Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/dbl4aeLZBRbHmZcn-HYXxY0jwK0.roa
File:                     dbl4aeLZBRbHmZcn-HYXxY0jwK0.roa (raw, json)
Hash identifier:          6IZYpdbBBvbF1oxPQAXtHRR59CS2BdFTERJ98f9OeA4=
Subject key identifier:   75:B9:78:69:E2:D9:05:16:C7:99:97:27:F8:76:17:C5:8D:23:C0:AD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DCD73222BDF53D911EEF05E404E118F6B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/dbl4aeLZBRbHmZcn-HYXxY0jwK0.roa
Signing time:             Mon 27 Apr 2026 05:39:27 +0000
ROA not before:           Mon 27 Apr 2026 05:39:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198653
IP address blocks:        31.57.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 13:57:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cd:73:22:2b:df:53:d9:11:ee:f0:5e:40:4e:11:8f:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 27 05:39:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75b97869e2d90516c7999727f87617c58d23c0ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c0:a6:07:01:a9:d9:be:c8:02:92:c3:be:97:
                    0a:4d:f2:7b:44:b1:f0:dd:d2:e1:db:62:dc:c8:8f:
                    bf:fc:40:b4:9e:1e:d5:b9:be:81:32:b5:67:73:98:
                    33:8c:8b:cf:45:42:df:4e:ee:7f:45:64:fd:1e:fa:
                    d6:28:d8:4e:ed:bf:c3:b2:a5:84:ef:60:a2:2f:32:
                    d8:6c:1a:e2:b2:41:78:31:ba:3f:18:11:90:ff:c0:
                    a3:b6:9a:07:19:5b:74:da:c3:2a:38:84:8e:af:19:
                    f8:0c:52:9e:41:10:6d:d3:ea:a3:c4:c4:f5:ce:ba:
                    b5:28:c2:cb:ea:50:40:54:11:a8:1f:77:c8:05:9a:
                    8d:1b:80:a0:4a:73:4f:5f:30:c3:8d:4e:59:b5:2a:
                    37:6c:68:78:ab:3c:65:21:9b:0f:8c:ab:01:f0:01:
                    dc:8d:25:13:48:fb:c1:c4:0b:9f:ec:1c:20:eb:68:
                    06:59:d9:c4:6f:5a:9d:6c:53:97:7b:51:0b:e3:03:
                    6c:70:a7:ba:5b:9f:04:34:28:57:37:aa:70:31:f4:
                    87:08:d4:35:a5:8f:62:3c:0b:a3:9b:aa:69:d4:97:
                    d0:25:3f:e1:0b:42:9c:38:b0:ae:ad:a8:78:ad:87:
                    35:a4:9d:d2:a1:4d:b8:05:8a:ec:32:3b:39:a0:e7:
                    a6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:B9:78:69:E2:D9:05:16:C7:99:97:27:F8:76:17:C5:8D:23:C0:AD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/dbl4aeLZBRbHmZcn-HYXxY0jwK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:4e:b5:c8:3c:5d:25:0a:d2:8c:d4:67:d5:88:f5:be:b2:d0:
         cc:d6:58:24:2a:28:87:1b:0b:78:f3:a4:fc:e5:cd:37:f6:cb:
         6b:05:16:1a:20:17:c2:c3:b0:7d:cc:ba:3a:9d:3d:12:c2:95:
         b5:16:39:fb:61:7c:23:30:dc:a6:fd:2e:b3:e3:cf:ce:54:d7:
         13:6d:ab:c1:17:76:c4:38:bf:87:09:cb:d3:b9:d7:ac:54:70:
         80:47:89:43:53:d2:59:92:80:b9:23:39:fa:36:2f:55:f6:e6:
         f7:43:70:7b:38:b1:3a:e4:5d:1f:76:93:71:78:85:c3:39:54:
         ed:51:e4:7f:b0:96:e6:18:70:79:08:e2:78:9d:f2:60:5c:1f:
         fc:2a:ad:4d:73:00:2d:70:de:fe:ba:67:f0:2c:e5:ff:ca:af:
         25:a4:36:86:4b:a3:a7:d2:af:8f:40:ee:f1:0a:db:ec:7f:2e:
         39:76:21:ce:9e:86:cf:7c:bd:79:33:fd:11:63:01:87:02:e9:
         03:00:8e:a9:2e:ff:b1:3c:62:e1:4b:fa:ea:6c:fb:dc:51:51:
         b6:65:a9:1c:c5:c2:71:0d:b8:51:9b:df:cf:39:a5:0a:a6:f0:
         f0:49:dd:0b:d0:63:71:d6:d4:87:df:25:d5:a0:78:14:9a:b2:
         2f:af:27:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3NcyIr31PZEe7wXkBOEY9rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDI3MDUzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWI5Nzg2OWUyZDkwNTE2Yzc5OTk3MjdmODc2MTdjNThkMjNjMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsCmBwGp2b7IApLDvpcKTfJ7RLHw
3dLh22LcyI+//EC0nh7Vub6BMrVnc5gzjIvPRULfTu5/RWT9HvrWKNhO7b/DsqWE
72CiLzLYbBriskF4Mbo/GBGQ/8CjtpoHGVt02sMqOISOrxn4DFKeQRBt0+qjxMT1
zrq1KMLL6lBAVBGoH3fIBZqNG4CgSnNPXzDDjU5ZtSo3bGh4qzxlIZsPjKsB8AHc
jSUTSPvBxAuf7Bwg62gGWdnEb1qdbFOXe1EL4wNscKe6W58ENChXN6pwMfSHCNQ1
pY9iPAujm6pp1JfQJT/hC0KcOLCurah4rYc1pJ3SoU24BYrsMjs5oOem2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHW5eGni2QUWx5mXJ/h2F8WNI8CtMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZGJsNGFlTFpCUmJIbVpjbi1IWVh4WTBqd0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmEMA0G
CSqGSIb3DQEBCwUAA4IBAQAQTrXIPF0lCtKM1GfViPW+stDM1lgkKiiHGwt486T8
5c039strBRYaIBfCw7B9zLo6nT0SwpW1Fjn7YXwjMNym/S6z48/OVNcTbavBF3bE
OL+HCcvTudesVHCAR4lDU9JZkoC5Izn6Ni9V9ub3Q3B7OLE65F0fdpNxeIXDOVTt
UeR/sJbmGHB5COJ4nfJgXB/8Kq1NcwAtcN7+umfwLOX/yq8lpDaGS6On0q+PQO7x
Ctvsfy45diHOnobPfL15M/0RYwGHAukDAI6pLv+xPGLhS/rqbPvcUVG2ZakcxcJx
DbhRm9/POaUKpvDwSd0L0GNx1tSH3yXVoHgUmrIvrye7
-----END CERTIFICATE-----