Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/B7x0jmVWmsHSUdMfwd1LmJIKVNo.roa
File:                     B7x0jmVWmsHSUdMfwd1LmJIKVNo.roa (raw, json)
Hash identifier:          fSy2egyC6JqbDCR9a98SidtOV7Vako6PC51ABnPijlU=
Subject key identifier:   07:BC:74:8E:65:56:9A:C1:D2:51:D3:1F:C1:DD:4B:98:92:0A:54:DA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CE361A110EF66A7DEB49C438BB0D6A9B3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/B7x0jmVWmsHSUdMfwd1LmJIKVNo.roa
Signing time:             Thu 12 Mar 2026 18:49:11 +0000
ROA not before:           Thu 12 Mar 2026 18:49:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        31.56.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e3:61:a1:10:ef:66:a7:de:b4:9c:43:8b:b0:d6:a9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 12 18:49:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07bc748e65569ac1d251d31fc1dd4b98920a54da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b3:e2:ae:1d:60:68:1a:ad:85:17:a6:42:e4:
                    90:65:3a:d2:8e:ab:58:1c:b2:4d:35:57:8c:d4:e6:
                    f1:6f:cb:e8:9c:69:e5:2e:b2:a1:f3:c0:96:b3:e8:
                    24:ae:9b:bc:f5:f8:f9:87:08:48:2a:d4:69:49:22:
                    7b:6b:ec:ee:12:1c:ea:3d:1e:61:d4:8b:07:b7:54:
                    5c:33:70:ac:75:4c:9b:01:be:55:e2:79:14:20:da:
                    38:92:f4:af:81:67:21:2a:60:13:6e:ec:78:6f:56:
                    c7:bc:46:c8:2e:6a:60:eb:c7:b7:86:31:9d:3a:f4:
                    69:4f:7a:5d:dd:aa:65:1e:1a:6c:44:0f:fc:4c:1e:
                    88:77:58:58:5f:f3:e0:95:47:b7:03:b0:39:de:c4:
                    49:1c:8e:31:d1:9c:e2:2c:68:4a:2b:ac:92:95:ac:
                    f0:8e:fc:c8:93:eb:3d:b8:21:c7:95:3c:64:47:bd:
                    a6:2a:8d:b0:d8:66:03:29:be:52:10:be:27:11:d4:
                    a9:9f:a3:fb:30:d8:00:18:b7:04:cc:62:4b:c6:5f:
                    13:d6:e9:05:c2:d4:27:1e:d1:32:4d:bc:02:95:af:
                    89:55:d1:82:ac:f6:30:17:88:dd:c6:ec:9c:dc:86:
                    98:c4:8b:a9:21:55:c6:ec:03:29:e7:8a:0f:c3:c2:
                    9d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:BC:74:8E:65:56:9A:C1:D2:51:D3:1F:C1:DD:4B:98:92:0A:54:DA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/B7x0jmVWmsHSUdMfwd1LmJIKVNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ac:98:ab:aa:e2:a8:d2:1d:55:79:77:b1:e7:a6:26:27:34:
         cf:8d:c9:33:10:f9:34:f3:d6:dc:9a:58:89:18:d5:b1:cb:1f:
         87:26:2c:cc:b4:c2:ba:d0:d6:74:a7:df:f8:b8:04:c0:74:f1:
         8c:53:f1:2e:9f:36:80:59:72:93:2b:71:da:53:8a:76:26:df:
         09:38:46:a5:24:1c:a2:4d:9a:ac:b9:73:85:36:58:ee:04:60:
         f0:42:26:24:c4:84:8c:69:64:04:df:10:8d:6c:ab:6b:94:61:
         4d:aa:4f:5d:59:c8:eb:8b:92:ca:60:3a:d0:6e:c0:4a:fd:65:
         b7:43:3f:9a:4b:7b:5b:78:c7:ea:44:44:4d:60:d3:af:25:fb:
         9c:8c:c8:c0:ee:2c:62:b2:b9:ce:5d:61:af:10:ca:55:61:18:
         01:07:2d:e7:86:a5:20:c9:d1:7d:72:51:27:75:a1:40:fd:b2:
         2d:2c:9f:36:77:72:ad:21:65:b7:e8:e3:a9:3d:30:06:8a:ef:
         7a:0e:ca:5b:bd:f4:46:25:25:20:74:90:21:3b:ae:d2:45:4f:
         14:82:0f:be:d7:a9:31:5e:0b:e7:3e:38:02:f5:4c:a4:8d:3b:
         57:73:aa:ce:4d:c8:b9:0f:ae:8d:9f:b1:aa:c9:5c:48:e7:f2:
         e0:1c:7f:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzjYaEQ72an3rScQ4uw1qmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzEyMTg0OTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2JjNzQ4ZTY1NTY5YWMxZDI1MWQzMWZjMWRkNGI5ODkyMGE1NGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7Pirh1gaBqthRemQuSQZTrSjqtY
HLJNNVeM1Obxb8vonGnlLrKh88CWs+gkrpu89fj5hwhIKtRpSSJ7a+zuEhzqPR5h
1IsHt1RcM3CsdUybAb5V4nkUINo4kvSvgWchKmATbux4b1bHvEbILmpg68e3hjGd
OvRpT3pd3aplHhpsRA/8TB6Id1hYX/PglUe3A7A53sRJHI4x0ZziLGhKK6ySlazw
jvzIk+s9uCHHlTxkR72mKo2w2GYDKb5SEL4nEdSpn6P7MNgAGLcEzGJLxl8T1ukF
wtQnHtEyTbwCla+JVdGCrPYwF4jdxuyc3IaYxIupIVXG7AMp54oPw8KdgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAe8dI5lVprB0lHTH8HdS5iSClTaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQjd4MGptVldtc0hTVWRNZndkMUxtSklLVk5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzh9MA0G
CSqGSIb3DQEBCwUAA4IBAQBorJirquKo0h1VeXex56YmJzTPjckzEPk089bcmliJ
GNWxyx+HJizMtMK60NZ0p9/4uATAdPGMU/EunzaAWXKTK3HaU4p2Jt8JOEalJByi
TZqsuXOFNljuBGDwQiYkxISMaWQE3xCNbKtrlGFNqk9dWcjri5LKYDrQbsBK/WW3
Qz+aS3tbeMfqRERNYNOvJfucjMjA7ixisrnOXWGvEMpVYRgBBy3nhqUgydF9clEn
daFA/bItLJ82d3KtIWW36OOpPTAGiu96DspbvfRGJSUgdJAhO67SRU8Ugg++16kx
XgvnPjgC9UykjTtXc6rOTci5D66Nn7GqyVxI5/LgHH/5
-----END CERTIFICATE-----