Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cdiPCIz1Mmie7cjqICaUsJn0kEQ.roa
File:                     cdiPCIz1Mmie7cjqICaUsJn0kEQ.roa (raw, json)
Hash identifier:          YwqzZV1CqagellYvds4K6iup9fB2iE40hLZYRV0YTU4=
Subject key identifier:   71:D8:8F:08:8C:F5:32:68:9E:ED:C8:EA:20:26:94:B0:99:F4:90:44
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CB4FAE7CC9F73F0A1FC514791CB8902B0
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cdiPCIz1Mmie7cjqICaUsJn0kEQ.roa
Signing time:             Tue 03 Mar 2026 18:34:28 +0000
ROA not before:           Tue 03 Mar 2026 18:34:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43641
IP address blocks:        31.58.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 14:16:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b4:fa:e7:cc:9f:73:f0:a1:fc:51:47:91:cb:89:02:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  3 18:34:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71d88f088cf532689eedc8ea202694b099f49044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:24:3e:5d:e0:07:3e:ae:34:f0:ef:35:1b:b6:
                    23:fe:e6:5d:07:01:4f:46:48:2b:41:01:a4:e0:b9:
                    90:d0:5d:70:77:85:d7:3c:a4:fa:57:59:84:12:16:
                    38:51:36:f7:c2:28:76:a4:af:3a:f3:38:dc:a2:38:
                    51:77:73:21:b0:ba:6f:70:03:3c:9f:9f:90:a9:f6:
                    d8:43:d5:2b:32:67:b4:34:88:e5:ef:98:88:16:c0:
                    e7:64:bd:0f:39:91:0a:27:d6:ca:25:e0:17:12:cb:
                    ed:5d:6e:d1:1b:65:44:13:81:93:ae:08:aa:51:43:
                    fe:83:7c:f5:8a:6d:1b:07:9f:ed:e9:47:ba:86:05:
                    06:18:70:e9:04:aa:32:ba:79:e3:4d:33:ad:61:4d:
                    6e:b5:f4:46:f4:ec:b3:48:ab:9c:14:c6:58:b2:57:
                    15:87:30:7c:3b:39:a3:f1:b2:95:c2:c4:64:91:d8:
                    87:d5:01:49:27:72:45:c4:24:17:34:53:9d:2a:f9:
                    74:d4:c6:72:7b:68:84:61:ac:b4:0d:ff:b4:f4:94:
                    be:57:32:d2:ca:1c:ba:d3:81:2b:17:5d:38:37:6a:
                    06:24:f5:2a:1e:7c:0f:97:b0:4d:36:6b:45:08:61:
                    59:74:e2:ab:3d:a1:4a:65:ee:8f:00:b2:dd:99:a0:
                    ac:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D8:8F:08:8C:F5:32:68:9E:ED:C8:EA:20:26:94:B0:99:F4:90:44
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cdiPCIz1Mmie7cjqICaUsJn0kEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a6:8c:a4:65:e3:ab:38:97:1f:b3:7c:8d:bc:03:3b:3e:5b:
         b5:bc:a6:cd:bc:68:9d:12:d8:af:75:b7:7c:72:34:09:47:f1:
         23:ee:97:e7:ac:a7:5a:02:e3:7c:4b:ff:04:49:cc:af:dc:52:
         68:dd:07:32:ec:82:85:39:b3:9d:32:99:6d:d4:ed:3b:1d:5d:
         64:ad:42:2c:44:28:4d:a1:60:79:01:40:75:ca:bf:be:e8:11:
         b4:23:9b:70:11:8c:73:c2:fe:83:22:83:d1:d3:18:e1:6c:cb:
         fa:52:f0:60:62:fd:c3:83:0b:4a:27:40:fa:a2:40:9f:65:e1:
         b5:9b:12:d2:60:74:79:cf:5d:6d:90:a6:61:62:c7:de:b0:71:
         cf:85:55:bc:93:8e:b2:76:37:4d:b3:73:6e:f1:54:95:62:73:
         0a:ed:64:d8:7c:36:4e:d9:2e:60:42:f3:eb:4d:d1:c1:c6:6a:
         1c:67:f2:36:e0:fa:d0:79:c5:52:c2:9c:39:ba:42:6e:3a:b4:
         cb:95:d6:3b:73:b2:b3:b9:31:e8:1d:f4:35:41:4b:fe:1d:75:
         d9:26:73:00:7b:60:5c:2d:30:ad:1f:9b:da:d1:09:e0:a2:54:
         00:53:3f:04:1f:30:2d:3d:18:7c:80:1a:89:a9:48:2b:28:5a:
         e0:ad:42:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy0+ufMn3PwofxRR5HLiQKwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzAzMTgzNDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQ4OGYwODhjZjUzMjY4OWVlZGM4ZWEyMDI2OTRiMDk5ZjQ5MDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCQ+XeAHPq408O81G7Yj/uZdBwFP
RkgrQQGk4LmQ0F1wd4XXPKT6V1mEEhY4UTb3wih2pK868zjcojhRd3MhsLpvcAM8
n5+QqfbYQ9UrMme0NIjl75iIFsDnZL0POZEKJ9bKJeAXEsvtXW7RG2VEE4GTrgiq
UUP+g3z1im0bB5/t6Ue6hgUGGHDpBKoyunnjTTOtYU1utfRG9OyzSKucFMZYslcV
hzB8Ozmj8bKVwsRkkdiH1QFJJ3JFxCQXNFOdKvl01MZye2iEYay0Df+09JS+VzLS
yhy604ErF104N2oGJPUqHnwPl7BNNmtFCGFZdOKrPaFKZe6PALLdmaCs5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHYjwiM9TJonu3I6iAmlLCZ9JBEMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY2RpUENJejFNbWllN2NqcUlDYVVzSm4wa0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqNMA0G
CSqGSIb3DQEBCwUAA4IBAQBspoykZeOrOJcfs3yNvAM7Plu1vKbNvGidEtivdbd8
cjQJR/Ej7pfnrKdaAuN8S/8EScyv3FJo3Qcy7IKFObOdMplt1O07HV1krUIsRChN
oWB5AUB1yr++6BG0I5twEYxzwv6DIoPR0xjhbMv6UvBgYv3DgwtKJ0D6okCfZeG1
mxLSYHR5z11tkKZhYsfesHHPhVW8k46ydjdNs3Nu8VSVYnMK7WTYfDZO2S5gQvPr
TdHBxmocZ/I24PrQecVSwpw5ukJuOrTLldY7c7KzuTHoHfQ1QUv+HXXZJnMAe2Bc
LTCtH5va0QngolQAUz8EHzAtPRh8gBqJqUgrKFrgrUJP
-----END CERTIFICATE-----