Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/JtAXvzliCWpsIqhBiqkqqdwU9E4.roa
File:                     JtAXvzliCWpsIqhBiqkqqdwU9E4.roa (raw, json)
Hash identifier:          RjAM3VuFSgua/LwaWyGSk3IuAVrXIICCvWjqjyap91U=
Subject key identifier:   26:D0:17:BF:39:62:09:6A:6C:22:A8:41:8A:A9:2A:A9:DC:14:F4:4E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D2EF2D4DADF23083F6E794AEE3FB33E19
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/JtAXvzliCWpsIqhBiqkqqdwU9E4.roa
Signing time:             Fri 27 Mar 2026 10:59:19 +0000
ROA not before:           Fri 27 Mar 2026 10:59:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        31.57.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 08:23:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2e:f2:d4:da:df:23:08:3f:6e:79:4a:ee:3f:b3:3e:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 27 10:59:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26d017bf3962096a6c22a8418aa92aa9dc14f44e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8b:8c:6f:09:55:d0:a4:63:27:74:4c:49:8f:
                    b6:5d:b0:29:25:49:84:eb:a1:46:a4:3a:86:a7:ae:
                    c2:ce:be:11:70:3d:d0:03:fc:1e:0c:47:b5:6b:79:
                    94:1a:a2:45:85:fc:09:e2:12:bc:79:cf:2b:70:85:
                    46:0b:bd:71:2c:18:de:b6:b6:0f:91:af:42:7f:e4:
                    5c:cc:0c:67:20:3d:91:55:98:10:ee:ae:a5:a5:0e:
                    65:ca:bd:9f:9e:74:d0:f1:d2:af:f6:86:a0:59:38:
                    22:4d:1e:8f:1b:26:e9:bc:9f:83:e7:50:c4:1a:ff:
                    cc:3b:6b:26:ec:ff:06:d6:db:95:72:00:5b:2a:d6:
                    d0:52:36:ef:e1:e8:96:ff:42:13:c7:3a:d3:d3:a0:
                    fa:57:08:d2:82:5d:09:62:66:7c:8b:e0:9b:d4:f2:
                    60:6e:bf:60:63:77:34:f0:6d:fb:fb:ae:60:38:60:
                    ab:31:0e:96:c6:d9:9f:74:d5:10:2a:f4:cf:df:7f:
                    d2:35:d7:a0:61:6a:ec:76:2e:9b:b4:6f:78:93:94:
                    b1:21:46:90:18:65:a4:76:00:9c:cb:14:6d:f8:b4:
                    b0:25:70:50:27:27:4a:77:c6:61:b5:15:34:b5:43:
                    02:81:50:06:fe:14:53:71:b3:30:0e:d5:ba:69:8a:
                    21:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D0:17:BF:39:62:09:6A:6C:22:A8:41:8A:A9:2A:A9:DC:14:F4:4E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/JtAXvzliCWpsIqhBiqkqqdwU9E4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:28:47:5d:d3:82:65:f7:e9:1c:43:59:97:2a:bb:4b:53:10:
         6b:00:1e:20:7d:7d:39:7c:bb:e0:95:15:2e:b4:b8:e7:cf:1e:
         35:cd:e6:60:cd:af:15:34:9f:a0:0b:a3:47:f1:b8:85:23:d4:
         af:df:20:2b:56:0a:cd:39:50:85:56:93:18:1e:0f:d2:16:58:
         9e:c2:ea:5f:22:1a:85:3f:6a:71:54:44:f4:2a:74:0a:67:3d:
         de:12:8e:59:2f:46:19:5c:20:50:3d:41:cf:f5:50:06:42:86:
         2b:d7:f9:a4:d1:6b:6f:d4:76:12:8a:5f:a7:be:00:a1:a6:5c:
         69:69:bd:69:e1:8c:ff:9f:f2:9d:6a:b6:e7:dc:55:82:dc:a1:
         0c:59:15:c5:b0:2e:0f:ec:fa:86:8f:05:73:d9:c6:bb:15:34:
         66:06:19:58:88:b1:6c:98:ab:6d:05:61:21:4d:b0:f3:19:cc:
         99:61:80:b6:05:85:2d:f7:7c:69:2f:4f:30:bd:e6:32:df:22:
         ac:ce:cc:73:b8:23:5a:b7:87:d0:f9:18:f6:6f:60:10:bd:69:
         45:89:0b:0f:07:6d:53:f6:df:74:9b:bd:69:92:3e:5e:65:5b:
         30:f3:ac:57:6e:57:cf:58:4c:a2:0f:1f:6a:63:2a:4a:ec:aa:
         fa:86:d4:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0u8tTa3yMIP255Su4/sz4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzI3MTA1OTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQwMTdiZjM5NjIwOTZhNmMyMmE4NDE4YWE5MmFhOWRjMTRmNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYuMbwlV0KRjJ3RMSY+2XbApJUmE
66FGpDqGp67Czr4RcD3QA/weDEe1a3mUGqJFhfwJ4hK8ec8rcIVGC71xLBjetrYP
ka9Cf+RczAxnID2RVZgQ7q6lpQ5lyr2fnnTQ8dKv9oagWTgiTR6PGybpvJ+D51DE
Gv/MO2sm7P8G1tuVcgBbKtbQUjbv4eiW/0ITxzrT06D6VwjSgl0JYmZ8i+Cb1PJg
br9gY3c08G37+65gOGCrMQ6WxtmfdNUQKvTP33/SNdegYWrsdi6btG94k5SxIUaQ
GGWkdgCcyxRt+LSwJXBQJydKd8ZhtRU0tUMCgVAG/hRTcbMwDtW6aYohyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbQF785YglqbCKoQYqpKqncFPROMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSnRBWHZ6bGlDV3BzSXFoQmlxa3FxZHdVOUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmqMA0G
CSqGSIb3DQEBCwUAA4IBAQCjKEdd04Jl9+kcQ1mXKrtLUxBrAB4gfX05fLvglRUu
tLjnzx41zeZgza8VNJ+gC6NH8biFI9Sv3yArVgrNOVCFVpMYHg/SFliewupfIhqF
P2pxVET0KnQKZz3eEo5ZL0YZXCBQPUHP9VAGQoYr1/mk0Wtv1HYSil+nvgChplxp
ab1p4Yz/n/Kdarbn3FWC3KEMWRXFsC4P7PqGjwVz2ca7FTRmBhlYiLFsmKttBWEh
TbDzGcyZYYC2BYUt93xpL08wveYy3yKszsxzuCNat4fQ+Rj2b2AQvWlFiQsPB21T
9t90m71pkj5eZVsw86xXblfPWEyiDx9qYypK7Kr6htSr
-----END CERTIFICATE-----