Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CzSCiOOntIUQX0aZsn5bRukxqPw.roa
File:                     CzSCiOOntIUQX0aZsn5bRukxqPw.roa (raw, json)
Hash identifier:          RKwNKBUDF3N/vUQJtbmr/NVpWBm1ODW44yOS8FXmn84=
Subject key identifier:   0B:34:82:88:E3:A7:B4:85:10:5F:46:99:B2:7E:5B:46:E9:31:A8:FC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EDC50974A0319DA400965DAA52E104EB3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CzSCiOOntIUQX0aZsn5bRukxqPw.roa
Signing time:             Thu 18 Jun 2026 19:58:49 +0000
ROA not before:           Thu 18 Jun 2026 19:58:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213438
IP address blocks:        31.56.110.0/24 maxlen: 24
                          217.60.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:dc:50:97:4a:03:19:da:40:09:65:da:a5:2e:10:4e:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 18 19:58:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b348288e3a7b485105f4699b27e5b46e931a8fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:60:a5:63:fe:4c:ef:99:6a:cc:ee:98:d3:18:
                    22:cb:c7:6a:8c:10:77:1f:52:4a:c9:06:45:99:a9:
                    b8:60:d4:07:65:af:c9:7c:02:5d:6c:a1:b2:62:06:
                    75:d1:6d:cf:7d:39:6a:8f:43:4b:fc:98:aa:d1:6d:
                    ed:4f:2c:3e:62:5d:97:87:60:a1:ed:9e:53:05:46:
                    6a:d6:59:8d:35:b7:a9:74:d0:40:e9:d3:1e:33:76:
                    9f:f6:a1:00:46:1b:1d:46:ec:14:97:2a:29:cc:b8:
                    31:e9:68:f0:aa:5d:9e:92:b6:71:eb:f4:35:36:40:
                    1f:3a:19:77:20:7c:e4:bb:e7:4a:f3:b1:9e:d0:82:
                    ab:37:80:b6:9b:73:b6:65:b8:d2:63:d4:87:8e:7b:
                    6d:60:b1:0f:e1:32:30:c7:1e:11:a5:ae:21:96:1a:
                    d7:24:e0:67:d1:e2:92:75:d8:de:98:1e:00:04:a7:
                    b5:f9:ee:21:35:8c:76:ab:c2:c1:db:18:cb:58:84:
                    cc:56:34:29:73:fb:c6:58:1f:c5:25:99:d5:9f:49:
                    35:79:0c:c0:da:f8:65:d3:53:57:b5:bc:0f:eb:e0:
                    98:2a:22:d3:27:ce:b0:e0:22:ce:cb:67:8c:92:92:
                    44:c1:f2:22:4d:df:e9:0d:71:59:4d:77:c9:6d:81:
                    00:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:34:82:88:E3:A7:B4:85:10:5F:46:99:B2:7E:5B:46:E9:31:A8:FC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CzSCiOOntIUQX0aZsn5bRukxqPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.110.0/24
                  217.60.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:94:09:3a:c2:6d:e7:e6:bc:0e:37:a0:c4:00:60:4e:44:f6:
         26:3f:95:02:0f:b2:c7:ba:b7:56:d1:95:2a:25:5d:6a:a4:21:
         1f:cb:c6:31:3c:8c:58:37:9c:9d:94:da:d5:a8:df:71:93:0e:
         3f:67:73:82:02:5c:78:97:e7:a5:79:26:06:c9:f7:d3:84:ab:
         c6:65:90:08:81:60:cb:bd:c6:11:01:0b:73:54:b6:55:d2:50:
         f4:24:6a:9b:08:53:3f:c9:1e:b2:8f:dd:98:87:df:ff:57:79:
         f4:97:f8:06:5b:15:19:87:fd:f7:c4:d0:5d:dd:49:99:a5:35:
         d4:d5:76:b2:f7:24:95:2a:68:12:bb:dd:c6:09:b1:9c:8c:58:
         62:70:48:97:47:06:56:5e:e1:f6:f0:37:ed:21:48:7c:12:0f:
         d3:8e:b3:b5:56:74:dc:72:56:9f:8c:a3:f1:53:3a:e3:00:c4:
         9e:3e:3d:4e:78:8a:47:60:e9:ef:da:d6:cc:7f:f2:6b:6f:86:
         bc:9c:16:1b:ea:9a:1b:02:54:74:39:5a:cc:44:25:51:7f:27:
         4e:db:b5:27:63:05:f0:6a:e3:2d:d7:b7:a9:5a:f3:2b:66:a8:
         61:84:0b:fd:9c:ad:45:98:af:14:9d:55:11:cc:e9:59:08:07:
         86:75:74:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7cUJdKAxnaQAll2qUuEE6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjE4MTk1ODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjM0ODI4OGUzYTdiNDg1MTA1ZjQ2OTliMjdlNWI0NmU5MzFhOGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22ClY/5M75lqzO6Y0xgiy8dqjBB3
H1JKyQZFmam4YNQHZa/JfAJdbKGyYgZ10W3PfTlqj0NL/Jiq0W3tTyw+Yl2Xh2Ch
7Z5TBUZq1lmNNbepdNBA6dMeM3af9qEARhsdRuwUlyopzLgx6Wjwql2ekrZx6/Q1
NkAfOhl3IHzku+dK87Ge0IKrN4C2m3O2ZbjSY9SHjnttYLEP4TIwxx4Rpa4hlhrX
JOBn0eKSddjemB4ABKe1+e4hNYx2q8LB2xjLWITMVjQpc/vGWB/FJZnVn0k1eQzA
2vhl01NXtbwP6+CYKiLTJ86w4CLOy2eMkpJEwfIiTd/pDXFZTXfJbYEAUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAs0gojjp7SFEF9GmbJ+W0bpMaj8MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ3pTQ2lPT250SVVRWDBhWnNuNWJSdWt4cVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzhuAwQA
2TxPMA0GCSqGSIb3DQEBCwUAA4IBAQAClAk6wm3n5rwON6DEAGBORPYmP5UCD7LH
urdW0ZUqJV1qpCEfy8YxPIxYN5ydlNrVqN9xkw4/Z3OCAlx4l+eleSYGyffThKvG
ZZAIgWDLvcYRAQtzVLZV0lD0JGqbCFM/yR6yj92Yh9//V3n0l/gGWxUZh/33xNBd
3UmZpTXU1Xay9ySVKmgSu93GCbGcjFhicEiXRwZWXuH28DftIUh8Eg/TjrO1VnTc
clafjKPxUzrjAMSePj1OeIpHYOnv2tbMf/Jrb4a8nBYb6pobAlR0OVrMRCVRfydO
27UnYwXwauMt17epWvMrZqhhhAv9nK1FmK8UnVURzOlZCAeGdXR4
-----END CERTIFICATE-----