Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BKkg9798LHNx1bPehkoEHTTkd-M.roa
File:                     BKkg9798LHNx1bPehkoEHTTkd-M.roa (raw, json)
Hash identifier:          ndSjCxFSLv+1pVcxVW3bL+c/l1WPumAhBGz/g1zbqcY=
Subject key identifier:   04:A9:20:F7:BF:7C:2C:73:71:D5:B3:DE:86:4A:04:1D:34:E4:77:E3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CE898C0E71E2DA1FEC76BD2C407943D78
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BKkg9798LHNx1bPehkoEHTTkd-M.roa
Signing time:             Fri 13 Mar 2026 19:07:30 +0000
ROA not before:           Fri 13 Mar 2026 19:07:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26769
IP address blocks:        31.57.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e8:98:c0:e7:1e:2d:a1:fe:c7:6b:d2:c4:07:94:3d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 13 19:07:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04a920f7bf7c2c7371d5b3de864a041d34e477e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f4:3e:94:ce:a0:93:88:cb:f1:fe:5b:9e:0d:
                    a8:7b:e6:32:54:91:eb:a0:8d:fc:08:1d:75:38:a1:
                    bb:9e:97:7e:14:87:2a:d4:fd:dd:e6:97:02:1a:58:
                    56:4a:28:aa:b7:b6:99:38:94:d7:b3:f2:48:4a:46:
                    03:fd:2b:2a:e5:17:5f:e2:c0:1e:6e:ae:ea:45:85:
                    aa:ff:e8:bd:fc:41:4e:16:c0:a0:fd:c1:1a:ac:64:
                    67:1b:c6:d2:e5:e7:cb:8c:d7:d7:9b:bc:00:55:6b:
                    98:ef:6d:62:fd:05:1d:6d:33:a1:46:a7:7c:c3:fc:
                    c7:72:f5:5f:0b:56:0e:76:d4:49:2a:dc:de:f1:aa:
                    2d:5b:4e:46:65:b7:c4:35:c7:bc:14:50:83:59:36:
                    f7:13:83:4a:1c:0a:06:94:b9:7f:63:d0:0b:c6:fd:
                    09:3e:03:73:62:e0:e7:5f:7d:a2:e1:31:97:f9:78:
                    c6:fc:cf:70:37:d8:85:4e:e7:fa:65:07:af:11:0f:
                    2e:c2:e1:f4:31:8f:5a:90:7c:1e:c1:5d:e4:46:aa:
                    64:1c:63:af:0e:dd:b4:68:e9:08:26:a5:01:0c:c9:
                    d1:8c:2a:a7:a0:96:44:85:1b:e2:fa:be:3f:bf:cd:
                    3b:f7:e2:73:5e:d9:c2:22:8e:04:2d:99:12:ce:c2:
                    21:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:A9:20:F7:BF:7C:2C:73:71:D5:B3:DE:86:4A:04:1D:34:E4:77:E3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BKkg9798LHNx1bPehkoEHTTkd-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ed:da:38:a6:6b:ce:f3:55:2a:c0:89:c7:c6:34:0c:85:bc:
         3b:5c:c4:fd:05:07:4b:cf:8a:83:d3:fb:92:53:bf:3b:24:99:
         24:86:6f:46:ee:5a:93:85:54:7f:21:ce:16:1d:66:ec:be:9e:
         9d:00:5f:84:10:0a:62:f5:b8:56:e7:bd:c1:5d:51:a5:f2:73:
         47:b5:a7:db:78:c9:4e:37:f4:ab:30:c4:97:05:e8:c0:c4:42:
         c8:28:1e:f8:f0:79:db:34:d3:0f:2d:a9:d8:24:36:ae:bf:73:
         f0:16:f4:46:da:9c:2b:dd:21:f3:e0:cc:96:ea:dc:b6:a7:f7:
         23:67:1f:06:f0:1b:f3:09:4a:47:8f:dd:10:25:04:83:d4:51:
         90:1c:fc:be:38:32:e5:fc:ea:95:04:a3:01:53:90:64:a0:98:
         ab:6e:1b:d3:d3:03:24:5e:bd:60:c5:16:f8:65:8c:43:c8:44:
         8c:a9:8b:e4:8f:5f:48:33:8a:49:66:5d:8e:06:82:12:2a:6b:
         48:ed:0f:81:1e:4a:e0:ad:7d:ab:b5:c8:63:58:a6:07:36:7a:
         c6:24:6c:7f:41:a5:28:96:1f:ae:dc:70:94:8c:62:d4:e3:e1:
         89:74:a1:2b:92:0e:53:db:7c:3f:16:8f:d8:ca:62:0a:1d:6b:
         0c:56:e3:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzomMDnHi2h/sdr0sQHlD14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzEzMTkwNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGE5MjBmN2JmN2MyYzczNzFkNWIzZGU4NjRhMDQxZDM0ZTQ3N2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/Q+lM6gk4jL8f5bng2oe+YyVJHr
oI38CB11OKG7npd+FIcq1P3d5pcCGlhWSiiqt7aZOJTXs/JISkYD/Ssq5Rdf4sAe
bq7qRYWq/+i9/EFOFsCg/cEarGRnG8bS5efLjNfXm7wAVWuY721i/QUdbTOhRqd8
w/zHcvVfC1YOdtRJKtze8aotW05GZbfENce8FFCDWTb3E4NKHAoGlLl/Y9ALxv0J
PgNzYuDnX32i4TGX+XjG/M9wN9iFTuf6ZQevEQ8uwuH0MY9akHwewV3kRqpkHGOv
Dt20aOkIJqUBDMnRjCqnoJZEhRvi+r4/v8079+JzXtnCIo4ELZkSzsIheQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASpIPe/fCxzcdWz3oZKBB005HfjMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQktrZzk3OThMSE54MWJQZWhrb0VIVFRrZC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmBMA0G
CSqGSIb3DQEBCwUAA4IBAQCc7do4pmvO81UqwInHxjQMhbw7XMT9BQdLz4qD0/uS
U787JJkkhm9G7lqThVR/Ic4WHWbsvp6dAF+EEApi9bhW573BXVGl8nNHtafbeMlO
N/SrMMSXBejAxELIKB748HnbNNMPLanYJDauv3PwFvRG2pwr3SHz4MyW6ty2p/cj
Zx8G8BvzCUpHj90QJQSD1FGQHPy+ODLl/OqVBKMBU5BkoJirbhvT0wMkXr1gxRb4
ZYxDyESMqYvkj19IM4pJZl2OBoISKmtI7Q+BHkrgrX2rtchjWKYHNnrGJGx/QaUo
lh+u3HCUjGLU4+GJdKErkg5T23w/Fo/YymIKHWsMVuNj
-----END CERTIFICATE-----