Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nfxEfYNXKiMnDZjYj8NMeLsUeis.roa
File:                     nfxEfYNXKiMnDZjYj8NMeLsUeis.roa (raw, json)
Hash identifier:          r3NwiGNOlN4c6fnvgZ/9CTYOX/JIDawhaCHkKd++OPI=
Subject key identifier:   9D:FC:44:7D:83:57:2A:23:27:0D:98:D8:8F:C3:4C:78:BB:14:7A:2B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E682BC069BF84072F15D0BA269AB999D4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nfxEfYNXKiMnDZjYj8NMeLsUeis.roa
Signing time:             Wed 27 May 2026 06:42:38 +0000
ROA not before:           Wed 27 May 2026 06:42:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214266
IP address blocks:        31.56.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:2b:c0:69:bf:84:07:2f:15:d0:ba:26:9a:b9:99:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 27 06:42:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9dfc447d83572a23270d98d88fc34c78bb147a2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f4:64:46:f5:36:fa:66:22:08:9f:4a:20:89:
                    ac:c5:47:b2:77:f5:f0:f9:d7:75:82:79:6b:f4:37:
                    89:ef:88:8f:28:aa:0c:be:ca:c6:c2:ec:ae:e6:4f:
                    d5:0e:42:c7:a1:77:12:68:ae:4c:55:14:97:c0:b3:
                    3a:32:e1:31:dc:66:2e:26:d2:44:6a:2d:d5:d5:76:
                    68:8d:d5:60:fc:29:a3:ab:77:97:d4:87:e6:95:da:
                    7a:68:86:42:fc:c2:86:f5:7f:b3:7f:25:3d:b9:80:
                    43:c1:38:90:fb:d8:84:a1:99:fb:d1:bb:85:ae:8a:
                    7d:25:9d:01:40:f1:83:66:a7:4f:d9:68:07:b0:fb:
                    c7:2e:cf:e1:6e:e0:72:26:2a:90:63:f0:33:80:bc:
                    24:83:98:ec:b7:ff:1e:aa:8f:1d:e9:fa:19:c2:9c:
                    3e:a1:35:63:b4:7c:37:f8:63:56:f9:29:62:80:62:
                    d7:17:9b:bb:8b:04:39:2a:dd:19:2e:11:30:a1:a4:
                    23:69:a4:b0:f8:40:8d:1b:f5:67:c7:39:5b:d4:a3:
                    56:06:5e:74:11:27:c3:49:97:cc:75:7c:20:b0:54:
                    11:5c:44:e2:c4:b6:f9:b5:36:86:82:7c:1a:2f:38:
                    5d:e8:2b:3f:cd:19:c6:2f:8f:3a:37:b1:aa:20:92:
                    bf:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FC:44:7D:83:57:2A:23:27:0D:98:D8:8F:C3:4C:78:BB:14:7A:2B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nfxEfYNXKiMnDZjYj8NMeLsUeis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:4e:44:f7:b7:bc:1b:00:d8:b5:a9:e8:1b:2e:eb:1b:44:ba:
         2c:7c:57:aa:d9:a4:84:0c:1c:bb:3d:79:f8:fb:de:3d:d2:cb:
         15:ce:ac:8b:ac:ba:c9:92:6b:39:f7:12:a1:9e:22:87:53:e0:
         78:a4:a0:2b:ba:5e:5a:e1:bb:14:35:2d:95:e9:d5:fd:78:84:
         de:86:38:61:f7:b8:47:94:c1:e3:a7:99:af:19:55:81:a6:97:
         80:34:3f:9f:72:ff:8c:60:88:26:68:36:d3:70:5d:bb:74:68:
         13:e3:e5:49:76:f0:96:a0:8a:1c:d4:d4:f0:7f:53:0e:85:ce:
         9d:81:aa:f8:6f:3e:20:f6:a2:60:1f:07:f2:de:53:1b:8f:ea:
         77:58:25:83:52:d2:af:73:e0:f8:3a:c9:8c:5f:9d:89:7d:03:
         b6:d6:04:24:af:fa:73:0f:10:a4:d1:43:cb:2b:02:24:be:89:
         8b:cc:76:53:15:82:b3:77:c4:82:e1:37:d4:d5:e6:ec:08:87:
         6f:8b:ec:71:a0:b2:0a:f9:50:74:ec:16:03:7b:3c:52:62:00:
         40:7b:6e:cc:90:9a:d1:fa:48:b7:d7:f7:86:ba:7a:ad:26:4e:
         28:84:a3:e8:77:1e:ea:a0:64:09:ad:1b:ef:39:60:a2:46:bf:
         14:f1:8c:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5oK8Bpv4QHLxXQuiaauZnUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTI3MDY0MjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGZjNDQ3ZDgzNTcyYTIzMjcwZDk4ZDg4ZmMzNGM3OGJiMTQ3YTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPRkRvU2+mYiCJ9KIImsxUeyd/Xw
+dd1gnlr9DeJ74iPKKoMvsrGwuyu5k/VDkLHoXcSaK5MVRSXwLM6MuEx3GYuJtJE
ai3V1XZojdVg/Cmjq3eX1Ifmldp6aIZC/MKG9X+zfyU9uYBDwTiQ+9iEoZn70buF
rop9JZ0BQPGDZqdP2WgHsPvHLs/hbuByJiqQY/AzgLwkg5jst/8eqo8d6foZwpw+
oTVjtHw3+GNW+SligGLXF5u7iwQ5Kt0ZLhEwoaQjaaSw+ECNG/Vnxzlb1KNWBl50
ESfDSZfMdXwgsFQRXETixLb5tTaGgnwaLzhd6Cs/zRnGL486N7GqIJK/8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ38RH2DVyojJw2Y2I/DTHi7FHorMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbmZ4RWZZTlhLaU1uRFpqWWo4Tk1lTHNVZWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhpMA0G
CSqGSIb3DQEBCwUAA4IBAQAFTkT3t7wbANi1qegbLusbRLosfFeq2aSEDBy7PXn4
+9490ssVzqyLrLrJkms59xKhniKHU+B4pKArul5a4bsUNS2V6dX9eITehjhh97hH
lMHjp5mvGVWBppeAND+fcv+MYIgmaDbTcF27dGgT4+VJdvCWoIoc1NTwf1MOhc6d
gar4bz4g9qJgHwfy3lMbj+p3WCWDUtKvc+D4OsmMX52JfQO21gQkr/pzDxCk0UPL
KwIkvomLzHZTFYKzd8SC4TfU1ebsCIdvi+xxoLIK+VB07BYDezxSYgBAe27MkJrR
+ki31/eGunqtJk4ohKPodx7qoGQJrRvvOWCiRr8U8YxM
-----END CERTIFICATE-----