Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/yi1HpDBZAIA4wC2NfgeU_1qW8CA.roa
File:                     yi1HpDBZAIA4wC2NfgeU_1qW8CA.roa (raw, json)
Hash identifier:          DOonIgAfIcY52rn81kJwcmQWttP4QaqBooqhLmWWWeo=
Subject key identifier:   CA:2D:47:A4:30:59:00:80:38:C0:2D:8D:7E:07:94:FF:5A:96:F0:20
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DB1558B9DA58CE17BA60FB15331B4D806
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/yi1HpDBZAIA4wC2NfgeU_1qW8CA.roa
Signing time:             Tue 21 Apr 2026 18:37:46 +0000
ROA not before:           Tue 21 Apr 2026 18:37:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        31.57.53.0/24 maxlen: 24
                          31.57.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b1:55:8b:9d:a5:8c:e1:7b:a6:0f:b1:53:31:b4:d8:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 21 18:37:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca2d47a43059008038c02d8d7e0794ff5a96f020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:05:d9:2e:0a:a0:f2:49:24:0c:07:dd:fc:88:
                    a9:92:dc:3b:a3:49:b9:4f:0a:65:1e:42:3b:d0:e7:
                    73:91:a5:0e:2e:0e:a9:7c:88:e7:54:69:44:9e:62:
                    c2:1f:b1:9b:4e:a2:14:98:1e:a9:60:42:f7:6e:e3:
                    33:9f:d9:2f:b0:50:01:46:90:a6:71:55:c2:9d:00:
                    37:fe:14:89:7d:9b:74:33:bf:44:dd:c7:9e:5c:05:
                    22:ba:b2:c4:b2:0e:07:48:a9:39:c1:1e:94:57:c1:
                    53:db:46:7c:c0:68:1e:38:43:c0:ce:01:91:28:9e:
                    1f:4b:f3:cd:11:9e:2e:5d:84:6e:36:d5:fd:1d:4c:
                    95:5b:95:9f:9b:be:93:1c:7a:2c:a6:f9:d0:a0:e6:
                    4e:bf:1b:79:23:de:fe:51:01:ab:34:e6:31:55:49:
                    91:77:34:bf:e1:0e:fb:f6:a2:9f:ae:5b:42:a8:d1:
                    56:78:e7:df:eb:0d:79:81:d0:ad:f8:be:f4:4c:e8:
                    e9:6c:18:9b:27:00:60:9b:03:eb:3f:a2:9e:9b:e2:
                    5c:71:7b:5c:18:56:ba:11:e9:52:62:ac:38:2a:c9:
                    ff:80:1a:a4:6c:d7:fc:36:8a:0f:48:f4:e6:c1:98:
                    00:b0:4e:dd:53:31:c5:d9:82:bb:bd:ec:1e:48:37:
                    d2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2D:47:A4:30:59:00:80:38:C0:2D:8D:7E:07:94:FF:5A:96:F0:20
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/yi1HpDBZAIA4wC2NfgeU_1qW8CA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.53.0/24
                  31.57.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:9b:27:8f:c1:e5:48:58:e8:34:8c:ed:c5:76:6c:b8:57:6a:
         c9:8a:13:1f:26:5c:22:cd:9f:c3:13:e8:3f:43:66:13:a5:2d:
         73:94:a1:8a:ce:cc:56:34:f7:9d:47:1f:10:c3:ad:bf:7c:ce:
         aa:89:89:00:61:e9:5a:59:bb:5a:81:d7:b9:bf:c2:9f:27:06:
         17:a1:8f:4f:a2:f4:85:5b:97:67:78:68:13:30:b3:83:3f:1a:
         e7:ca:6b:3d:71:e3:5f:d5:5b:53:5b:01:2c:3d:fb:4a:33:f1:
         b5:44:de:79:28:96:0a:8c:8b:50:a5:15:3b:66:c0:06:63:fb:
         c2:91:41:bb:b2:3b:2e:14:8d:39:fd:4c:ec:ac:6b:d9:4d:d9:
         d6:e7:7c:2d:1d:08:d6:de:30:61:da:3e:38:1c:c9:84:df:76:
         96:ef:b0:e5:25:94:51:eb:a9:31:91:d9:c6:82:f8:5d:90:c5:
         74:d2:a6:7f:0d:b6:b8:1d:4d:c4:46:09:6f:a9:f5:60:cf:ef:
         ec:31:46:d8:b7:b2:48:7a:6f:84:b8:25:f1:73:d8:65:0e:4d:
         4e:98:77:ca:0c:97:ba:57:89:98:13:eb:cc:d4:de:8b:a2:97:
         56:ed:ad:e7:6a:22:9e:b9:dc:de:e2:f6:cf:f4:af:ea:77:9f:
         5f:fd:4a:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2xVYudpYzhe6YPsVMxtNgGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDIxMTgzNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTJkNDdhNDMwNTkwMDgwMzhjMDJkOGQ3ZTA3OTRmZjVhOTZmMDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgXZLgqg8kkkDAfd/Iipktw7o0m5
TwplHkI70OdzkaUOLg6pfIjnVGlEnmLCH7GbTqIUmB6pYEL3buMzn9kvsFABRpCm
cVXCnQA3/hSJfZt0M79E3ceeXAUiurLEsg4HSKk5wR6UV8FT20Z8wGgeOEPAzgGR
KJ4fS/PNEZ4uXYRuNtX9HUyVW5Wfm76THHospvnQoOZOvxt5I97+UQGrNOYxVUmR
dzS/4Q779qKfrltCqNFWeOff6w15gdCt+L70TOjpbBibJwBgmwPrP6Kem+JccXtc
GFa6EelSYqw4Ksn/gBqkbNf8NooPSPTmwZgAsE7dUzHF2YK7veweSDfSBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMotR6QwWQCAOMAtjX4HlP9alvAgMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveWkxSHBEQlpBSUE0d0MyTmZnZVVfMXFXOENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzk1AwQA
Hzk7MA0GCSqGSIb3DQEBCwUAA4IBAQAXmyePweVIWOg0jO3Fdmy4V2rJihMfJlwi
zZ/DE+g/Q2YTpS1zlKGKzsxWNPedRx8Qw62/fM6qiYkAYelaWbtagde5v8KfJwYX
oY9PovSFW5dneGgTMLODPxrnyms9ceNf1VtTWwEsPftKM/G1RN55KJYKjItQpRU7
ZsAGY/vCkUG7sjsuFI05/UzsrGvZTdnW53wtHQjW3jBh2j44HMmE33aW77DlJZRR
66kxkdnGgvhdkMV00qZ/Dba4HU3ERglvqfVgz+/sMUbYt7JIem+EuCXxc9hlDk1O
mHfKDJe6V4mYE+vM1N6LopdW7a3naiKeudze4vbP9K/qd59f/UqT
-----END CERTIFICATE-----