Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CDCd762Qhs_i1pHvwyTwMhVnBiI.roa
File:                     CDCd762Qhs_i1pHvwyTwMhVnBiI.roa (raw, json)
Hash identifier:          9vbEmHIg29NcIdnPESESVYTQiMR+nESsYlg4xZlkwvE=
Subject key identifier:   08:30:9D:EF:AD:90:86:CF:E2:D6:91:EF:C3:24:F0:32:15:67:06:22
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E5F70CA18480F96A836FB05F7A6C14D03
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CDCd762Qhs_i1pHvwyTwMhVnBiI.roa
Signing time:             Mon 25 May 2026 14:01:27 +0000
ROA not before:           Mon 25 May 2026 14:01:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402508
IP address blocks:        31.57.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:70:ca:18:48:0f:96:a8:36:fb:05:f7:a6:c1:4d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 25 14:01:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08309defad9086cfe2d691efc324f03215670622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f1:9f:51:34:13:ef:fe:ba:8d:24:bb:dc:ee:
                    6f:e5:84:b6:cd:5e:63:dd:6f:e7:16:1d:17:7d:eb:
                    ee:e1:13:0b:3d:94:df:34:64:fc:d7:4a:9d:99:8e:
                    c2:e9:59:a4:43:45:5d:44:e8:58:e3:26:fe:b3:ac:
                    5b:ac:ab:8d:55:51:78:72:fe:9f:39:25:94:76:56:
                    d4:5b:ca:03:c0:ee:8b:ab:62:6e:99:79:14:4f:af:
                    06:df:9c:d6:7f:7f:b3:dc:c2:aa:a5:3e:5f:ef:b2:
                    49:60:e0:1b:14:78:c7:ef:8c:b4:a8:8e:76:de:32:
                    2d:74:69:5a:44:56:fc:ff:54:7b:6e:68:cd:ae:81:
                    2c:1c:0b:83:05:9e:94:b9:9c:33:7d:05:88:9c:0e:
                    c9:49:f5:4c:4c:fb:cb:dd:b0:e2:06:78:06:63:d6:
                    65:09:d5:5d:ac:a9:12:df:5f:5d:f5:ac:a4:4d:64:
                    fa:c7:46:74:57:cf:66:b2:3c:cf:de:2e:9e:e5:10:
                    f7:3e:dd:aa:78:af:0a:f4:b2:f2:73:08:70:a0:72:
                    81:60:36:7b:a6:a1:f9:47:40:bc:e7:b2:64:cb:98:
                    75:ab:b6:14:08:41:5f:6f:ce:96:26:a7:99:4a:e6:
                    63:e2:4d:11:12:93:99:0c:42:78:30:b5:0c:4a:a2:
                    91:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:30:9D:EF:AD:90:86:CF:E2:D6:91:EF:C3:24:F0:32:15:67:06:22
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CDCd762Qhs_i1pHvwyTwMhVnBiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:a2:d7:8c:51:71:49:95:e1:ac:12:08:26:af:83:86:d6:23:
         fd:1a:70:6c:8c:dd:14:76:0e:02:67:e9:0d:bd:ec:91:0d:a9:
         e1:6c:cf:e5:26:9e:30:18:78:94:6b:d8:f1:fc:23:2f:54:0d:
         9a:9c:2c:41:41:44:7b:4b:5c:65:83:c9:de:52:66:70:a8:70:
         84:99:5a:79:16:41:89:45:ed:e7:16:5e:ce:e0:6b:00:ac:ae:
         48:d4:4e:6d:e0:61:f9:7d:61:b3:3f:6d:1b:e2:5b:29:78:1a:
         4d:4c:a0:5c:18:1f:8c:00:72:5f:f6:53:36:9b:16:1b:3b:f6:
         5e:65:68:3b:ac:bb:65:46:11:4b:05:63:e3:fd:4b:20:d0:38:
         2b:a3:62:90:65:fd:21:cf:ca:f3:8d:4b:6d:61:f4:29:82:0a:
         2a:05:36:04:67:02:50:7b:af:cb:db:0e:6e:5b:e4:24:8d:e1:
         6f:f3:74:19:94:04:17:3d:a6:88:2c:29:00:74:43:89:64:89:
         6a:4f:15:81:7b:62:4f:d9:2f:97:cd:b3:49:ba:4e:8d:56:1b:
         92:ee:52:ba:82:b7:0a:a3:ea:5a:c3:1c:eb:31:18:ed:c7:06:
         12:ae:98:22:f5:26:5c:b5:54:3f:15:d7:36:63:7e:ad:d3:30:
         2e:cf:8a:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5fcMoYSA+WqDb7BfemwU0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTI1MTQwMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODMwOWRlZmFkOTA4NmNmZTJkNjkxZWZjMzI0ZjAzMjE1NjcwNjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPGfUTQT7/66jSS73O5v5YS2zV5j
3W/nFh0Xfevu4RMLPZTfNGT810qdmY7C6VmkQ0VdROhY4yb+s6xbrKuNVVF4cv6f
OSWUdlbUW8oDwO6Lq2JumXkUT68G35zWf3+z3MKqpT5f77JJYOAbFHjH74y0qI52
3jItdGlaRFb8/1R7bmjNroEsHAuDBZ6UuZwzfQWInA7JSfVMTPvL3bDiBngGY9Zl
CdVdrKkS319d9aykTWT6x0Z0V89msjzP3i6e5RD3Pt2qeK8K9LLycwhwoHKBYDZ7
pqH5R0C857Jky5h1q7YUCEFfb86WJqeZSuZj4k0REpOZDEJ4MLUMSqKRMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgwne+tkIbP4taR78Mk8DIVZwYiMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ0RDZDc2MlFoc19pMXBIdnd5VHdNaFZuQmlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzkLMA0G
CSqGSIb3DQEBCwUAA4IBAQCWoteMUXFJleGsEggmr4OG1iP9GnBsjN0Udg4CZ+kN
veyRDanhbM/lJp4wGHiUa9jx/CMvVA2anCxBQUR7S1xlg8neUmZwqHCEmVp5FkGJ
Re3nFl7O4GsArK5I1E5t4GH5fWGzP20b4lspeBpNTKBcGB+MAHJf9lM2mxYbO/Ze
ZWg7rLtlRhFLBWPj/Usg0Dgro2KQZf0hz8rzjUttYfQpggoqBTYEZwJQe6/L2w5u
W+QkjeFv83QZlAQXPaaILCkAdEOJZIlqTxWBe2JP2S+XzbNJuk6NVhuS7lK6grcK
o+pawxzrMRjtxwYSrpgi9SZctVQ/Fdc2Y36t0zAuz4p3
-----END CERTIFICATE-----