Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RYdISro0tPRirMVi4Z-LHTxkivI.roa
File:                     RYdISro0tPRirMVi4Z-LHTxkivI.roa (raw, json)
Hash identifier:          euaTafwplfbOJZYS8U4LyZmUwrh84m+0x15YX8JKcDY=
Subject key identifier:   45:87:48:4A:BA:34:B4:F4:62:AC:C5:62:E1:9F:8B:1D:3C:64:8A:F2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D6433283B8F67B90A9F4CD7E3AD8A67E2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RYdISro0tPRirMVi4Z-LHTxkivI.roa
Signing time:             Mon 06 Apr 2026 19:09:27 +0000
ROA not before:           Mon 06 Apr 2026 19:09:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199398
IP address blocks:        31.57.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 21:31:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:64:33:28:3b:8f:67:b9:0a:9f:4c:d7:e3:ad:8a:67:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  6 19:09:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4587484aba34b4f462acc562e19f8b1d3c648af2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8c:38:52:07:97:25:d4:ce:57:05:62:71:90:
                    09:46:a2:4c:fc:cf:3e:3f:8f:7d:d2:bc:67:aa:c7:
                    11:db:9f:b3:59:ad:ee:7f:e0:0c:35:ec:68:fb:c4:
                    ba:02:3c:f9:f0:05:be:4a:d5:f0:38:8d:ba:cc:b7:
                    e7:9a:af:b2:d2:56:ca:f9:5a:0e:4c:4d:83:12:ba:
                    45:0a:fb:fc:b3:84:de:c5:7b:0b:32:2f:5e:ba:d4:
                    dc:a5:56:f7:1d:62:55:4f:7a:b8:9a:33:fd:ef:38:
                    d1:82:8f:20:f5:d1:f3:da:a6:bd:5d:6b:ea:49:ba:
                    3d:be:dc:48:c1:d9:68:88:3f:f4:56:c9:d6:5d:19:
                    ca:c9:54:dd:2b:6d:0d:60:b7:4e:76:d8:87:8c:e1:
                    98:42:ca:63:22:41:28:3c:99:da:d0:7f:99:99:24:
                    76:5f:8f:0a:0b:9f:83:1f:96:31:ba:99:0d:c5:c4:
                    20:85:8f:5a:94:38:1f:e6:cd:cb:70:d9:50:59:9b:
                    b5:6f:f7:1a:5f:5e:06:98:fc:0b:a9:9c:03:1c:85:
                    06:f5:0d:c2:7f:a3:45:56:ee:8f:56:a3:91:e4:2e:
                    bc:c8:62:2c:17:1e:9b:5a:f5:27:de:0d:73:ca:92:
                    38:9d:58:a0:ad:ae:89:03:d1:7e:31:a8:32:21:3b:
                    1b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:87:48:4A:BA:34:B4:F4:62:AC:C5:62:E1:9F:8B:1D:3C:64:8A:F2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RYdISro0tPRirMVi4Z-LHTxkivI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:ef:48:eb:b8:65:e9:86:ee:d8:0e:c4:97:a3:08:8a:22:53:
         33:61:e7:18:07:56:a8:f5:58:c0:0d:58:31:f8:fc:bd:e2:02:
         7a:6a:f5:c6:58:53:26:1c:d8:f2:7d:7e:85:f6:4e:3a:78:79:
         0f:dd:38:3d:80:b6:8d:f1:29:30:04:5f:61:ce:9a:3b:41:e8:
         3e:03:fc:0a:c1:4c:24:f6:ae:99:e0:7e:d5:27:bb:b8:bb:38:
         e1:cd:80:77:ba:19:eb:4d:09:4a:8f:47:dc:ac:8c:41:51:4a:
         4f:86:34:e2:37:dc:e0:16:73:cd:ef:92:59:3a:9a:9c:23:2c:
         73:19:b2:7a:c9:dd:97:0c:32:b2:92:73:58:f3:b3:06:6e:bd:
         b8:43:08:b7:a0:6d:b6:dc:64:85:ca:05:b2:49:65:46:6f:e9:
         2c:b6:65:4c:79:ff:0e:c5:4a:14:fe:ca:84:43:e2:11:05:2c:
         f0:c1:23:91:f3:04:04:4f:7d:5c:bd:69:43:d1:98:8e:d5:72:
         ea:e4:1c:c8:26:85:1b:3d:c0:ca:35:36:d0:71:81:c5:c6:07:
         19:38:1b:cf:42:71:0d:19:02:3f:0c:e5:bd:54:ba:2b:5c:2a:
         74:55:b6:47:e7:16:87:3c:f3:40:7d:71:6b:cd:b9:10:97:96:
         fb:e9:cd:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1kMyg7j2e5Cp9M1+OtimfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDA2MTkwOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTg3NDg0YWJhMzRiNGY0NjJhY2M1NjJlMTlmOGIxZDNjNjQ4YWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmow4UgeXJdTOVwVicZAJRqJM/M8+
P4990rxnqscR25+zWa3uf+AMNexo+8S6Ajz58AW+StXwOI26zLfnmq+y0lbK+VoO
TE2DErpFCvv8s4TexXsLMi9eutTcpVb3HWJVT3q4mjP97zjRgo8g9dHz2qa9XWvq
Sbo9vtxIwdloiD/0VsnWXRnKyVTdK20NYLdOdtiHjOGYQspjIkEoPJna0H+ZmSR2
X48KC5+DH5YxupkNxcQghY9alDgf5s3LcNlQWZu1b/caX14GmPwLqZwDHIUG9Q3C
f6NFVu6PVqOR5C68yGIsFx6bWvUn3g1zypI4nVigra6JA9F+MagyITsbsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWHSEq6NLT0YqzFYuGfix08ZIryMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUllkSVNybzB0UFJpck1WaTRaLUxIVHhraXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmbMA0G
CSqGSIb3DQEBCwUAA4IBAQAc70jruGXphu7YDsSXowiKIlMzYecYB1ao9VjADVgx
+Py94gJ6avXGWFMmHNjyfX6F9k46eHkP3Tg9gLaN8SkwBF9hzpo7Qeg+A/wKwUwk
9q6Z4H7VJ7u4uzjhzYB3uhnrTQlKj0fcrIxBUUpPhjTiN9zgFnPN75JZOpqcIyxz
GbJ6yd2XDDKyknNY87MGbr24Qwi3oG223GSFygWySWVGb+kstmVMef8OxUoU/sqE
Q+IRBSzwwSOR8wQET31cvWlD0ZiO1XLq5BzIJoUbPcDKNTbQcYHFxgcZOBvPQnEN
GQI/DOW9VLorXCp0VbZH5xaHPPNAfXFrzbkQl5b76c0D
-----END CERTIFICATE-----