Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/K0nW9rpiAOIs34UAPq8HZ3D9Whk.roa
File:                     K0nW9rpiAOIs34UAPq8HZ3D9Whk.roa (raw, json)
Hash identifier:          Rsm6FnhG1erOKXESi4hHUGz5IXymFj2xwnw0BKd7blE=
Subject key identifier:   2B:49:D6:F6:BA:62:00:E2:2C:DF:85:00:3E:AF:07:67:70:FD:5A:19
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CBE524482C9306E19637B947D49FFC5CF
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/K0nW9rpiAOIs34UAPq8HZ3D9Whk.roa
Signing time:             Thu 05 Mar 2026 14:06:28 +0000
ROA not before:           Thu 05 Mar 2026 14:06:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215727
IP address blocks:        31.57.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 14:16:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:52:44:82:c9:30:6e:19:63:7b:94:7d:49:ff:c5:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  5 14:06:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b49d6f6ba6200e22cdf85003eaf076770fd5a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f1:e1:da:06:76:bc:b3:75:34:69:36:a1:c1:
                    55:30:e4:dc:fb:9f:04:ae:f1:c3:bc:01:03:55:89:
                    c4:59:7d:bd:a2:e6:77:51:b0:5c:42:c5:af:62:29:
                    00:28:cd:58:5b:a0:f7:00:1c:cc:ec:52:77:65:61:
                    5d:2e:25:d2:3c:55:dc:82:fe:8d:22:22:98:7f:8e:
                    37:17:e8:6d:3e:14:fc:7a:cb:fd:b7:e6:5c:4a:24:
                    b7:3a:d0:5a:85:9a:4f:69:cd:44:9c:c3:73:c6:cc:
                    13:a0:f4:41:10:fa:c2:d7:34:69:02:a1:b1:5a:1f:
                    b4:9d:dc:39:e5:bb:12:56:7a:d6:52:30:cb:f2:5d:
                    a1:ed:6e:b3:0e:77:88:90:3d:16:90:9a:e4:0b:8a:
                    5b:99:22:2b:f4:33:cf:9e:14:5e:ba:f5:71:22:9b:
                    33:f3:92:c2:41:be:4a:5a:29:dd:0e:d7:4e:08:1a:
                    dc:75:46:e6:70:92:31:54:0b:34:17:e0:6c:68:08:
                    e2:4f:d2:88:ec:8c:dd:7e:3e:2e:fa:e4:3d:e6:80:
                    bf:3b:2d:f2:5d:4f:6a:3c:40:78:2a:c2:4e:10:8f:
                    75:97:f2:2a:68:6f:70:92:d3:64:78:f6:d0:14:f0:
                    f1:e6:52:d2:6a:ac:25:7c:d8:3d:f8:e2:60:74:a6:
                    83:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:49:D6:F6:BA:62:00:E2:2C:DF:85:00:3E:AF:07:67:70:FD:5A:19
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/K0nW9rpiAOIs34UAPq8HZ3D9Whk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:bf:01:c9:76:b1:19:d9:68:9c:60:ca:ff:f8:9a:80:e8:2c:
         2e:43:e6:77:48:62:ca:70:f2:91:1a:da:96:52:46:b1:9d:2d:
         44:67:a9:45:a2:76:28:3d:1e:e8:7d:05:2a:a2:34:92:31:d7:
         e8:97:da:16:28:41:14:8d:9d:fd:61:07:b1:49:6b:93:a4:3e:
         3c:3d:4e:cf:71:54:ca:2d:10:ff:e2:d7:19:86:c0:38:30:70:
         b6:8c:a4:46:71:1d:d3:bf:9c:23:11:2b:31:73:93:7e:30:44:
         d8:7d:24:c7:52:c8:41:15:68:56:fe:f0:73:90:e3:dc:d2:87:
         c5:e1:17:c3:36:bb:34:f2:2e:eb:78:01:db:73:74:0d:71:00:
         90:a2:61:3e:56:2b:64:3e:e1:37:91:89:07:08:df:26:e8:09:
         a3:d6:41:b6:2d:e7:3b:31:ce:53:18:ea:45:9e:10:57:f2:78:
         81:dd:1f:b2:45:58:b3:d3:2f:6c:4e:53:20:df:52:d3:09:a6:
         f6:a5:f1:47:dd:66:64:2d:ca:00:1a:76:70:74:69:19:aa:6c:
         92:a4:51:7a:b1:b3:1d:5d:f7:c0:01:61:95:bc:63:ed:7b:10:
         27:e4:5a:4d:ed:64:e7:7b:59:83:f4:b3:3d:84:35:2e:64:d6:
         0e:bf:27:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy+UkSCyTBuGWN7lH1J/8XPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzA1MTQwNjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjQ5ZDZmNmJhNjIwMGUyMmNkZjg1MDAzZWFmMDc2NzcwZmQ1YTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PHh2gZ2vLN1NGk2ocFVMOTc+58E
rvHDvAEDVYnEWX29ouZ3UbBcQsWvYikAKM1YW6D3ABzM7FJ3ZWFdLiXSPFXcgv6N
IiKYf443F+htPhT8esv9t+ZcSiS3OtBahZpPac1EnMNzxswToPRBEPrC1zRpAqGx
Wh+0ndw55bsSVnrWUjDL8l2h7W6zDneIkD0WkJrkC4pbmSIr9DPPnhReuvVxIpsz
85LCQb5KWindDtdOCBrcdUbmcJIxVAs0F+BsaAjiT9KI7Izdfj4u+uQ95oC/Oy3y
XU9qPEB4KsJOEI91l/IqaG9wktNkePbQFPDx5lLSaqwlfNg9+OJgdKaDrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtJ1va6YgDiLN+FAD6vB2dw/VoZMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSzBuVzlycGlBT0lzMzRVQVBxOEhaM0Q5V2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznOMA0G
CSqGSIb3DQEBCwUAA4IBAQClvwHJdrEZ2WicYMr/+JqA6CwuQ+Z3SGLKcPKRGtqW
UkaxnS1EZ6lFonYoPR7ofQUqojSSMdfol9oWKEEUjZ39YQexSWuTpD48PU7PcVTK
LRD/4tcZhsA4MHC2jKRGcR3Tv5wjESsxc5N+METYfSTHUshBFWhW/vBzkOPc0ofF
4RfDNrs08i7reAHbc3QNcQCQomE+VitkPuE3kYkHCN8m6Amj1kG2Lec7Mc5TGOpF
nhBX8niB3R+yRViz0y9sTlMg31LTCab2pfFH3WZkLcoAGnZwdGkZqmySpFF6sbMd
XffAAWGVvGPtexAn5FpN7WTne1mD9LM9hDUuZNYOvyc5
-----END CERTIFICATE-----