Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u-ZkWIj6_ICH3eap_olYJLxLPFM.roa
File:                     u-ZkWIj6_ICH3eap_olYJLxLPFM.roa (raw, json)
Hash identifier:          x3SCx4LZGTFk8Ua5UNqikcEByfP1I8QBC5ffq/UQEpI=
Subject key identifier:   BB:E6:64:58:88:FA:FC:80:87:DD:E6:A9:FE:89:58:24:BC:4B:3C:53
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EFACCB35BE09F154C903363B3DAE7870A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u-ZkWIj6_ICH3eap_olYJLxLPFM.roa
Signing time:             Wed 24 Jun 2026 18:02:59 +0000
ROA not before:           Wed 24 Jun 2026 18:02:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        31.57.140.0/24 maxlen: 24
                          31.59.254.0/24 maxlen: 24
                          31.59.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fa:cc:b3:5b:e0:9f:15:4c:90:33:63:b3:da:e7:87:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 24 18:02:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bbe6645888fafc8087dde6a9fe895824bc4b3c53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:86:6a:a6:77:37:12:77:b5:b0:65:e9:1e:4f:
                    1f:94:54:30:4d:12:74:a1:a7:04:cf:91:88:3a:71:
                    d0:02:4c:27:16:a5:00:ad:ab:dc:35:a4:db:43:d0:
                    cf:1f:be:5f:c6:c3:a0:f2:0f:cf:9a:34:dc:4f:b9:
                    59:db:50:e0:ca:6e:3a:23:fd:35:3d:57:18:72:72:
                    49:e0:b7:f5:a8:89:a5:46:ab:7c:b6:d8:46:44:51:
                    0a:b1:c6:8d:cf:74:e9:be:a5:ab:a2:f4:6a:a3:bf:
                    6a:26:8b:b0:2f:c9:2d:48:0e:81:f2:0f:80:22:75:
                    26:c5:10:08:0c:0b:80:da:38:4e:d1:0f:a7:60:d0:
                    d2:f3:25:db:5a:56:5a:66:89:da:8f:a4:4c:42:b4:
                    27:a4:d6:cf:29:fc:81:de:94:11:6f:40:05:48:7e:
                    0c:20:02:67:f6:3d:ce:c6:c1:be:66:d4:02:fa:10:
                    b9:84:ae:4d:41:43:1d:76:9e:15:89:6e:e7:50:fe:
                    c4:33:d2:e9:79:a4:e9:52:d9:56:98:c5:48:7a:10:
                    83:e9:2d:cf:8a:8f:66:5e:c4:4c:4a:73:8d:6f:a6:
                    8c:c5:02:51:68:96:90:7e:8f:ef:52:97:b3:e4:23:
                    27:dc:82:5d:07:c2:78:4a:57:8b:42:fd:3c:29:d6:
                    25:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:E6:64:58:88:FA:FC:80:87:DD:E6:A9:FE:89:58:24:BC:4B:3C:53
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u-ZkWIj6_ICH3eap_olYJLxLPFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.140.0/24
                  31.59.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:0a:59:86:e5:62:0f:d7:31:aa:cc:b1:32:67:f3:f9:91:d0:
         b6:25:2e:83:49:90:07:50:0a:90:03:f7:f7:1c:db:81:2e:a7:
         60:b9:fe:5e:47:16:90:5f:26:f7:6b:e0:49:d2:b6:0c:c1:bf:
         ac:aa:76:fb:1a:a5:72:83:06:a3:21:ef:a2:2a:81:8c:e5:e9:
         f6:c5:7f:82:d2:7e:de:0d:ce:6b:c7:c9:3e:42:ed:3a:fb:90:
         92:2f:db:7d:28:8a:c7:4c:b6:f8:54:7e:54:f6:b4:9b:9f:44:
         9b:e8:d3:5b:68:05:86:00:b2:63:98:a2:d6:c1:ed:c5:21:80:
         c7:f9:79:12:43:53:e9:84:3c:1f:47:4c:33:4a:7a:35:0d:66:
         3c:34:00:8a:c7:fe:65:5f:74:d7:9f:dc:34:b7:43:8a:b8:f1:
         0d:b1:b9:c1:3f:41:98:f2:42:eb:fe:87:a2:ac:87:aa:4a:1b:
         d4:a3:51:49:04:6e:0d:a8:31:31:07:8f:9a:87:fd:e4:24:b1:
         26:46:7e:16:88:75:9d:dd:b2:12:ad:57:1c:98:86:9d:a2:0d:
         74:6e:9a:ce:f3:e8:ee:c5:fa:43:d0:df:60:08:d9:89:95:11:
         d9:2c:3e:f1:c2:62:03:98:d7:b1:d7:f8:ea:2e:c3:83:bb:32:
         63:d8:59:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ76zLNb4J8VTJAzY7Pa54cKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjI0MTgwMjU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmU2NjQ1ODg4ZmFmYzgwODdkZGU2YTlmZTg5NTgyNGJjNGIzYzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4Zqpnc3Ene1sGXpHk8flFQwTRJ0
oacEz5GIOnHQAkwnFqUAravcNaTbQ9DPH75fxsOg8g/PmjTcT7lZ21Dgym46I/01
PVcYcnJJ4Lf1qImlRqt8tthGRFEKscaNz3TpvqWrovRqo79qJouwL8ktSA6B8g+A
InUmxRAIDAuA2jhO0Q+nYNDS8yXbWlZaZonaj6RMQrQnpNbPKfyB3pQRb0AFSH4M
IAJn9j3OxsG+ZtQC+hC5hK5NQUMddp4ViW7nUP7EM9LpeaTpUtlWmMVIehCD6S3P
io9mXsRMSnONb6aMxQJRaJaQfo/vUpez5CMn3IJdB8J4SleLQv08KdYl4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLvmZFiI+vyAh93mqf6JWCS8SzxTMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdS1aa1dJajZfSUNIM2VhcF9vbFlKTHhMUEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmMAwQB
Hzv+MA0GCSqGSIb3DQEBCwUAA4IBAQA2ClmG5WIP1zGqzLEyZ/P5kdC2JS6DSZAH
UAqQA/f3HNuBLqdguf5eRxaQXyb3a+BJ0rYMwb+sqnb7GqVygwajIe+iKoGM5en2
xX+C0n7eDc5rx8k+Qu06+5CSL9t9KIrHTLb4VH5U9rSbn0Sb6NNbaAWGALJjmKLW
we3FIYDH+XkSQ1PphDwfR0wzSno1DWY8NACKx/5lX3TXn9w0t0OKuPENsbnBP0GY
8kLr/oeirIeqShvUo1FJBG4NqDExB4+ah/3kJLEmRn4WiHWd3bISrVccmIadog10
bprO8+juxfpD0N9gCNmJlRHZLD7xwmIDmNex1/jqLsODuzJj2Fmt
-----END CERTIFICATE-----