Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/T6LN7oJ3mraF4dtEF8R5lXMEBzQ.roa
File:                     T6LN7oJ3mraF4dtEF8R5lXMEBzQ.roa (raw, json)
Hash identifier:          4lhk2p+Alst23Bjc1PMKSQiOti4WKAXdellBboNTT0A=
Subject key identifier:   4F:A2:CD:EE:82:77:9A:B6:85:E1:DB:44:17:C4:79:95:73:04:07:34
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E2CA961E3E1EB5FDF29BD7A991A4F20D7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/T6LN7oJ3mraF4dtEF8R5lXMEBzQ.roa
Signing time:             Fri 15 May 2026 17:22:38 +0000
ROA not before:           Fri 15 May 2026 17:22:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135040
IP address blocks:        31.57.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2c:a9:61:e3:e1:eb:5f:df:29:bd:7a:99:1a:4f:20:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 15 17:22:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4fa2cdee82779ab685e1db4417c4799573040734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:90:72:20:95:00:c7:6d:3c:fa:90:8d:53:b1:
                    f0:7c:a3:e1:3b:96:ed:5c:d7:48:cf:4a:b5:2c:4e:
                    ee:13:83:0c:55:c5:83:b1:55:73:73:6a:c6:e3:3b:
                    a4:be:72:15:39:7c:2e:be:57:1c:76:ef:65:82:50:
                    de:1b:be:a0:c0:f5:ff:71:29:3a:ce:b9:88:d6:c0:
                    96:28:f9:ef:49:0c:f6:d5:4a:7a:4c:a2:f2:8e:ec:
                    f0:e5:a6:22:9b:d3:78:91:41:af:aa:0b:8f:ad:a6:
                    33:97:85:0a:60:8c:85:d1:64:fc:a8:9c:f2:72:da:
                    73:f2:19:96:c1:05:3c:18:64:2b:5c:4c:d7:48:a7:
                    62:37:0c:91:92:ff:bb:d0:37:7d:97:4a:a9:9b:e6:
                    32:68:43:11:84:23:28:c1:bb:aa:eb:2a:1e:98:06:
                    df:14:0c:1c:e5:ad:da:66:f0:db:78:58:60:c4:94:
                    0f:95:b1:a5:f1:dc:c6:1e:e5:32:35:af:c1:b9:49:
                    83:4e:db:fd:b8:37:7c:86:b8:5f:81:33:82:57:ad:
                    7d:c0:60:1f:73:e9:bd:50:4e:85:b2:19:56:7d:49:
                    5c:de:38:9c:b0:df:69:fa:8f:5c:f3:67:01:66:b8:
                    9b:0f:80:50:65:5d:09:30:52:f9:45:fe:3d:80:0f:
                    5c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:A2:CD:EE:82:77:9A:B6:85:E1:DB:44:17:C4:79:95:73:04:07:34
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/T6LN7oJ3mraF4dtEF8R5lXMEBzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:5c:0d:07:ba:07:5e:cc:17:06:67:ae:37:a6:bd:2e:0a:4a:
         c5:98:90:86:6a:92:43:e3:43:49:33:f7:9e:25:b7:59:04:64:
         f8:4c:ba:58:26:35:46:0d:d2:7d:69:ac:28:1c:c6:2f:18:db:
         aa:b2:74:c3:4e:cc:ae:ee:e8:84:00:49:80:62:9a:d9:71:78:
         fa:10:f7:0e:f4:50:b2:e0:fb:90:95:b1:b1:bc:61:ff:73:ac:
         38:32:0e:68:3f:9e:97:f1:bc:d5:1e:a1:17:27:c3:2f:b8:a2:
         dc:02:2a:40:1f:a8:aa:a4:6c:77:14:b1:38:b2:a6:e1:fb:8f:
         3e:5a:44:c3:e9:00:89:b9:c1:bc:94:27:87:0e:d0:ae:f2:b7:
         c5:8f:7c:d5:2d:10:e7:9d:4a:5d:29:53:92:45:3c:5f:1d:3e:
         43:c5:e7:42:66:a0:fa:ca:1d:d7:a3:9f:a4:58:ad:08:36:53:
         4e:c5:ee:cf:0e:a5:58:3b:bb:4b:81:c4:fd:da:1d:bc:91:38:
         b3:e1:92:22:51:28:56:48:1e:4c:87:59:f2:3b:33:4a:d3:c3:
         fe:e5:42:95:46:a7:66:2d:3f:e3:db:48:d8:12:bf:5e:3e:dd:
         ff:5b:cf:3b:ed:63:21:96:3f:a2:f8:ab:ce:3d:a6:06:fc:9e:
         6d:37:74:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4sqWHj4etf3ym9epkaTyDXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTE1MTcyMjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmEyY2RlZTgyNzc5YWI2ODVlMWRiNDQxN2M0Nzk5NTczMDQwNzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpByIJUAx208+pCNU7HwfKPhO5bt
XNdIz0q1LE7uE4MMVcWDsVVzc2rG4zukvnIVOXwuvlccdu9lglDeG76gwPX/cSk6
zrmI1sCWKPnvSQz21Up6TKLyjuzw5aYim9N4kUGvqguPraYzl4UKYIyF0WT8qJzy
ctpz8hmWwQU8GGQrXEzXSKdiNwyRkv+70Dd9l0qpm+YyaEMRhCMowbuq6yoemAbf
FAwc5a3aZvDbeFhgxJQPlbGl8dzGHuUyNa/BuUmDTtv9uDd8hrhfgTOCV619wGAf
c+m9UE6FshlWfUlc3jicsN9p+o9c82cBZribD4BQZV0JMFL5Rf49gA9cHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+ize6Cd5q2heHbRBfEeZVzBAc0MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVDZMTjdvSjNtcmFGNGR0RUY4UjVsWE1FQnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzn4MA0G
CSqGSIb3DQEBCwUAA4IBAQBXXA0HugdezBcGZ643pr0uCkrFmJCGapJD40NJM/ee
JbdZBGT4TLpYJjVGDdJ9aawoHMYvGNuqsnTDTsyu7uiEAEmAYprZcXj6EPcO9FCy
4PuQlbGxvGH/c6w4Mg5oP56X8bzVHqEXJ8MvuKLcAipAH6iqpGx3FLE4sqbh+48+
WkTD6QCJucG8lCeHDtCu8rfFj3zVLRDnnUpdKVOSRTxfHT5DxedCZqD6yh3Xo5+k
WK0INlNOxe7PDqVYO7tLgcT92h28kTiz4ZIiUShWSB5Mh1nyOzNK08P+5UKVRqdm
LT/j20jYEr9ePt3/W8877WMhlj+i+KvOPaYG/J5tN3Rh
-----END CERTIFICATE-----