Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lu7zgfF9HEHkKaFAmrqdyGyyh-s.roa
File:                     lu7zgfF9HEHkKaFAmrqdyGyyh-s.roa (raw, json)
Hash identifier:          KIBxBIKPZWaZs5t5CKS+2ty7JTruQ3dqXCxyWPfHdOc=
Subject key identifier:   96:EE:F3:81:F1:7D:1C:41:E4:29:A1:40:9A:BA:9D:C8:6C:B2:87:EB
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E5123C1748DEA4181ADDBBF63DE969BAD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lu7zgfF9HEHkKaFAmrqdyGyyh-s.roa
Signing time:             Fri 22 May 2026 19:22:38 +0000
ROA not before:           Fri 22 May 2026 19:22:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213791
IP address blocks:        31.57.112.0/24 maxlen: 24
                          217.60.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:51:23:c1:74:8d:ea:41:81:ad:db:bf:63:de:96:9b:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 22 19:22:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96eef381f17d1c41e429a1409aba9dc86cb287eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:61:f9:4c:e9:a3:7c:ff:76:d0:d7:ab:dc:b7:
                    fc:75:07:d6:16:fc:39:16:3d:70:f0:c7:fb:d4:91:
                    5d:00:fb:14:38:7f:40:7e:61:f6:cd:e8:ab:4f:5a:
                    e4:86:28:ac:e6:f4:9f:df:61:98:d3:6b:56:89:6d:
                    a0:49:e0:d3:11:4e:bd:45:49:d2:5f:d9:d8:ba:c3:
                    d8:dd:2a:90:e5:2f:7a:db:fa:ad:63:be:bf:f9:0b:
                    be:1c:f2:44:e6:a2:db:53:37:37:b6:ce:b5:48:db:
                    9c:c1:81:26:50:d4:b6:0a:8b:aa:09:a8:b4:e9:7f:
                    91:2f:00:fc:6e:b8:92:3c:0c:fe:e8:f2:c4:db:3b:
                    5b:a5:e6:fd:26:88:1b:77:24:bf:82:47:83:1a:40:
                    12:fc:21:23:30:89:1a:a2:4a:24:29:05:b2:83:73:
                    c0:f5:22:7a:6a:e9:0b:ed:44:52:fd:0c:05:1a:05:
                    3e:61:4d:74:80:64:ca:a7:5f:13:4a:7d:b0:dc:8b:
                    49:30:e0:32:db:23:18:02:50:c4:55:7a:cb:f0:fe:
                    ee:8a:ad:44:b0:e0:de:a1:a1:37:8b:c7:02:7a:47:
                    b2:00:04:95:66:75:1f:60:1d:fc:d5:1a:c6:4b:dd:
                    20:56:c1:01:3d:5c:5a:fb:ca:3c:68:9e:4c:2a:f0:
                    3c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:EE:F3:81:F1:7D:1C:41:E4:29:A1:40:9A:BA:9D:C8:6C:B2:87:EB
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lu7zgfF9HEHkKaFAmrqdyGyyh-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.112.0/24
                  217.60.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:e5:a5:6f:cd:86:b3:f5:16:c8:90:7e:72:cf:cc:ce:f1:ad:
         e1:96:7c:ca:2a:d3:93:63:d4:ed:1a:14:d2:85:72:83:6d:91:
         de:b3:aa:6e:4f:02:6a:31:35:ac:1b:7d:8a:9a:f6:1f:ec:ee:
         dc:36:a8:54:8e:e7:55:a0:16:2e:c0:01:9f:1e:ec:ed:ed:95:
         b9:db:d9:10:aa:d6:2f:62:1e:14:6f:4b:22:12:12:a2:c5:3d:
         91:93:30:0a:e2:2e:3a:01:6b:0c:e5:7c:2c:b4:b4:e7:60:93:
         e4:28:2d:a9:51:2b:1e:87:c1:13:49:2c:7b:d8:46:d0:f3:cc:
         0d:c6:68:3e:8a:c5:fa:39:d8:29:b2:f0:17:09:40:28:d7:0e:
         4d:ee:ba:b3:17:8e:7a:c9:b6:a2:06:0b:c9:67:2d:13:59:7b:
         d8:b7:41:7a:fe:d4:43:67:7f:6a:e5:4c:5d:82:63:76:74:c3:
         dc:03:f3:9e:df:22:be:c7:c4:92:a2:24:c8:3d:8a:1c:0e:45:
         a7:4e:27:85:52:20:93:7f:05:0d:7c:75:a8:cb:e6:74:8d:23:
         78:cd:e5:9c:3a:72:d0:bd:93:c3:b7:ea:91:d5:aa:2e:6d:56:
         c3:e0:45:29:fd:15:8c:22:ff:92:c4:79:e3:b4:27:19:11:ca:
         4a:74:aa:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5RI8F0jepBga3bv2PelputMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTIyMTkyMjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmVlZjM4MWYxN2QxYzQxZTQyOWExNDA5YWJhOWRjODZjYjI4N2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2H5TOmjfP920Ner3Lf8dQfWFvw5
Fj1w8Mf71JFdAPsUOH9AfmH2zeirT1rkhiis5vSf32GY02tWiW2gSeDTEU69RUnS
X9nYusPY3SqQ5S962/qtY76/+Qu+HPJE5qLbUzc3ts61SNucwYEmUNS2CouqCai0
6X+RLwD8briSPAz+6PLE2ztbpeb9JogbdyS/gkeDGkAS/CEjMIkaokokKQWyg3PA
9SJ6aukL7URS/QwFGgU+YU10gGTKp18TSn2w3ItJMOAy2yMYAlDEVXrL8P7uiq1E
sODeoaE3i8cCekeyAASVZnUfYB381RrGS90gVsEBPVxa+8o8aJ5MKvA8yQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJbu84HxfRxB5CmhQJq6nchssofrMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbHU3emdmRjlIRUhrS2FGQW1ycWR5R3l5aC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzlwAwQA
2TxjMA0GCSqGSIb3DQEBCwUAA4IBAQBs5aVvzYaz9RbIkH5yz8zO8a3hlnzKKtOT
Y9TtGhTShXKDbZHes6puTwJqMTWsG32KmvYf7O7cNqhUjudVoBYuwAGfHuzt7ZW5
29kQqtYvYh4Ub0siEhKixT2RkzAK4i46AWsM5XwstLTnYJPkKC2pUSseh8ETSSx7
2EbQ88wNxmg+isX6OdgpsvAXCUAo1w5N7rqzF456ybaiBgvJZy0TWXvYt0F6/tRD
Z39q5UxdgmN2dMPcA/Oe3yK+x8SSoiTIPYocDkWnTieFUiCTfwUNfHWoy+Z0jSN4
zeWcOnLQvZPDt+qR1aoubVbD4EUp/RWMIv+SxHnjtCcZEcpKdKo0
-----END CERTIFICATE-----