:4f:e5:ed:d1:8f:fd:c9:26:a8:44:86:88:
                    83:d2:17:50:67:b8:12:29:1b:fe:05:c3:28:69:1a:
                    4b:40:a8:de:0a:ec:ff:e0:67:b4:08:19:a5:f5:dd:
                    5e:7f:ec:f8:8a:f9:72:e7:a7:4a:29:56:35:4d:29:
                    3a:18:47:63:a4:98:6b:fb:bf:ea:c8:a9:7e:1d:50:
                    6d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A3:6B:26:63:10:48:13:01:96:15:13:10:82:DE:BD:8D:E7:17:DD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9qNrJmMQSBMBlhUTEILevY3nF90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.131.0/24
                  31.58.52.0/24
                  31.58.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:35:43:86:bd:af:16:ed:aa:3b:8c:9c:4a:61:44:5c:fb:c3:
         c1:f5:f4:ff:5a:1c:ee:16:68:08:fe:a9:af:af:ab:1b:ff:bf:
         22:5b:04:3d:78:a4:c7:08:9c:8a:ac:01:1f:01:49:d7:0f:30:
         26:8a:34:c3:03:d3:71:1e:ff:d0:7a:f4:94:65:71:55:cf:90:
         76:ef:bc:12:b9:a8:82:e5:a8:c3:ce:26:ac:f9:a5:77:19:9d:
         de:a4:c9:db:26:07:69:b9:d1:78:49:21:29:2a:a8:01:43:a1:
         15:da:32:6c:35:5d:45:e9:5b:ab:8b:8d:f5:b3:0b:3c:53:06:
         57:60:5f:03:72:0c:a8:69:e6:29:63:35:56:41:b2:96:0d:23:
         eb:77:53:71:1f:e5:06:55:d0:dd:c1:9d:d7:ef:32:46:05:bb:
         fc:ed:7c:91:54:9c:be:95:2d:fa:d2:34:f7:ee:cc:7a:8d:e4:
         ec:0a:bf:8c:c9:47:78:3c:8b:ad:35:25:24:46:0c:87:5c:f8:
         34:d8:93:0b:e6:67:d1:cf:43:45:ca:fb:8b:5f:c6:3a:da:3f:
         f8:ae:fb:58:a8:7a:f1:f9:13:19:54:c2:d4:17:9a:3f:78:c3:
         2a:33:ef:24:34:96:38:b2:85:81:fd:e0:88:1d:8c:7e:c8:83:
         ff:7c:62:f8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5BijhlyvVivCPTPzKFc4WXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTE5MTg0MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmEzNmIyNjYzMTA0ODEzMDE5NjE1MTMxMDgyZGViZDhkZTcxN2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO31iCMU2UhL9yXRYbtbzsSnOTQ2
1+oIu0ZJ3k2RjoME6V3EFO/Fuylc7UrAc29y4LDTHcJuRaIdVVKowTVraslrO3y+
lE95aq2JrE8S8g79rODsyMgpnKMZcuzZG2pBJ+DZLECqzew+c0K7Rpn6Vt0dzhNc
LDwmDCp6245fs+XXqwtCFXmJMXo1kHWXs/wGrVZaYJ9yutpX1f/c1QmjlFM3lOI2
SURqiOn7G+hZnXlEEgQkkCBP5e3Rj/3JJqhEhoiD0hdQZ7gSKRv+BcMoaRpLQKje
Cuz/4Ge0CBml9d1ef+z4ivly56dKKVY1TSk6GEdjpJhr+7/qyKl+HVBtnQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPajayZjEEgTAZYVExCC3r2N5xfdMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOXFOckptTVFTQk1CbGhVVEVJTGV2WTNuRjkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzmDAwQA
Hzo0AwQAHzqTMA0GCSqGSIb3DQEBCwUAA4IBAQCDNUOGva8W7ao7jJxKYURc+8PB
9fT/WhzuFmgI/qmvr6sb/78iWwQ9eKTHCJyKrAEfAUnXDzAmijTDA9NxHv/QevSU
ZXFVz5B277wSuaiC5ajDzias+aV3GZ3epMnbJgdpudF4SSEpKqgBQ6EV2jJsNV1F
6Vuri431sws8UwZXYF8DcgyoaeYpYzVWQbKWDSPrd1NxH+UGVdDdwZ3X7zJGBbv8
7XyRVJy+lS360jT37sx6jeTsCr+MyUd4PIutNSUkRgyHXPg02JML5mfRz0NFyvuL
X8Y62j/4rvtYqHrx+RMZVMLUF5o/eMMqM+8kNJY4soWB/eCIHYx+yIP/fGL4
-----END CERTIFICATE-----