Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Cv-pqeUOpp3KQHlIH15IKHcs3Ds.roa
File:                     Cv-pqeUOpp3KQHlIH15IKHcs3Ds.roa (raw, json)
Hash identifier:          dPw3168EtbuYKZwBtKgiRr64+5pzN6RcSv0xzrgDVQ8=
Subject key identifier:   0A:FF:A9:A9:E5:0E:A6:9D:CA:40:79:48:1F:5E:48:28:77:2C:DC:3B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E2223E75FA9BB4A1A574E714EBCDA39D5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Cv-pqeUOpp3KQHlIH15IKHcs3Ds.roa
Signing time:             Wed 13 May 2026 16:20:38 +0000
ROA not before:           Wed 13 May 2026 16:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199423
IP address blocks:        31.57.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:22:23:e7:5f:a9:bb:4a:1a:57:4e:71:4e:bc:da:39:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 13 16:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0affa9a9e50ea69dca4079481f5e4828772cdc3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4a:a2:c8:79:93:b5:a7:3f:cc:f6:c0:64:a6:
                    c2:f0:e9:f7:a9:61:7e:73:16:2f:53:90:91:9f:0c:
                    a8:3f:5f:f6:98:21:3a:52:d7:a2:49:32:5c:bd:62:
                    a0:26:59:97:03:b8:f1:04:36:c8:4e:7f:9a:8b:8c:
                    dc:8a:0c:61:55:87:24:eb:c6:94:0b:84:e2:17:c6:
                    97:65:d6:dd:53:36:78:1a:84:d7:3e:3f:77:4b:3a:
                    a1:7c:d7:5d:14:0c:8a:29:a5:0d:ba:ac:39:5b:64:
                    d6:42:79:41:06:f4:25:6c:94:b5:85:2f:a5:e4:47:
                    ce:16:cc:4d:9d:73:fe:db:77:3b:a0:07:97:8f:f1:
                    cf:7d:94:f5:9d:78:e0:c0:7f:13:29:97:9c:97:25:
                    ef:ac:19:f4:0e:e9:23:c5:45:5b:28:c6:c2:d8:06:
                    d4:10:43:8c:43:27:4b:92:6d:57:b0:73:53:06:69:
                    6d:73:59:bf:c4:bc:17:59:7c:42:b3:5b:70:40:02:
                    69:9e:2a:dd:ec:aa:13:12:72:18:51:b3:20:32:e5:
                    12:90:16:8d:bd:c7:7b:d3:cb:e4:c6:dd:73:07:c4:
                    88:78:b9:c6:83:dd:2a:28:11:d8:6d:2b:29:95:e7:
                    ff:cd:2b:f9:f7:5f:4c:f2:1d:33:52:9e:d0:df:ff:
                    28:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:FF:A9:A9:E5:0E:A6:9D:CA:40:79:48:1F:5E:48:28:77:2C:DC:3B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Cv-pqeUOpp3KQHlIH15IKHcs3Ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:c0:ef:8d:ca:7a:88:14:39:45:dc:54:5e:71:e6:8d:51:bf:
         fe:10:2a:32:eb:3b:1c:94:db:f5:41:75:92:57:6d:b0:34:37:
         1d:9c:50:ca:60:20:b4:73:15:c7:6e:31:52:a3:3e:53:e4:2f:
         0e:12:19:b5:f2:59:c5:e4:44:8b:b4:c5:3e:17:d8:51:bb:d0:
         f9:6b:cf:5d:06:fb:03:0f:8f:11:a6:2f:2a:3e:51:7b:68:89:
         eb:10:68:bd:ad:e8:9a:99:6d:99:52:c5:03:39:72:d1:a3:41:
         16:bf:e4:92:de:2c:99:a1:b6:ac:d9:c9:d8:80:51:8d:5a:84:
         2c:6f:ce:c4:5a:fb:34:e1:47:0c:df:1a:aa:df:ad:85:b2:f4:
         4a:93:1a:89:15:62:1f:ef:c9:8b:e2:a4:8a:b9:a9:15:f8:86:
         b7:55:9f:a9:fa:25:66:f5:9d:c8:83:a2:77:72:f2:ae:c6:32:
         fe:d0:f0:64:76:7e:8d:f5:b6:2b:7d:d2:6d:5c:43:c8:c9:55:
         14:21:33:af:bd:a6:49:0c:97:86:84:24:04:ac:5d:3c:a3:db:
         0f:da:35:4d:7a:1c:00:69:80:6e:9c:0a:5f:c9:e6:ed:e5:80:
         98:18:64:24:be:a5:ef:ba:49:93:aa:be:8f:b8:fd:3f:4f:e3:
         29:32:75:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4iI+dfqbtKGldOcU682jnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTEzMTYyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWZmYTlhOWU1MGVhNjlkY2E0MDc5NDgxZjVlNDgyODc3MmNkYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UqiyHmTtac/zPbAZKbC8On3qWF+
cxYvU5CRnwyoP1/2mCE6UteiSTJcvWKgJlmXA7jxBDbITn+ai4zcigxhVYck68aU
C4TiF8aXZdbdUzZ4GoTXPj93SzqhfNddFAyKKaUNuqw5W2TWQnlBBvQlbJS1hS+l
5EfOFsxNnXP+23c7oAeXj/HPfZT1nXjgwH8TKZeclyXvrBn0DukjxUVbKMbC2AbU
EEOMQydLkm1XsHNTBmltc1m/xLwXWXxCs1twQAJpnird7KoTEnIYUbMgMuUSkBaN
vcd708vkxt1zB8SIeLnGg90qKBHYbSsplef/zSv5919M8h0zUp7Q3/8ocQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAr/qanlDqadykB5SB9eSCh3LNw7MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ3YtcHFlVU9wcDNLUUhsSUgxNUlLSGNzM0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzm/MA0G
CSqGSIb3DQEBCwUAA4IBAQA7wO+NynqIFDlF3FReceaNUb/+ECoy6zsclNv1QXWS
V22wNDcdnFDKYCC0cxXHbjFSoz5T5C8OEhm18lnF5ESLtMU+F9hRu9D5a89dBvsD
D48Rpi8qPlF7aInrEGi9reiamW2ZUsUDOXLRo0EWv+SS3iyZobas2cnYgFGNWoQs
b87EWvs04UcM3xqq362FsvRKkxqJFWIf78mL4qSKuakV+Ia3VZ+p+iVm9Z3Ig6J3
cvKuxjL+0PBkdn6N9bYrfdJtXEPIyVUUITOvvaZJDJeGhCQErF08o9sP2jVNehwA
aYBunApfyebt5YCYGGQkvqXvukmTqr6PuP0/T+MpMnXT
-----END CERTIFICATE-----