Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fLa9nlAUtw5pxd8HOREnvRRmRJ8.roa
File:                     fLa9nlAUtw5pxd8HOREnvRRmRJ8.roa (raw, json)
Hash identifier:          bfEKDX4HQRVGSJ7kPA7Dt+CtQ5uFXKLG0eRZ38fhjcE=
Subject key identifier:   7C:B6:BD:9E:50:14:B7:0E:69:C5:DF:07:39:11:27:BD:14:66:44:9F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E6F2EF43EE5F18E4FE176B0AA02BD5CB6
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fLa9nlAUtw5pxd8HOREnvRRmRJ8.roa
Signing time:             Thu 28 May 2026 15:23:28 +0000
ROA not before:           Thu 28 May 2026 15:23:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        31.57.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 06:31:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6f:2e:f4:3e:e5:f1:8e:4f:e1:76:b0:aa:02:bd:5c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 28 15:23:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7cb6bd9e5014b70e69c5df07391127bd1466449f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ab:5b:28:68:f3:73:b6:91:e6:e7:c1:e0:ef:
                    78:32:12:73:fd:48:c0:38:4d:01:a9:06:c4:d9:cb:
                    c1:88:4d:32:3e:67:26:61:82:4d:0d:3c:48:3d:c8:
                    e9:41:09:e0:39:4c:b3:ad:95:1a:fa:91:cb:30:b6:
                    cd:6c:b4:c7:25:48:a4:56:26:92:64:08:61:16:99:
                    1c:ea:c1:99:e3:96:7f:4b:5d:0e:1e:1d:06:5e:81:
                    84:86:e0:e8:f7:6b:91:96:c2:5b:76:c6:c0:08:21:
                    c8:55:d2:8c:e4:5c:a0:e6:93:0c:6b:64:53:b0:d3:
                    81:1b:ae:70:65:f3:e6:5b:f6:1f:55:fa:ac:f5:ba:
                    c4:29:84:d0:0e:15:d3:06:14:3a:29:3b:b9:0a:2a:
                    bb:5e:db:29:c9:71:0a:56:e9:66:72:72:23:81:5e:
                    a0:df:e1:e0:db:8f:09:bf:88:eb:b2:7d:10:a6:67:
                    6b:95:e9:72:bb:d0:d1:b6:54:95:39:79:2e:e7:f8:
                    1e:18:d3:2e:d4:df:a4:2f:bf:a5:d2:05:0d:5e:aa:
                    a7:62:1d:81:d8:a8:6e:5c:22:45:a4:42:8f:10:d7:
                    16:6e:23:44:d2:1e:43:14:3b:72:76:87:44:a3:c4:
                    12:f9:b8:53:f9:b4:cb:15:bb:c5:7d:85:40:b6:1c:
                    c4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:B6:BD:9E:50:14:B7:0E:69:C5:DF:07:39:11:27:BD:14:66:44:9F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fLa9nlAUtw5pxd8HOREnvRRmRJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:93:15:98:c0:b6:7a:48:9c:c8:95:db:a8:69:a0:49:d8:b3:
         ce:e2:6b:77:7f:6f:e8:4d:84:4e:5d:09:2a:a6:3d:4e:5c:fe:
         7d:da:d8:cf:04:a3:8a:51:d1:3c:f4:68:8d:85:d2:21:25:94:
         6b:2b:c2:65:17:de:88:fb:a7:5a:25:4b:78:11:19:b3:28:bd:
         11:02:d8:7d:74:f4:55:41:1b:f5:2e:aa:ee:38:34:75:e5:a7:
         b0:97:3b:ba:2e:23:cb:2c:cb:d7:69:3b:b9:ef:04:bd:91:bf:
         75:e1:e4:f4:17:02:9a:df:bf:96:6e:8d:44:95:02:3e:0a:ef:
         54:f5:6b:c7:94:53:9b:a3:3f:4e:93:3c:57:42:64:ec:4b:c9:
         01:2e:ad:62:61:74:c9:aa:70:a5:ba:6b:05:c5:37:c8:f2:9b:
         99:59:09:e0:07:02:42:28:3b:5c:e9:f0:65:fc:00:a7:21:89:
         f3:b8:17:cd:d9:8a:cc:3b:44:bb:32:4e:35:32:90:90:05:52:
         8c:96:69:9b:ca:58:55:35:08:ed:39:c6:c3:71:34:31:47:2a:
         d3:f0:f8:39:40:db:ce:bf:79:f0:2c:9d:a2:3a:a5:40:f8:9b:
         ce:bc:41:30:68:35:45:42:d5:53:14:9a:cb:54:fe:f6:f8:b5:
         34:f1:63:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5vLvQ+5fGOT+F2sKoCvVy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTI4MTUyMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2I2YmQ5ZTUwMTRiNzBlNjljNWRmMDczOTExMjdiZDE0NjY0NDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKtbKGjzc7aR5ufB4O94MhJz/UjA
OE0BqQbE2cvBiE0yPmcmYYJNDTxIPcjpQQngOUyzrZUa+pHLMLbNbLTHJUikViaS
ZAhhFpkc6sGZ45Z/S10OHh0GXoGEhuDo92uRlsJbdsbACCHIVdKM5Fyg5pMMa2RT
sNOBG65wZfPmW/YfVfqs9brEKYTQDhXTBhQ6KTu5Ciq7XtspyXEKVulmcnIjgV6g
3+Hg248Jv4jrsn0Qpmdrlelyu9DRtlSVOXku5/geGNMu1N+kL7+l0gUNXqqnYh2B
2KhuXCJFpEKPENcWbiNE0h5DFDtydodEo8QS+bhT+bTLFbvFfYVAthzEqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHy2vZ5QFLcOacXfBzkRJ70UZkSfMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZkxhOW5sQVV0dzVweGQ4SE9SRW52UlJtUko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzkLMA0G
CSqGSIb3DQEBCwUAA4IBAQC6kxWYwLZ6SJzIlduoaaBJ2LPO4mt3f2/oTYROXQkq
pj1OXP592tjPBKOKUdE89GiNhdIhJZRrK8JlF96I+6daJUt4ERmzKL0RAth9dPRV
QRv1LqruODR15aewlzu6LiPLLMvXaTu57wS9kb914eT0FwKa37+Wbo1ElQI+Cu9U
9WvHlFOboz9OkzxXQmTsS8kBLq1iYXTJqnClumsFxTfI8puZWQngBwJCKDtc6fBl
/ACnIYnzuBfN2YrMO0S7Mk41MpCQBVKMlmmbylhVNQjtOcbDcTQxRyrT8Pg5QNvO
v3nwLJ2iOqVA+JvOvEEwaDVFQtVTFJrLVP72+LU08WOY
-----END CERTIFICATE-----