Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Q0aNfqhQda1UHEYr0p_Nu60Y7Pg.roa
File:                     Q0aNfqhQda1UHEYr0p_Nu60Y7Pg.roa (raw, json)
Hash identifier:          JC5HETmbvYHuGENWLmvjf9v/2psXTPfy8OkJnEQAFl0=
Subject key identifier:   43:46:8D:7E:A8:50:75:AD:54:1C:46:2B:D2:9F:CD:BB:AD:18:EC:F8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E7965B2C2218CC0206D09BDE29ADF07B5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Q0aNfqhQda1UHEYr0p_Nu60Y7Pg.roa
Signing time:             Sat 30 May 2026 14:59:28 +0000
ROA not before:           Sat 30 May 2026 14:59:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213791
IP address blocks:        31.57.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:79:65:b2:c2:21:8c:c0:20:6d:09:bd:e2:9a:df:07:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 30 14:59:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43468d7ea85075ad541c462bd29fcdbbad18ecf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ab:0a:59:3a:62:0c:77:49:33:85:dd:13:47:
                    ba:ed:b8:55:aa:2e:b5:c7:d5:eb:e2:95:1a:52:97:
                    0b:6b:27:e9:7e:a6:2d:ab:c4:f9:e9:37:ef:02:b2:
                    bf:e8:5a:cc:a6:b5:12:46:9f:7c:c5:b9:d9:a9:02:
                    d4:de:7b:66:2c:b8:b7:3b:9c:f2:62:0b:73:e9:e4:
                    be:e7:53:d4:0e:03:d7:cc:fd:18:a4:d5:c3:34:3a:
                    6f:21:f4:9a:5d:20:cf:4b:93:66:18:fa:e8:87:ab:
                    15:7d:93:28:09:7f:03:ca:a0:f4:fc:ab:72:7c:8b:
                    bf:41:34:fd:fe:ab:3c:8e:dd:22:93:d5:f7:b2:ee:
                    94:a9:0f:4b:cc:22:a5:58:93:99:36:18:4d:96:17:
                    1e:be:b5:db:93:7b:37:4c:38:47:6e:97:3b:a8:18:
                    e1:03:5f:2f:88:31:d5:e3:8f:00:3f:89:77:9f:7d:
                    ef:b0:5b:60:5c:21:d6:1f:4f:aa:53:78:e7:25:24:
                    be:38:4c:3d:81:a1:d4:f9:3f:bd:53:4b:2c:91:ea:
                    12:12:6d:28:55:c7:f3:4e:9c:f0:40:96:bc:36:31:
                    20:6a:06:72:55:39:56:ab:7d:19:5f:e4:b1:cc:33:
                    10:0c:36:6c:ca:99:e8:47:77:90:6a:93:ec:db:90:
                    b3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:46:8D:7E:A8:50:75:AD:54:1C:46:2B:D2:9F:CD:BB:AD:18:EC:F8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Q0aNfqhQda1UHEYr0p_Nu60Y7Pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:19:bd:bf:d5:1f:86:09:dd:7a:74:fe:2c:67:56:47:f0:44:
         8a:a0:06:24:77:61:74:d0:a2:bc:11:21:2e:d1:66:4a:5c:d6:
         fb:20:54:c2:b9:81:db:ce:56:23:32:98:5a:d8:03:af:db:d4:
         6c:8c:2f:ef:e1:9e:62:24:a6:3c:7d:e7:d2:41:2d:2f:67:ef:
         b9:b4:c7:0c:51:7d:52:0a:1b:bf:c1:73:68:8f:07:42:1c:75:
         ee:57:f1:39:3e:67:8d:a4:13:e2:e8:b1:29:9a:67:63:d1:ac:
         ba:dc:ea:02:dd:2d:ee:18:34:e6:a6:31:67:14:42:1f:3e:76:
         43:e1:09:7d:74:8a:f6:0e:2f:89:62:34:86:d2:82:ad:d3:10:
         ab:dc:71:d6:69:8a:08:28:9d:05:9d:01:31:32:20:4b:3d:f0:
         76:9e:d5:66:35:12:a1:43:21:9d:5a:c9:3a:54:53:f1:bf:b1:
         d4:15:8b:a9:e4:67:17:f5:fa:e0:8c:d9:3b:27:80:79:55:e9:
         99:17:8a:bf:df:19:d3:4a:67:27:09:ba:cb:28:af:e6:37:91:
         15:db:75:fd:9b:bd:99:c1:61:f9:48:39:ee:61:e3:62:b6:8e:
         85:06:86:54:75:f0:ab:f6:3e:f2:61:bc:a6:5b:bf:0d:b5:87:
         dd:b0:a9:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ55ZbLCIYzAIG0JveKa3we1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTMwMTQ1OTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQ2OGQ3ZWE4NTA3NWFkNTQxYzQ2MmJkMjlmY2RiYmFkMThlY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6sKWTpiDHdJM4XdE0e67bhVqi61
x9Xr4pUaUpcLayfpfqYtq8T56TfvArK/6FrMprUSRp98xbnZqQLU3ntmLLi3O5zy
Ygtz6eS+51PUDgPXzP0YpNXDNDpvIfSaXSDPS5NmGProh6sVfZMoCX8DyqD0/Kty
fIu/QTT9/qs8jt0ik9X3su6UqQ9LzCKlWJOZNhhNlhcevrXbk3s3TDhHbpc7qBjh
A18viDHV448AP4l3n33vsFtgXCHWH0+qU3jnJSS+OEw9gaHU+T+9U0sskeoSEm0o
VcfzTpzwQJa8NjEgagZyVTlWq30ZX+SxzDMQDDZsypnoR3eQapPs25CzwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENGjX6oUHWtVBxGK9KfzbutGOz4MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUTBhTmZxaFFkYTFVSEVZcjBwX051NjBZN1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzlwMA0G
CSqGSIb3DQEBCwUAA4IBAQCpGb2/1R+GCd16dP4sZ1ZH8ESKoAYkd2F00KK8ESEu
0WZKXNb7IFTCuYHbzlYjMpha2AOv29RsjC/v4Z5iJKY8fefSQS0vZ++5tMcMUX1S
Chu/wXNojwdCHHXuV/E5PmeNpBPi6LEpmmdj0ay63OoC3S3uGDTmpjFnFEIfPnZD
4Ql9dIr2Di+JYjSG0oKt0xCr3HHWaYoIKJ0FnQExMiBLPfB2ntVmNRKhQyGdWsk6
VFPxv7HUFYup5GcX9frgjNk7J4B5VemZF4q/3xnTSmcnCbrLKK/mN5EV23X9m72Z
wWH5SDnuYeNito6FBoZUdfCr9j7yYbymW78NtYfdsKnA
-----END CERTIFICATE-----