Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CPYbvj9XbYh5_Vb1A6Jne9XtQU0.roa
File:                     CPYbvj9XbYh5_Vb1A6Jne9XtQU0.roa (raw, json)
Hash identifier:          53dBmvn/b2S3GLLOjhNj9j6nLxnK2rj+OPASG6t4IFM=
Subject key identifier:   08:F6:1B:BE:3F:57:6D:88:79:FD:56:F5:03:A2:67:7B:D5:ED:41:4D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EA726B175853909DC971A035D24899C55
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CPYbvj9XbYh5_Vb1A6Jne9XtQU0.roa
Signing time:             Mon 08 Jun 2026 12:13:11 +0000
ROA not before:           Mon 08 Jun 2026 12:13:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197246
IP address blocks:        31.56.75.0/24 maxlen: 24
                          31.57.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 19:19:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:26:b1:75:85:39:09:dc:97:1a:03:5d:24:89:9c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  8 12:13:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08f61bbe3f576d8879fd56f503a2677bd5ed414d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:84:ba:95:f7:58:d2:3a:15:81:26:d7:b8:29:
                    4f:ed:36:32:bb:5c:da:dc:5f:dd:50:05:47:7e:a8:
                    5d:54:1f:17:76:69:6d:68:59:88:71:28:f3:d3:25:
                    49:fe:9d:38:14:f8:3e:6a:b9:5e:80:b9:87:2f:db:
                    0b:56:6c:93:9f:2e:b8:34:59:65:1d:1b:35:ea:d1:
                    56:37:35:18:1e:37:69:37:91:e2:dc:c2:e4:89:84:
                    41:30:a8:21:cb:bf:8c:7a:7b:27:40:83:29:df:4d:
                    09:d0:7e:54:6c:d2:6d:d5:dd:e2:72:0c:70:98:ef:
                    a4:0c:4d:25:ee:37:4d:aa:a8:cc:37:cf:9b:9f:b1:
                    c7:83:34:bf:c5:f3:44:50:08:ab:fa:16:56:52:6e:
                    8d:2c:f8:51:1c:5c:96:7b:64:be:f9:b2:b3:bb:c8:
                    28:d4:44:39:18:6f:51:78:e6:bb:b7:da:d8:ac:aa:
                    92:48:ab:f4:52:c7:ad:89:95:99:6a:ba:3e:05:24:
                    01:44:6b:64:19:7f:c3:0c:9d:2e:db:78:30:77:d5:
                    2a:dc:44:ba:bf:6a:df:b5:88:b9:db:06:e5:e5:c4:
                    8a:d2:8c:0c:fb:f9:5b:f2:2a:61:ce:be:fd:ed:45:
                    47:c8:21:0b:31:c9:b1:a1:17:f1:85:75:e0:9b:7b:
                    c5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F6:1B:BE:3F:57:6D:88:79:FD:56:F5:03:A2:67:7B:D5:ED:41:4D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CPYbvj9XbYh5_Vb1A6Jne9XtQU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.75.0/24
                  31.57.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:92:9b:c4:05:9f:9d:e4:fd:c0:07:28:84:50:9a:77:3b:e2:
         cd:af:3c:cd:00:b6:ef:4b:6f:4e:e6:5b:81:46:93:9a:f4:c1:
         c9:7e:21:ce:17:ae:a3:a2:74:b7:de:75:19:6b:b2:9b:c8:c7:
         d1:ec:63:e2:ee:5b:3a:45:89:62:bc:ec:44:73:35:31:0e:f3:
         6b:e4:91:1a:2e:3f:01:a8:79:1c:81:c1:bb:5f:00:aa:c5:0e:
         1b:a5:a5:2b:f9:3c:91:d8:58:da:56:a2:76:21:88:27:e7:47:
         f3:18:24:82:bd:66:ec:f3:50:ad:b9:ce:08:56:a8:75:db:81:
         ee:50:c1:f9:2f:73:f3:df:10:bd:d8:ed:b9:4d:b0:f2:da:8a:
         97:5f:99:8b:7f:04:e0:7c:11:f7:ce:ce:ca:63:0e:c1:69:49:
         b9:e5:75:8a:5d:2d:c6:2a:a7:64:9c:e0:33:eb:54:1e:3e:a5:
         86:d0:db:ad:11:6e:f1:14:57:b5:34:0a:63:43:fb:6b:13:ac:
         42:0d:4c:17:17:4d:e1:de:6f:c2:7c:d2:1a:a5:63:75:a1:72:
         5a:b2:16:04:51:f2:bb:d9:05:a2:3f:71:0a:c6:73:40:8d:16:
         3e:32:a9:e1:38:f5:e0:f3:b1:c7:88:2a:59:c4:67:a4:82:59:
         6a:3f:e7:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6nJrF1hTkJ3JcaA10kiZxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA4MTIxMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGY2MWJiZTNmNTc2ZDg4NzlmZDU2ZjUwM2EyNjc3YmQ1ZWQ0MTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4S6lfdY0joVgSbXuClP7TYyu1za
3F/dUAVHfqhdVB8XdmltaFmIcSjz0yVJ/p04FPg+arlegLmHL9sLVmyTny64NFll
HRs16tFWNzUYHjdpN5Hi3MLkiYRBMKghy7+MensnQIMp300J0H5UbNJt1d3icgxw
mO+kDE0l7jdNqqjMN8+bn7HHgzS/xfNEUAir+hZWUm6NLPhRHFyWe2S++bKzu8go
1EQ5GG9ReOa7t9rYrKqSSKv0UsetiZWZaro+BSQBRGtkGX/DDJ0u23gwd9Uq3ES6
v2rftYi52wbl5cSK0owM+/lb8iphzr797UVHyCELMcmxoRfxhXXgm3vFrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAj2G74/V22Ief1W9QOiZ3vV7UFNMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ1BZYnZqOVhiWWg1X1ZiMUE2Sm5lOVh0UVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzhLAwQA
Hzl4MA0GCSqGSIb3DQEBCwUAA4IBAQAVkpvEBZ+d5P3AByiEUJp3O+LNrzzNALbv
S29O5luBRpOa9MHJfiHOF66jonS33nUZa7KbyMfR7GPi7ls6RYlivOxEczUxDvNr
5JEaLj8BqHkcgcG7XwCqxQ4bpaUr+TyR2FjaVqJ2IYgn50fzGCSCvWbs81Ctuc4I
Vqh124HuUMH5L3Pz3xC92O25TbDy2oqXX5mLfwTgfBH3zs7KYw7BaUm55XWKXS3G
KqdknOAz61QePqWG0NutEW7xFFe1NApjQ/trE6xCDUwXF03h3m/CfNIapWN1oXJa
shYEUfK72QWiP3EKxnNAjRY+MqnhOPXg87HHiCpZxGekgllqP+ci
-----END CERTIFICATE-----