Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MrSc6a1mI_XTNIyfu9CWXKbsH_o.roa
File:                     MrSc6a1mI_XTNIyfu9CWXKbsH_o.roa (raw, json)
Hash identifier:          Zu53prep6pMdatQHUdoPUOEvYdVSrfyFDQNZbWI2veI=
Subject key identifier:   32:B4:9C:E9:AD:66:23:F5:D3:34:8C:9F:BB:D0:96:5C:A6:EC:1F:FA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019F037FD8ECAD334F82034266851CD26556
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MrSc6a1mI_XTNIyfu9CWXKbsH_o.roa
Signing time:             Fri 26 Jun 2026 10:35:37 +0000
ROA not before:           Fri 26 Jun 2026 10:35:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154368
IP address blocks:        31.57.137.0/24 maxlen: 24
                          31.57.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:03:7f:d8:ec:ad:33:4f:82:03:42:66:85:1c:d2:65:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 26 10:35:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32b49ce9ad6623f5d3348c9fbbd0965ca6ec1ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:85:a7:1e:73:94:a1:00:ff:1d:ac:4f:08:0f:
                    50:9c:02:de:78:f0:d2:be:44:90:49:30:26:29:b6:
                    2e:cf:98:d3:43:69:b0:c5:cd:c4:53:87:14:46:d3:
                    82:2b:63:23:c6:34:a7:28:4b:32:79:cd:ea:19:cb:
                    77:3f:ff:b8:f3:89:39:b1:cd:7f:49:9c:84:c0:67:
                    f3:a3:59:19:4a:c8:24:e9:92:67:40:d3:a3:7e:7b:
                    cd:ed:5e:77:bd:43:e1:64:bb:17:09:9a:47:16:fe:
                    8f:93:1f:83:b2:71:83:de:23:02:2e:ae:b9:11:d2:
                    6d:c8:4f:b3:1e:9f:75:0d:36:22:11:bf:38:eb:d1:
                    ad:34:17:d5:90:84:48:7b:22:04:3a:ae:3c:18:83:
                    a4:57:2c:b0:5d:14:3e:e9:cb:6f:5e:31:28:aa:1e:
                    09:0d:11:4a:8b:72:4b:56:36:ce:4e:20:93:5b:9c:
                    3d:b6:21:72:6b:ab:2d:0e:4c:28:b3:6f:47:3c:25:
                    9e:32:99:5b:98:2e:98:e4:80:f1:b8:d9:55:00:a1:
                    7d:70:d8:49:04:6b:57:3f:98:e1:d8:c5:7f:21:ca:
                    2a:64:e2:c6:33:b3:32:c0:df:7c:bb:d1:fe:e2:90:
                    e0:af:55:0a:85:b4:65:da:f3:32:a3:d3:e5:db:62:
                    75:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:B4:9C:E9:AD:66:23:F5:D3:34:8C:9F:BB:D0:96:5C:A6:EC:1F:FA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MrSc6a1mI_XTNIyfu9CWXKbsH_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.137.0/24
                  31.57.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:f5:cc:39:af:9a:e4:bb:c4:f1:de:be:41:0a:6a:1a:5b:6e:
         fc:0a:c0:e8:4e:88:0d:c5:7e:43:4e:9f:b8:b2:30:ad:ff:ed:
         1f:5e:e6:1e:c0:93:57:5a:d2:6c:a9:0b:2f:c5:ca:b9:2e:38:
         78:43:05:6b:6a:20:f9:be:35:af:de:a4:10:a8:81:d9:43:a0:
         5f:4f:8b:f0:08:45:b2:65:19:0a:eb:87:35:71:c2:2a:77:21:
         17:5a:b2:13:1a:06:36:5d:cd:82:b0:57:39:22:22:a5:7a:1b:
         59:27:6b:fe:19:ac:f7:1b:cb:ca:06:d2:99:01:c8:40:c1:30:
         61:25:91:dd:dd:81:18:05:6f:c5:88:5c:02:ce:b9:87:64:b2:
         85:bd:72:3c:0b:72:1a:e0:83:d5:06:9c:1d:3c:c1:5e:a9:07:
         15:d7:6b:32:1e:13:74:28:58:e7:1c:92:2e:f1:2a:81:c1:0f:
         97:27:37:56:a8:eb:76:6b:65:fc:96:2a:89:a7:bd:19:69:14:
         a7:c1:dd:ab:85:ec:7f:dc:90:9e:81:18:6f:40:8e:9b:d6:f1:
         13:e1:c2:d9:19:81:82:60:7d:0f:6b:59:87:a9:e0:59:2a:f0:
         ac:c6:d8:06:20:1b:c2:cd:08:76:d0:38:82:8b:1b:ec:8b:78:
         e2:1c:6c:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8Df9jsrTNPggNCZoUc0mVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjI2MTAzNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmI0OWNlOWFkNjYyM2Y1ZDMzNDhjOWZiYmQwOTY1Y2E2ZWMxZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIWnHnOUoQD/HaxPCA9QnALeePDS
vkSQSTAmKbYuz5jTQ2mwxc3EU4cURtOCK2MjxjSnKEsyec3qGct3P/+484k5sc1/
SZyEwGfzo1kZSsgk6ZJnQNOjfnvN7V53vUPhZLsXCZpHFv6Pkx+DsnGD3iMCLq65
EdJtyE+zHp91DTYiEb8469GtNBfVkIRIeyIEOq48GIOkVyywXRQ+6ctvXjEoqh4J
DRFKi3JLVjbOTiCTW5w9tiFya6stDkwos29HPCWeMplbmC6Y5IDxuNlVAKF9cNhJ
BGtXP5jh2MV/IcoqZOLGM7MywN98u9H+4pDgr1UKhbRl2vMyo9Pl22J1ZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDK0nOmtZiP10zSMn7vQllym7B/6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTXJTYzZhMW1JX1hUTkl5ZnU5Q1dYS2JzSF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmJAwQA
HzmbMA0GCSqGSIb3DQEBCwUAA4IBAQBN9cw5r5rku8Tx3r5BCmoaW278CsDoTogN
xX5DTp+4sjCt/+0fXuYewJNXWtJsqQsvxcq5Ljh4QwVraiD5vjWv3qQQqIHZQ6Bf
T4vwCEWyZRkK64c1ccIqdyEXWrITGgY2Xc2CsFc5IiKlehtZJ2v+Gaz3G8vKBtKZ
AchAwTBhJZHd3YEYBW/FiFwCzrmHZLKFvXI8C3Ia4IPVBpwdPMFeqQcV12syHhN0
KFjnHJIu8SqBwQ+XJzdWqOt2a2X8liqJp70ZaRSnwd2rhex/3JCegRhvQI6b1vET
4cLZGYGCYH0Pa1mHqeBZKvCsxtgGIBvCzQh20DiCixvsi3jiHGw/
-----END CERTIFICATE-----