Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QlS5VQehdYR4CkN1fm9PsYTms2c.roa
File:                     QlS5VQehdYR4CkN1fm9PsYTms2c.roa (raw, json)
Hash identifier:          oEaBouEaRBqc02f4Zn/t9aEW1d//TDPen4xCAQR6hw8=
Subject key identifier:   42:54:B9:55:07:A1:75:84:78:0A:43:75:7E:6F:4F:B1:84:E6:B3:67
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CD7AE06C4EB31210558FD8F5FCD719E19
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QlS5VQehdYR4CkN1fm9PsYTms2c.roa
Signing time:             Tue 10 Mar 2026 12:17:12 +0000
ROA not before:           Tue 10 Mar 2026 12:17:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215224
IP address blocks:        31.57.144.0/24 maxlen: 24
                          31.58.238.0/24 maxlen: 24
                          217.60.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:ae:06:c4:eb:31:21:05:58:fd:8f:5f:cd:71:9e:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 10 12:17:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4254b95507a17584780a43757e6f4fb184e6b367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c9:7c:8a:63:1f:c8:00:c2:09:2b:52:80:a1:
                    64:c5:4e:78:3f:5c:29:c9:52:6e:19:08:64:b2:9b:
                    05:d4:c1:47:61:fc:0f:d9:09:0e:64:4b:a3:85:ea:
                    66:7b:15:4d:71:2c:f6:0d:1c:db:5a:86:1d:e4:9c:
                    a8:c7:79:d5:a6:aa:35:66:e4:2c:83:ac:f8:ba:17:
                    09:79:d3:46:3e:57:be:fb:38:44:97:ab:06:eb:68:
                    45:e6:d2:93:cc:ca:3b:4a:80:72:57:00:eb:ee:82:
                    c9:2f:6c:13:be:15:f4:cf:23:d3:83:e4:f2:42:ba:
                    61:3e:29:01:b3:4f:73:6a:71:65:27:49:1e:89:8a:
                    cf:78:17:ec:15:c1:1b:96:f5:ba:cf:74:3a:ff:68:
                    9d:2c:e4:91:d9:b3:54:b9:c3:2a:d0:f6:ce:ba:f7:
                    65:87:03:5e:71:79:c3:10:0e:e3:18:06:e9:72:04:
                    51:2b:b1:bc:71:21:42:f2:5e:55:ce:ca:0d:4c:3b:
                    1f:43:1b:af:79:d1:ab:73:f1:39:36:23:ec:78:28:
                    71:bb:35:22:85:de:05:08:f3:1d:91:f1:8a:57:aa:
                    2a:3b:11:79:e9:cc:aa:38:33:81:38:32:1e:eb:00:
                    88:3d:04:81:1f:a3:6b:35:b9:6d:1e:fe:bb:b9:cd:
                    f2:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:54:B9:55:07:A1:75:84:78:0A:43:75:7E:6F:4F:B1:84:E6:B3:67
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QlS5VQehdYR4CkN1fm9PsYTms2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.144.0/24
                  31.58.238.0/24
                  217.60.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:0a:66:9b:9a:f8:fe:62:ee:c6:de:fd:57:2b:81:17:74:72:
         48:10:eb:a0:02:ef:4e:13:0e:ee:57:2c:af:5a:7c:66:ba:19:
         3d:db:bf:20:42:c8:40:77:7d:31:9c:7d:89:e9:89:fc:66:0e:
         67:3a:f6:a6:fe:97:53:cb:38:20:d4:2c:4e:f2:01:3b:48:3f:
         8d:f6:6e:50:3b:b9:96:18:2e:44:a8:1e:65:81:70:3c:3c:6c:
         85:e3:ee:02:c4:04:93:ea:76:94:8c:ba:c7:c7:d3:1a:54:c3:
         4d:3f:3e:f1:90:3e:2e:98:ab:fe:fe:4e:91:0c:99:13:cf:8f:
         fc:af:28:53:4f:39:19:6f:74:b0:1e:de:04:5b:b2:49:57:67:
         8b:74:8f:31:e6:c4:0d:5c:72:20:e3:fc:dc:a4:24:05:a0:61:
         3d:fd:65:5b:47:d6:be:7f:f8:c7:8a:96:86:a9:41:0b:b8:c3:
         e6:9c:e2:87:56:98:d2:f1:f8:f6:74:3d:90:4c:9a:b1:48:f0:
         e3:50:5f:37:60:1a:12:24:00:95:80:c7:e8:1d:94:97:8a:81:
         93:f7:af:17:94:4b:78:6e:56:33:ce:13:19:c7:6d:62:a9:ee:
         8d:a0:71:59:5d:2e:6c:0e:bb:01:3d:9f:9b:15:b7:75:cf:76:
         cd:16:1b:13
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzXrgbE6zEhBVj9j1/NcZ4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzEwMTIxNzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjU0Yjk1NTA3YTE3NTg0NzgwYTQzNzU3ZTZmNGZiMTg0ZTZiMzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsl8imMfyADCCStSgKFkxU54P1wp
yVJuGQhkspsF1MFHYfwP2QkOZEujhepmexVNcSz2DRzbWoYd5Jyox3nVpqo1ZuQs
g6z4uhcJedNGPle++zhEl6sG62hF5tKTzMo7SoByVwDr7oLJL2wTvhX0zyPTg+Ty
QrphPikBs09zanFlJ0keiYrPeBfsFcEblvW6z3Q6/2idLOSR2bNUucMq0PbOuvdl
hwNecXnDEA7jGAbpcgRRK7G8cSFC8l5VzsoNTDsfQxuvedGrc/E5NiPseChxuzUi
hd4FCPMdkfGKV6oqOxF56cyqODOBODIe6wCIPQSBH6NrNbltHv67uc3ybwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEJUuVUHoXWEeApDdX5vT7GE5rNnMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUWxTNVZRZWhkWVI0Q2tOMWZtOVBzWVRtczJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzmQAwQA
HzruAwQA2Tz9MA0GCSqGSIb3DQEBCwUAA4IBAQAWCmabmvj+Yu7G3v1XK4EXdHJI
EOugAu9OEw7uVyyvWnxmuhk9278gQshAd30xnH2J6Yn8Zg5nOvam/pdTyzgg1CxO
8gE7SD+N9m5QO7mWGC5EqB5lgXA8PGyF4+4CxAST6naUjLrHx9MaVMNNPz7xkD4u
mKv+/k6RDJkTz4/8ryhTTzkZb3SwHt4EW7JJV2eLdI8x5sQNXHIg4/zcpCQFoGE9
/WVbR9a+f/jHipaGqUELuMPmnOKHVpjS8fj2dD2QTJqxSPDjUF83YBoSJACVgMfo
HZSXioGT968XlEt4blYzzhMZx21iqe6NoHFZXS5sDrsBPZ+bFbd1z3bNFhsT
-----END CERTIFICATE-----