Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CmNlC0pqi2jX0I_MFxjshiz5jKU.roa
File:                     CmNlC0pqi2jX0I_MFxjshiz5jKU.roa (raw, json)
Hash identifier:          6APju03K/lGDLiLhoLxJmKohG+0t+QW4jeRKwOI+RVc=
Subject key identifier:   0A:63:65:0B:4A:6A:8B:68:D7:D0:8F:CC:17:18:EC:86:2C:F9:8C:A5
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DBF3CD57E73DCC51DCECE96CAC764D2BC
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CmNlC0pqi2jX0I_MFxjshiz5jKU.roa
Signing time:             Fri 24 Apr 2026 11:25:28 +0000
ROA not before:           Fri 24 Apr 2026 11:25:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        31.57.140.0/24 maxlen: 24
                          94.183.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:3c:d5:7e:73:dc:c5:1d:ce:ce:96:ca:c7:64:d2:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 24 11:25:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a63650b4a6a8b68d7d08fcc1718ec862cf98ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a7:26:4d:54:24:02:45:f3:a3:2f:90:97:1f:
                    2d:3b:02:07:01:33:89:fa:9a:6d:d2:80:b3:5e:7a:
                    75:7f:08:2a:fc:97:4f:fc:9f:e3:ac:f6:bf:ce:95:
                    50:8e:29:19:35:59:fb:04:4d:5c:6f:21:02:dc:2e:
                    a7:14:f9:da:f9:49:70:e4:fd:34:e4:4c:df:f2:47:
                    07:4d:bc:4d:43:c8:77:76:2f:22:21:d7:01:ea:49:
                    30:73:49:0a:51:b2:5a:96:61:92:cc:27:54:91:ad:
                    39:00:5d:1e:69:b0:63:b4:a2:d9:66:41:cf:b6:67:
                    3e:ba:7a:c3:d0:08:d5:2a:8a:ad:42:ef:7e:d2:3b:
                    31:34:87:6f:72:a6:fa:9c:3e:e3:20:80:d8:cf:bc:
                    07:40:e2:84:a5:78:c3:e4:9c:9e:c7:f8:04:1f:ae:
                    89:9d:af:91:10:07:ea:ac:ab:f6:fa:99:cc:ff:df:
                    56:41:3e:72:fb:e6:d4:c5:a9:7c:ae:bd:0e:8c:55:
                    06:12:8a:26:30:13:eb:32:e9:3f:90:9f:a7:46:14:
                    d1:64:51:7a:f9:3c:f4:e9:bb:91:21:38:6c:2a:c2:
                    3f:45:b5:cc:19:28:bb:d7:16:24:a7:ce:d1:13:66:
                    fe:7a:36:96:35:b2:34:c1:ef:7f:98:a7:52:fa:d8:
                    fb:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:63:65:0B:4A:6A:8B:68:D7:D0:8F:CC:17:18:EC:86:2C:F9:8C:A5
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CmNlC0pqi2jX0I_MFxjshiz5jKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.140.0/24
                  94.183.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:00:ad:25:08:6b:45:6c:fa:a8:8f:31:8c:d3:55:a6:21:cd:
         db:8a:7d:be:f9:64:4b:26:e8:82:25:5d:5e:7e:bd:db:95:e5:
         08:76:9a:0e:05:c0:b6:c1:95:04:21:ae:a4:80:8c:9f:18:ed:
         d4:91:4d:aa:e9:3e:d2:21:d0:4c:7f:28:06:fa:e3:db:94:d6:
         4e:8a:92:1c:5c:25:77:81:58:f0:30:2f:c8:e0:58:89:fc:ef:
         48:b9:c7:51:fc:5d:80:06:bb:37:d1:9b:6a:a6:23:0d:8c:4f:
         96:d8:7a:dc:ec:ec:10:98:a2:66:4f:20:58:08:c9:ca:69:2c:
         26:b9:08:5a:5c:dd:22:20:d3:cf:d3:dd:37:6e:cd:7a:47:33:
         12:78:63:35:dd:81:87:3e:0c:04:a4:06:7b:b6:0e:9f:d9:e4:
         84:b4:16:16:40:bf:c7:37:a3:bf:51:45:93:b5:2a:75:63:eb:
         b0:a6:f2:77:4e:f2:f2:23:cb:69:07:e9:ea:28:30:b7:d8:46:
         69:d3:9e:ab:b7:16:c4:14:a1:f2:6e:10:b1:83:85:77:30:a1:
         81:95:f4:26:26:28:83:e6:31:73:40:86:bc:b2:4f:a5:15:7f:
         02:54:c0:9d:13:cd:78:ee:ac:e1:97:23:53:bb:5f:dc:5e:58:
         a6:66:52:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2/PNV+c9zFHc7OlsrHZNK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDI0MTEyNTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTYzNjUwYjRhNmE4YjY4ZDdkMDhmY2MxNzE4ZWM4NjJjZjk4Y2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6cmTVQkAkXzoy+Qlx8tOwIHATOJ
+ppt0oCzXnp1fwgq/JdP/J/jrPa/zpVQjikZNVn7BE1cbyEC3C6nFPna+Ulw5P00
5Ezf8kcHTbxNQ8h3di8iIdcB6kkwc0kKUbJalmGSzCdUka05AF0eabBjtKLZZkHP
tmc+unrD0AjVKoqtQu9+0jsxNIdvcqb6nD7jIIDYz7wHQOKEpXjD5Jyex/gEH66J
na+REAfqrKv2+pnM/99WQT5y++bUxal8rr0OjFUGEoomMBPrMuk/kJ+nRhTRZFF6
+Tz06buRIThsKsI/RbXMGSi71xYkp87RE2b+ejaWNbI0we9/mKdS+tj73QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFApjZQtKaoto19CPzBcY7IYs+YylMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ21ObEMwcHFpMmpYMElfTUZ4anNoaXo1aktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmMAwQA
XreuMA0GCSqGSIb3DQEBCwUAA4IBAQCRAK0lCGtFbPqojzGM01WmIc3bin2++WRL
JuiCJV1efr3bleUIdpoOBcC2wZUEIa6kgIyfGO3UkU2q6T7SIdBMfygG+uPblNZO
ipIcXCV3gVjwMC/I4FiJ/O9IucdR/F2ABrs30ZtqpiMNjE+W2Hrc7OwQmKJmTyBY
CMnKaSwmuQhaXN0iINPP0903bs16RzMSeGM13YGHPgwEpAZ7tg6f2eSEtBYWQL/H
N6O/UUWTtSp1Y+uwpvJ3TvLyI8tpB+nqKDC32EZp056rtxbEFKHybhCxg4V3MKGB
lfQmJiiD5jFzQIa8sk+lFX8CVMCdE8147qzhlyNTu1/cXlimZlIa
-----END CERTIFICATE-----