Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/srHlnJbBHocTNERMB14aSVMPCi0.roa
File:                     srHlnJbBHocTNERMB14aSVMPCi0.roa (raw, json)
Hash identifier:          rbNNeDvZ2kT2guQHhWRzc5Bki7sTCeoHQgelDHTf9rM=
Subject key identifier:   B2:B1:E5:9C:96:C1:1E:87:13:34:44:4C:07:5E:1A:49:53:0F:0A:2D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EF827C6CCE0E5FDDBEDAC3B1CA813D4BA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/srHlnJbBHocTNERMB14aSVMPCi0.roa
Signing time:             Wed 24 Jun 2026 05:43:36 +0000
ROA not before:           Wed 24 Jun 2026 05:43:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152726
IP address blocks:        31.56.35.0/24 maxlen: 24
                          31.57.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f8:27:c6:cc:e0:e5:fd:db:ed:ac:3b:1c:a8:13:d4:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 24 05:43:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2b1e59c96c11e871334444c075e1a49530f0a2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4b:2b:b7:42:7f:ad:71:e3:aa:bd:23:89:25:
                    64:a1:c4:e0:22:1f:7f:15:79:48:3c:be:68:ed:f9:
                    91:ab:41:af:30:c0:8d:f2:9a:e8:50:9b:bb:54:70:
                    1a:c7:6e:70:3b:6f:37:32:85:5a:0f:4b:55:2e:dd:
                    47:9e:fa:d5:81:88:1d:25:9e:39:05:f2:8d:e7:6f:
                    56:0a:71:f5:cd:f4:fc:c0:32:9d:e8:a9:d4:6f:89:
                    d7:49:16:5a:c4:82:0b:24:86:98:8e:e6:7e:7c:51:
                    2f:d4:bc:20:3d:60:72:af:77:ce:f5:5d:88:db:63:
                    37:8e:c9:2b:a0:10:09:01:e1:b2:46:ab:9d:54:77:
                    e5:c9:4b:f6:68:72:ee:d1:64:04:e2:f3:29:81:13:
                    58:7c:12:6c:26:73:41:53:fb:75:a5:45:d6:5a:1a:
                    9d:49:35:57:83:a0:3f:99:f2:cd:54:a5:1b:b3:11:
                    8a:ce:67:0d:4f:8a:eb:3e:c0:6e:72:27:0d:12:f5:
                    ec:fd:d3:9b:fd:b7:2c:d8:ab:04:a8:0f:60:f8:80:
                    2f:1c:e2:d6:3b:de:37:32:74:42:32:4e:aa:06:a4:
                    d4:db:31:b3:44:2c:dd:14:07:6b:b8:47:b6:e4:f5:
                    10:23:8a:38:4d:19:7d:c2:b9:b9:1a:5d:bf:9f:23:
                    83:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:B1:E5:9C:96:C1:1E:87:13:34:44:4C:07:5E:1A:49:53:0F:0A:2D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/srHlnJbBHocTNERMB14aSVMPCi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.35.0/24
                  31.57.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:48:fc:a5:a7:bc:36:d9:24:1e:fa:be:7e:3e:5b:a0:1f:a9:
         55:fa:25:3a:8f:aa:82:22:33:82:70:0f:84:a8:fa:b3:a6:1e:
         39:a8:f7:9b:e2:5f:b1:d7:73:be:29:fb:a5:e9:93:0a:df:76:
         1d:30:c0:9d:5c:aa:b7:9d:e6:1a:e1:a9:bb:71:52:36:50:9d:
         f8:83:ba:19:be:2f:46:90:00:65:2d:95:5b:da:41:37:0f:42:
         03:24:80:3d:e4:b6:7e:d9:f6:0a:6f:40:5e:1e:b7:7c:21:80:
         73:14:57:58:f5:91:e0:1d:e8:32:9a:95:70:a9:ea:5b:50:c5:
         3e:cc:00:3d:f4:5f:9a:47:86:3e:7c:1c:89:d4:be:2c:b3:2a:
         98:38:9e:43:6f:33:64:3b:5c:85:d6:c0:b2:7f:c8:7c:93:a4:
         d6:65:f5:c7:88:5f:ea:ba:07:59:fe:c2:c1:76:74:27:1d:f0:
         6b:bc:a6:50:f0:e8:6f:0a:a7:98:81:d4:06:7d:ab:5e:c3:ef:
         63:6e:0b:d1:2a:69:ec:8b:06:87:23:e5:27:e8:76:ee:0d:b8:
         68:76:c9:51:3b:21:26:11:e2:6f:f2:aa:84:70:23:c0:e7:e9:
         06:73:ea:f8:c0:09:40:c7:c0:34:89:43:46:62:71:8a:52:2f:
         59:6e:8e:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ74J8bM4OX92+2sOxyoE9S6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjI0MDU0MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmIxZTU5Yzk2YzExZTg3MTMzNDQ0NGMwNzVlMWE0OTUzMGYwYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUsrt0J/rXHjqr0jiSVkocTgIh9/
FXlIPL5o7fmRq0GvMMCN8proUJu7VHAax25wO283MoVaD0tVLt1HnvrVgYgdJZ45
BfKN529WCnH1zfT8wDKd6KnUb4nXSRZaxIILJIaYjuZ+fFEv1LwgPWByr3fO9V2I
22M3jskroBAJAeGyRqudVHflyUv2aHLu0WQE4vMpgRNYfBJsJnNBU/t1pUXWWhqd
STVXg6A/mfLNVKUbsxGKzmcNT4rrPsBucicNEvXs/dOb/bcs2KsEqA9g+IAvHOLW
O943MnRCMk6qBqTU2zGzRCzdFAdruEe25PUQI4o4TRl9wrm5Gl2/nyOD4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLKx5ZyWwR6HEzRETAdeGklTDwotMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvc3JIbG5KYkJIb2NUTkVSTUIxNGFTVk1QQ2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzgjAwQA
HzmbMA0GCSqGSIb3DQEBCwUAA4IBAQAbSPylp7w22SQe+r5+PlugH6lV+iU6j6qC
IjOCcA+EqPqzph45qPeb4l+x13O+Kful6ZMK33YdMMCdXKq3neYa4am7cVI2UJ34
g7oZvi9GkABlLZVb2kE3D0IDJIA95LZ+2fYKb0BeHrd8IYBzFFdY9ZHgHegympVw
qepbUMU+zAA99F+aR4Y+fByJ1L4ssyqYOJ5DbzNkO1yF1sCyf8h8k6TWZfXHiF/q
ugdZ/sLBdnQnHfBrvKZQ8OhvCqeYgdQGfatew+9jbgvRKmnsiwaHI+Un6HbuDbho
dslROyEmEeJv8qqEcCPA5+kGc+r4wAlAx8A0iUNGYnGKUi9Zbo4W
-----END CERTIFICATE-----