Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/l5kcqnWADAR6b6SZD4TT9tC2IEc.roa
File:                     l5kcqnWADAR6b6SZD4TT9tC2IEc.roa (raw, json)
Hash identifier:          H9edLsA95+yEj3OQmlCR0RXYeWYFr1edGRk1h+BOsoE=
Subject key identifier:   97:99:1C:AA:75:80:0C:04:7A:6F:A4:99:0F:84:D3:F6:D0:B6:20:47
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DC9547429BD4852AD82CC39DDE0A1DD28
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/l5kcqnWADAR6b6SZD4TT9tC2IEc.roa
Signing time:             Sun 26 Apr 2026 10:27:28 +0000
ROA not before:           Sun 26 Apr 2026 10:27:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26769
IP address blocks:        31.57.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c9:54:74:29:bd:48:52:ad:82:cc:39:dd:e0:a1:dd:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 26 10:27:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97991caa75800c047a6fa4990f84d3f6d0b62047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c5:33:04:b0:36:7b:7b:e5:28:d9:70:91:b8:
                    44:7c:2a:8d:4a:ab:60:7c:35:b4:03:2c:9a:d6:8b:
                    2b:cb:64:13:6e:5d:da:18:3e:2e:21:7f:0c:a6:1c:
                    ef:0d:1a:e1:f7:b1:f5:ff:31:e9:d7:83:fb:11:31:
                    04:ed:e1:52:cd:42:47:b7:96:fa:59:d4:10:f3:3a:
                    e1:09:2d:f0:2f:52:7c:29:95:55:d9:3b:f9:a9:19:
                    67:6b:13:57:03:df:57:e3:cb:6f:7e:82:57:bf:eb:
                    d7:dd:0d:41:17:15:c3:e5:64:0b:47:5b:b5:31:35:
                    d7:86:46:5c:8e:a9:ff:5d:83:61:21:e9:0e:76:07:
                    2e:dd:07:49:c7:a5:ab:fc:77:c3:8c:9b:64:38:d1:
                    06:6b:31:10:68:dd:4c:2f:cd:36:63:ae:12:b4:6a:
                    30:ed:c1:a3:48:50:6d:9e:e2:15:fc:57:01:ce:81:
                    1f:a4:78:14:53:9b:ab:d7:1e:b0:dc:ee:6d:37:88:
                    29:a6:82:d0:bd:c1:af:c9:c0:93:ac:dd:b2:42:92:
                    96:d7:4e:41:a7:a6:53:72:76:87:89:00:19:8e:0c:
                    e3:c5:fe:5b:74:fb:84:58:df:8c:d7:0f:aa:f9:63:
                    39:c4:a0:ab:c6:f7:f9:4c:d3:87:9d:4a:d5:62:e3:
                    ff:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:99:1C:AA:75:80:0C:04:7A:6F:A4:99:0F:84:D3:F6:D0:B6:20:47
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/l5kcqnWADAR6b6SZD4TT9tC2IEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:c4:06:50:e1:f6:07:a0:4d:37:36:6e:60:9e:9c:96:6a:61:
         a4:94:98:71:7e:57:fe:ba:3d:64:cf:f0:16:b0:2c:ae:fa:b1:
         33:1b:e9:53:01:4b:16:28:01:b4:27:68:53:9c:32:de:3c:65:
         4e:7b:33:18:ec:bd:83:43:33:1f:a0:df:74:36:a8:b0:16:7f:
         d3:a8:96:fb:ee:40:be:ec:a8:fe:f0:6e:d9:86:55:be:16:f7:
         7c:8d:a4:db:14:57:83:b0:75:da:83:cd:be:41:5a:80:53:e3:
         3e:16:90:8d:c1:13:fe:b5:81:d4:41:b9:91:05:61:9a:65:1c:
         d5:59:18:65:4f:34:4d:9d:ae:a4:76:03:38:4b:43:f4:85:88:
         b4:00:0f:0e:c5:a3:82:bd:59:dd:fc:b6:3d:ce:be:32:4f:50:
         a9:df:6c:14:2d:37:9c:93:fa:a2:d5:6f:31:5b:6a:37:b9:2c:
         a7:22:82:ff:68:02:29:68:8e:1a:4b:c6:fe:d9:55:68:68:6c:
         30:ea:35:51:3c:de:55:e0:23:49:17:ed:a8:b4:91:4c:b7:db:
         2a:f5:25:e6:7a:10:f5:1d:26:74:89:49:0c:07:6d:b5:f8:55:
         1d:0b:55:32:98:58:8e:58:04:24:ac:33:75:ff:19:fb:65:34:
         f7:9d:c8:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3JVHQpvUhSrYLMOd3god0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDI2MTAyNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Nzk5MWNhYTc1ODAwYzA0N2E2ZmE0OTkwZjg0ZDNmNmQwYjYyMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8UzBLA2e3vlKNlwkbhEfCqNSqtg
fDW0Ayya1osry2QTbl3aGD4uIX8MphzvDRrh97H1/zHp14P7ETEE7eFSzUJHt5b6
WdQQ8zrhCS3wL1J8KZVV2Tv5qRlnaxNXA99X48tvfoJXv+vX3Q1BFxXD5WQLR1u1
MTXXhkZcjqn/XYNhIekOdgcu3QdJx6Wr/HfDjJtkONEGazEQaN1ML802Y64StGow
7cGjSFBtnuIV/FcBzoEfpHgUU5ur1x6w3O5tN4gppoLQvcGvycCTrN2yQpKW105B
p6ZTcnaHiQAZjgzjxf5bdPuEWN+M1w+q+WM5xKCrxvf5TNOHnUrVYuP/aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJeZHKp1gAwEem+kmQ+E0/bQtiBHMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbDVrY3FuV0FEQVI2YjZTWkQ0VFQ5dEMySUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzktMA0G
CSqGSIb3DQEBCwUAA4IBAQC+xAZQ4fYHoE03Nm5gnpyWamGklJhxflf+uj1kz/AW
sCyu+rEzG+lTAUsWKAG0J2hTnDLePGVOezMY7L2DQzMfoN90NqiwFn/TqJb77kC+
7Kj+8G7ZhlW+Fvd8jaTbFFeDsHXag82+QVqAU+M+FpCNwRP+tYHUQbmRBWGaZRzV
WRhlTzRNna6kdgM4S0P0hYi0AA8OxaOCvVnd/LY9zr4yT1Cp32wULTeck/qi1W8x
W2o3uSynIoL/aAIpaI4aS8b+2VVoaGww6jVRPN5V4CNJF+2otJFMt9sq9SXmehD1
HSZ0iUkMB221+FUdC1UymFiOWAQkrDN1/xn7ZTT3ncgr
-----END CERTIFICATE-----