Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/erb3fqqqoPZAPFyS8HN0OL87KfQ.roa
File:                     erb3fqqqoPZAPFyS8HN0OL87KfQ.roa (raw, json)
Hash identifier:          PvGLyLjgtsD0mA+6q5E1ggmY1wChvkD5PIdz+eiSM44=
Subject key identifier:   7A:B6:F7:7E:AA:AA:A0:F6:40:3C:5C:92:F0:73:74:38:BF:3B:29:F4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D1F2BD9A3E1855432E39D939AA117F96D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/erb3fqqqoPZAPFyS8HN0OL87KfQ.roa
Signing time:             Tue 24 Mar 2026 09:27:40 +0000
ROA not before:           Tue 24 Mar 2026 09:27:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        31.57.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:2b:d9:a3:e1:85:54:32:e3:9d:93:9a:a1:17:f9:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 24 09:27:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ab6f77eaaaaa0f6403c5c92f0737438bf3b29f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7f:0a:95:1f:94:cd:fa:5c:3f:ea:e8:db:5c:
                    cf:a0:e8:35:b8:9c:2f:98:1e:5d:34:50:08:b5:a3:
                    10:c8:f5:dd:1e:dc:cc:28:78:ef:c0:1b:e4:f5:91:
                    4a:f7:b9:db:f2:c9:67:0b:73:00:fe:73:17:dc:87:
                    5e:63:36:32:7a:7a:c5:bd:80:61:fc:b5:70:80:74:
                    06:16:a3:78:0d:c1:3b:3e:9f:d7:e2:07:6f:b8:be:
                    25:6a:7c:10:1b:b8:eb:d7:a1:f6:d8:6c:ed:d4:f6:
                    e6:52:8e:c9:69:b1:bf:a4:d1:b8:6d:45:c2:20:01:
                    19:f9:7c:f2:32:06:c6:ef:32:9a:f8:b6:ce:4f:c1:
                    0e:2c:64:ef:ef:0a:86:20:9c:cb:b5:b2:6d:f8:85:
                    ce:8d:78:2a:5c:a3:79:59:62:e9:01:42:fa:f3:0d:
                    2b:74:7b:41:9b:dd:66:fa:02:d0:df:a3:7c:b6:22:
                    83:66:b8:1a:19:e9:3d:1d:c6:9b:ca:3f:84:99:51:
                    51:a9:47:0e:9f:90:db:c1:49:18:1b:9d:7f:bb:09:
                    10:a6:bd:b4:58:16:f9:85:62:56:2f:59:45:53:36:
                    e5:87:d5:7a:d4:23:87:6d:84:5d:03:c3:a7:6d:28:
                    a5:d2:95:9e:23:5c:b3:1c:6a:50:7a:c3:b6:ef:b9:
                    f8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B6:F7:7E:AA:AA:A0:F6:40:3C:5C:92:F0:73:74:38:BF:3B:29:F4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/erb3fqqqoPZAPFyS8HN0OL87KfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:10:68:53:df:8d:5f:06:41:b5:a9:e0:2e:4f:ff:6f:15:2f:
         6b:b5:a7:aa:19:be:10:52:9a:70:3d:4d:9c:ae:9d:bb:85:df:
         df:bf:b0:7c:7d:d7:a9:15:17:2f:e5:63:9a:b5:21:c8:ff:9d:
         93:20:3d:2f:de:d4:fe:6b:0d:d3:d2:64:5a:43:0c:dd:35:f4:
         86:45:d7:7c:b7:94:2b:f5:c6:af:c9:de:95:c8:3c:93:bc:87:
         e0:c2:9c:22:38:8e:2f:d8:f2:f1:ff:aa:9e:64:a5:89:53:b7:
         37:f2:9a:ee:f2:f0:6a:2e:73:a6:f7:26:5b:a5:e0:9c:a2:c7:
         90:08:b1:bc:b9:45:35:ed:bd:1a:60:12:4a:36:63:c1:f5:e3:
         00:5c:bc:fd:ea:84:12:81:d7:74:09:92:c7:a3:c5:55:47:69:
         fe:64:c3:7e:1b:78:6d:b1:5c:2c:2c:e7:c2:1b:c4:7a:71:dc:
         74:4a:fb:b2:98:2e:1f:e4:77:80:d5:bd:37:f3:96:d7:26:2c:
         ac:46:b5:e4:8f:7b:79:44:87:fd:1e:9b:8a:ef:50:0e:03:09:
         9a:e3:3a:4b:70:4b:71:e6:28:55:b5:ee:d1:8c:09:2c:93:77:
         98:52:4d:46:fa:12:05:1d:28:2a:12:81:99:38:7c:e7:c7:b3:
         ec:2a:28:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0fK9mj4YVUMuOdk5qhF/ltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzI0MDkyNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWI2Zjc3ZWFhYWFhMGY2NDAzYzVjOTJmMDczNzQzOGJmM2IyOWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAun8KlR+UzfpcP+ro21zPoOg1uJwv
mB5dNFAItaMQyPXdHtzMKHjvwBvk9ZFK97nb8slnC3MA/nMX3IdeYzYyenrFvYBh
/LVwgHQGFqN4DcE7Pp/X4gdvuL4lanwQG7jr16H22Gzt1PbmUo7JabG/pNG4bUXC
IAEZ+XzyMgbG7zKa+LbOT8EOLGTv7wqGIJzLtbJt+IXOjXgqXKN5WWLpAUL68w0r
dHtBm91m+gLQ36N8tiKDZrgaGek9Hcabyj+EmVFRqUcOn5DbwUkYG51/uwkQpr20
WBb5hWJWL1lFUzblh9V61COHbYRdA8OnbSil0pWeI1yzHGpQesO277n4qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHq2936qqqD2QDxckvBzdDi/Oyn0MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZXJiM2ZxcXFvUFpBUEZ5UzhITjBPTDg3S2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmgMA0G
CSqGSIb3DQEBCwUAA4IBAQBIEGhT341fBkG1qeAuT/9vFS9rtaeqGb4QUppwPU2c
rp27hd/fv7B8fdepFRcv5WOatSHI/52TID0v3tT+aw3T0mRaQwzdNfSGRdd8t5Qr
9cavyd6VyDyTvIfgwpwiOI4v2PLx/6qeZKWJU7c38pru8vBqLnOm9yZbpeCcoseQ
CLG8uUU17b0aYBJKNmPB9eMAXLz96oQSgdd0CZLHo8VVR2n+ZMN+G3htsVwsLOfC
G8R6cdx0SvuymC4f5HeA1b0385bXJiysRrXkj3t5RIf9HpuK71AOAwma4zpLcEtx
5ihVte7RjAksk3eYUk1G+hIFHSgqEoGZOHznx7PsKigV
-----END CERTIFICATE-----