Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U0lmzAtG3jNKZjdhi81gGvvuCws.roa
File:                     U0lmzAtG3jNKZjdhi81gGvvuCws.roa (raw, json)
Hash identifier:          rp/u3B6qhv0FgaTdHLB6ELhpuukR5keg5geKYy7Gh6I=
Subject key identifier:   53:49:66:CC:0B:46:DE:33:4A:66:37:61:8B:CD:60:1A:FB:EE:0B:0B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DCEF83B64AC2988B3E30B3A6E2300959A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U0lmzAtG3jNKZjdhi81gGvvuCws.roa
Signing time:             Mon 27 Apr 2026 12:44:27 +0000
ROA not before:           Mon 27 Apr 2026 12:44:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215228
IP address blocks:        31.57.250.0/24 maxlen: 24
                          94.183.238.0/24 maxlen: 24
                          94.183.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 14:21:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:f8:3b:64:ac:29:88:b3:e3:0b:3a:6e:23:00:95:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 27 12:44:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=534966cc0b46de334a6637618bcd601afbee0b0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ba:02:0a:e3:c2:bd:8d:9a:17:80:ee:56:76:
                    c6:24:17:fe:b1:96:b3:a7:18:2f:e2:67:89:f0:45:
                    0e:58:66:2d:da:15:98:9e:4d:9b:51:8c:9f:cc:e0:
                    9a:5d:e2:a6:27:d7:dd:e4:54:44:ab:a1:c6:42:d0:
                    11:0c:35:d9:58:d2:57:a6:59:82:84:89:4d:2d:5b:
                    d1:0e:ec:97:3e:65:10:76:0e:0d:f8:64:2f:35:2c:
                    f7:be:37:d4:88:0a:b9:82:24:16:ae:91:5f:0a:39:
                    56:c6:3b:ba:df:57:77:79:aa:10:ef:12:53:1f:c6:
                    be:8c:a8:bf:06:a8:14:b2:c2:c2:6b:ae:64:89:98:
                    e4:90:4b:0e:bb:3a:6c:0f:05:8f:d7:b8:6e:81:e4:
                    68:3f:59:ff:36:41:c3:e9:84:44:18:e3:ec:24:66:
                    12:71:bd:82:ea:50:2f:9f:3e:8b:73:2a:a8:23:f6:
                    06:a2:89:74:c7:13:17:40:4d:a4:d7:f7:8e:72:1f:
                    4d:3c:28:19:d5:47:ff:0d:73:29:4c:28:b1:66:67:
                    17:98:68:60:47:43:1f:ff:81:7b:35:4a:0b:05:f7:
                    4c:d2:48:12:8a:e2:7b:d1:a5:fb:2f:c0:af:7e:91:
                    06:c2:d5:03:93:0a:31:f9:a4:3e:17:3e:6f:30:ea:
                    43:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:49:66:CC:0B:46:DE:33:4A:66:37:61:8B:CD:60:1A:FB:EE:0B:0B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U0lmzAtG3jNKZjdhi81gGvvuCws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.250.0/24
                  94.183.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:c9:45:72:a0:44:6b:dc:ff:21:c2:4b:06:e8:40:52:6d:40:
         f2:fe:a5:3e:b0:16:4f:27:1b:a8:c6:ff:94:85:9c:66:c2:90:
         de:e4:6e:36:52:31:a6:3c:4e:12:e2:01:30:26:c5:82:10:e6:
         15:40:2b:d2:6d:e9:46:8f:b2:43:b1:72:e1:0e:92:51:09:24:
         03:ec:17:0e:48:ac:ad:b2:78:bf:41:3f:fb:08:ef:c3:25:db:
         92:a8:43:29:a7:16:81:fc:be:b2:cc:90:59:8e:1e:a6:78:77:
         d9:f7:23:72:4a:e9:f0:cd:78:1f:6b:76:67:21:ef:a8:ec:de:
         b9:8a:b1:8e:a2:9a:b6:4d:5c:b8:84:c7:60:61:ef:01:0a:53:
         79:da:04:ee:19:93:83:c9:0c:dc:78:c5:14:27:67:9a:9f:5a:
         f2:fa:51:53:63:59:7b:7c:6e:db:dd:5b:76:5b:e9:5c:b4:1c:
         25:62:7e:cd:25:df:e0:10:cc:d8:18:0c:6d:7f:39:13:5e:53:
         ea:f4:7b:50:df:ae:08:a0:be:ce:3e:7e:46:ba:21:33:f7:20:
         cf:ee:12:43:1e:fc:cc:93:61:9c:51:d3:3c:69:00:a5:3f:1c:
         8f:b3:41:c0:2a:04:d8:7e:ee:84:94:5c:15:05:32:80:3e:7f:
         73:0e:f2:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3O+DtkrCmIs+MLOm4jAJWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDI3MTI0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQ5NjZjYzBiNDZkZTMzNGE2NjM3NjE4YmNkNjAxYWZiZWUwYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtroCCuPCvY2aF4DuVnbGJBf+sZaz
pxgv4meJ8EUOWGYt2hWYnk2bUYyfzOCaXeKmJ9fd5FREq6HGQtARDDXZWNJXplmC
hIlNLVvRDuyXPmUQdg4N+GQvNSz3vjfUiAq5giQWrpFfCjlWxju631d3eaoQ7xJT
H8a+jKi/BqgUssLCa65kiZjkkEsOuzpsDwWP17hugeRoP1n/NkHD6YREGOPsJGYS
cb2C6lAvnz6LcyqoI/YGool0xxMXQE2k1/eOch9NPCgZ1Uf/DXMpTCixZmcXmGhg
R0Mf/4F7NUoLBfdM0kgSiuJ70aX7L8CvfpEGwtUDkwox+aQ+Fz5vMOpD6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFNJZswLRt4zSmY3YYvNYBr77gsLMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVTBsbXpBdEczak5LWmpkaGk4MWdHdnZ1Q3dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzn6AwQB
XrfuMA0GCSqGSIb3DQEBCwUAA4IBAQBhyUVyoERr3P8hwksG6EBSbUDy/qU+sBZP
Jxuoxv+UhZxmwpDe5G42UjGmPE4S4gEwJsWCEOYVQCvSbelGj7JDsXLhDpJRCSQD
7BcOSKytsni/QT/7CO/DJduSqEMppxaB/L6yzJBZjh6meHfZ9yNySunwzXgfa3Zn
Ie+o7N65irGOopq2TVy4hMdgYe8BClN52gTuGZODyQzceMUUJ2ean1ry+lFTY1l7
fG7b3Vt2W+lctBwlYn7NJd/gEMzYGAxtfzkTXlPq9HtQ364IoL7OPn5GuiEz9yDP
7hJDHvzMk2GcUdM8aQClPxyPs0HAKgTYfu6ElFwVBTKAPn9zDvK/
-----END CERTIFICATE-----