Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IPt1cHO3RWPDX6i1V6xSXzXkkow.roa
File:                     IPt1cHO3RWPDX6i1V6xSXzXkkow.roa (raw, json)
Hash identifier:          Y0MgOVZEbGERyeksCnuE/HBdvhKdiYIn0kCVGLP3i50=
Subject key identifier:   20:FB:75:70:73:B7:45:63:C3:5F:A8:B5:57:AC:52:5F:35:E4:92:8C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EF073BA25EDBC03CAF656F9126D178E81
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IPt1cHO3RWPDX6i1V6xSXzXkkow.roa
Signing time:             Mon 22 Jun 2026 17:49:36 +0000
ROA not before:           Mon 22 Jun 2026 17:49:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203861
IP address blocks:        31.59.160.0/24 maxlen: 24
                          217.60.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f0:73:ba:25:ed:bc:03:ca:f6:56:f9:12:6d:17:8e:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 22 17:49:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20fb757073b74563c35fa8b557ac525f35e4928c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:69:e7:a5:7b:01:9d:de:e9:75:5b:45:0f:a7:
                    5c:f8:4b:f7:44:bb:75:e4:6e:26:17:4d:86:86:ed:
                    0f:c1:b3:78:8c:55:f7:17:5f:f3:49:fb:45:c3:c5:
                    76:98:12:d4:dd:42:f2:b3:f1:b4:d8:2a:59:88:e8:
                    f3:ad:16:f7:fd:96:3c:b0:76:34:bb:41:bf:e0:86:
                    05:e7:b8:20:11:e7:6d:68:47:48:7c:c6:a7:f1:81:
                    ba:f2:0a:2e:af:c5:1a:72:9c:39:17:1b:b4:2d:7e:
                    98:91:8f:35:65:94:a2:cf:67:bf:a2:a3:16:6c:9c:
                    70:44:c4:00:6e:7b:dc:5d:b3:38:cf:a8:88:ec:b8:
                    a5:8d:4a:74:81:48:2e:8e:30:23:a6:51:4e:c0:d8:
                    2f:e2:9b:bc:c7:da:db:9f:ef:32:c9:27:ce:d1:b3:
                    6f:0b:9d:27:9f:ae:5c:ff:48:99:ce:42:23:fd:f5:
                    4e:84:fa:3b:79:ef:f2:5a:af:d4:fa:ac:36:d0:10:
                    e2:43:31:1c:03:82:bd:78:28:2d:dd:76:6d:19:18:
                    74:24:fd:14:b3:f6:ec:e2:24:a4:e7:66:11:94:1c:
                    1b:3d:48:73:5e:0d:3a:21:37:7b:c0:aa:f1:5b:35:
                    27:ed:19:6a:61:67:fa:3c:84:e4:3b:72:60:d2:75:
                    57:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:FB:75:70:73:B7:45:63:C3:5F:A8:B5:57:AC:52:5F:35:E4:92:8C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IPt1cHO3RWPDX6i1V6xSXzXkkow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.160.0/24
                  217.60.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:4a:ea:df:34:3a:38:82:94:27:b2:91:b7:4b:8a:50:7b:d1:
         51:a6:5a:e9:f1:20:ef:9c:c0:1f:bd:f4:26:7a:04:38:cb:9d:
         b5:09:c4:5d:d9:ca:74:28:42:cf:b8:47:48:e3:39:4f:4c:37:
         eb:2f:b7:33:1c:77:1e:03:ce:7a:5d:19:83:c4:2b:b4:e3:06:
         50:ff:f6:38:ad:26:c2:a3:54:1d:37:74:9c:e3:2e:b0:bc:57:
         d8:2e:2b:6d:96:ff:0e:9a:cc:2a:b0:26:6c:29:8b:10:58:44:
         bb:ca:e7:33:7d:8d:e5:8d:ce:6c:ca:93:a6:a2:fe:43:d9:19:
         9c:9e:f9:88:d2:39:34:51:6b:8b:1e:91:87:f5:e6:13:4a:bd:
         6c:25:58:ec:70:5b:ab:c0:35:88:26:3c:63:57:da:bc:a1:9e:
         c7:30:c2:8f:2c:4a:f6:5b:18:e6:5b:4e:ee:41:6a:8d:6e:35:
         d8:63:87:d2:59:cf:b4:f9:ae:e9:b7:6e:89:de:94:e1:f4:71:
         ed:b8:48:23:b9:57:02:a3:9c:e2:a2:92:f1:fe:0b:02:30:1b:
         b3:5c:7a:45:16:9d:b7:58:a1:72:8b:25:0e:6e:9f:0c:bf:af:
         e2:1d:83:2c:34:3b:8f:cf:da:65:9e:72:d4:0e:d2:ff:6d:67:
         a5:bd:62:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7wc7ol7bwDyvZW+RJtF46BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjIyMTc0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGZiNzU3MDczYjc0NTYzYzM1ZmE4YjU1N2FjNTI1ZjM1ZTQ5MjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWnnpXsBnd7pdVtFD6dc+Ev3RLt1
5G4mF02Ghu0PwbN4jFX3F1/zSftFw8V2mBLU3ULys/G02CpZiOjzrRb3/ZY8sHY0
u0G/4IYF57ggEedtaEdIfMan8YG68gour8Uacpw5Fxu0LX6YkY81ZZSiz2e/oqMW
bJxwRMQAbnvcXbM4z6iI7LiljUp0gUgujjAjplFOwNgv4pu8x9rbn+8yySfO0bNv
C50nn65c/0iZzkIj/fVOhPo7ee/yWq/U+qw20BDiQzEcA4K9eCgt3XZtGRh0JP0U
s/bs4iSk52YRlBwbPUhzXg06ITd7wKrxWzUn7RlqYWf6PITkO3Jg0nVXUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCD7dXBzt0Vjw1+otVesUl815JKMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSVB0MWNITzNSV1BEWDZpMVY2eFNYelhra293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzugAwQA
2TxNMA0GCSqGSIb3DQEBCwUAA4IBAQBjSurfNDo4gpQnspG3S4pQe9FRplrp8SDv
nMAfvfQmegQ4y521CcRd2cp0KELPuEdI4zlPTDfrL7czHHceA856XRmDxCu04wZQ
//Y4rSbCo1QdN3Sc4y6wvFfYLittlv8OmswqsCZsKYsQWES7yuczfY3ljc5sypOm
ov5D2RmcnvmI0jk0UWuLHpGH9eYTSr1sJVjscFurwDWIJjxjV9q8oZ7HMMKPLEr2
WxjmW07uQWqNbjXYY4fSWc+0+a7pt26J3pTh9HHtuEgjuVcCo5ziopLx/gsCMBuz
XHpFFp23WKFyiyUObp8Mv6/iHYMsNDuPz9plnnLUDtL/bWelvWKA
-----END CERTIFICATE-----