Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/4sfU9lG4vOzhUHzNup1C2QtE_8I.roa
File:                     4sfU9lG4vOzhUHzNup1C2QtE_8I.roa (raw, json)
Hash identifier:          bYCqsbAVZxTJ2+Iy8BdbL2UVRXdOLYLR6HOXUl7bGWY=
Subject key identifier:   E2:C7:D4:F6:51:B8:BC:EC:E1:50:7C:CD:BA:9D:42:D9:0B:44:FF:C2
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       019CE21C9A84A416BE00C06742BDF868C628
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/4sfU9lG4vOzhUHzNup1C2QtE_8I.roa
Signing time:             Thu 12 Mar 2026 12:54:11 +0000
ROA not before:           Thu 12 Mar 2026 12:54:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50959
IP address blocks:        31.171.64.0/24 maxlen: 24
                          31.171.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:1c:9a:84:a4:16:be:00:c0:67:42:bd:f8:68:c6:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Mar 12 12:54:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2c7d4f651b8bcece1507ccdba9d42d90b44ffc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:10:31:c5:32:9a:d0:a9:14:d9:4d:c3:fb:16:
                    de:d9:ba:f0:66:12:8b:c1:0f:f7:d3:29:df:e4:e7:
                    07:68:79:0d:d2:cc:87:97:16:cf:1f:3e:93:10:da:
                    87:a8:e8:c8:98:bf:f9:db:be:87:87:9c:e5:13:fd:
                    a2:0c:98:8b:d4:d2:a2:bc:5e:a6:9c:01:32:1c:bc:
                    4d:fb:c0:03:e7:24:31:6b:2e:43:34:b6:c9:84:d6:
                    c1:70:3e:d4:c7:82:d5:7b:a1:1a:3f:94:95:12:f5:
                    5d:7e:2e:64:af:16:f8:a3:44:64:68:00:b6:f8:27:
                    82:99:06:fa:09:a2:04:29:0a:06:76:b0:d5:8f:dd:
                    f5:83:ac:3c:b3:63:db:80:20:a3:25:66:e5:ce:df:
                    a3:2b:70:e3:5e:a4:0e:ff:0b:57:e5:29:1c:56:9b:
                    64:28:91:a1:3f:4d:b8:d6:10:c5:a1:9c:f4:c5:a6:
                    c1:aa:6b:22:21:98:7d:67:a4:3c:d0:47:ba:6c:91:
                    b2:c5:c2:99:98:a3:70:d0:8e:8a:4e:ed:f8:d8:68:
                    1b:f3:74:33:70:cf:b6:2d:23:9e:65:b5:3a:4c:b2:
                    0d:2f:1f:77:b1:87:ce:06:f8:6e:a9:89:84:93:8a:
                    d9:f0:74:b5:5c:c5:f9:b2:8f:e7:5b:eb:9b:d4:7c:
                    f4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C7:D4:F6:51:B8:BC:EC:E1:50:7C:CD:BA:9D:42:D9:0B:44:FF:C2
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/4sfU9lG4vOzhUHzNup1C2QtE_8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:a9:4c:39:06:1c:49:a5:e4:94:33:60:5c:c8:b3:6c:fb:96:
         f3:f0:b9:2b:c2:a4:1a:a2:42:cc:06:e3:e8:22:53:fa:dc:ee:
         2d:66:96:fe:9e:26:0f:2a:f6:0f:96:b4:cb:8e:20:33:3f:b9:
         65:9e:69:ce:e7:89:36:89:9a:d1:db:44:62:ec:b1:28:e6:07:
         73:b6:1e:3a:99:8e:1d:9b:b1:c3:13:86:29:55:2b:65:2d:4b:
         95:1f:0d:c4:3f:34:5b:82:39:1f:c6:6c:04:4e:c1:3b:e9:d1:
         1c:de:cb:68:e1:84:98:8b:b0:67:b5:66:56:d9:13:b3:b9:19:
         95:43:a8:48:ad:87:7f:51:81:06:bc:ba:1e:13:fe:f0:15:e9:
         1c:7b:b8:ab:23:e4:8b:fb:f7:47:9a:9c:c6:1b:59:d4:a1:4c:
         72:2d:38:40:b9:42:8b:ba:4c:12:0f:a1:2a:ed:c5:c5:84:91:
         53:bb:3c:23:f2:b5:36:19:da:73:5e:2b:84:43:ee:07:63:ab:
         34:53:72:af:ba:e9:45:71:fe:6f:9e:ab:2b:b1:2e:9f:c8:e5:
         5f:6f:b9:b4:13:bb:83:49:03:04:cf:19:bc:4f:f6:63:95:a3:
         6d:cf:cd:a5:10:d0:b5:45:a1:a6:0d:01:e4:d0:3d:ce:70:4e:
         14:25:7e:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZziHJqEpBa+AMBnQr34aMYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjYwMzEyMTI1NDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmM3ZDRmNjUxYjhiY2VjZTE1MDdjY2RiYTlkNDJkOTBiNDRmZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxAxxTKa0KkU2U3D+xbe2brwZhKL
wQ/30ynf5OcHaHkN0syHlxbPHz6TENqHqOjImL/5276Hh5zlE/2iDJiL1NKivF6m
nAEyHLxN+8AD5yQxay5DNLbJhNbBcD7Ux4LVe6EaP5SVEvVdfi5krxb4o0RkaAC2
+CeCmQb6CaIEKQoGdrDVj931g6w8s2PbgCCjJWblzt+jK3DjXqQO/wtX5SkcVptk
KJGhP0241hDFoZz0xabBqmsiIZh9Z6Q80Ee6bJGyxcKZmKNw0I6KTu342Ggb83Qz
cM+2LSOeZbU6TLINLx93sYfOBvhuqYmEk4rZ8HS1XMX5so/nW+ub1Hz0pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLH1PZRuLzs4VB8zbqdQtkLRP/CMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvNHNmVTlsRzR2T3poVUh6TnVwMUMyUXRFXzhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH6tAMA0G
CSqGSIb3DQEBCwUAA4IBAQAKqUw5BhxJpeSUM2BcyLNs+5bz8LkrwqQaokLMBuPo
IlP63O4tZpb+niYPKvYPlrTLjiAzP7llnmnO54k2iZrR20Ri7LEo5gdzth46mY4d
m7HDE4YpVStlLUuVHw3EPzRbgjkfxmwETsE76dEc3sto4YSYi7BntWZW2ROzuRmV
Q6hIrYd/UYEGvLoeE/7wFekce7irI+SL+/dHmpzGG1nUoUxyLThAuUKLukwSD6Eq
7cXFhJFTuzwj8rU2GdpzXiuEQ+4HY6s0U3KvuulFcf5vnqsrsS6fyOVfb7m0E7uD
SQMEzxm8T/ZjlaNtz82lENC1RaGmDQHk0D3OcE4UJX4I
-----END CERTIFICATE-----