Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zGFVDR3LIk8RsiJE0aFYseolLBg.roa
File:                     zGFVDR3LIk8RsiJE0aFYseolLBg.roa (raw, json)
Hash identifier:          ESOO15/ot7LWho17Ncp/VQ+uMrPsDw4XygT9KNuXJyE=
Subject key identifier:   CC:61:55:0D:1D:CB:22:4F:11:B2:22:44:D1:A1:58:B1:EA:25:2C:18
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D254E65B941512A5557EEC14F469CDECD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zGFVDR3LIk8RsiJE0aFYseolLBg.roa
Signing time:             Wed 25 Mar 2026 14:03:08 +0000
ROA not before:           Wed 25 Mar 2026 14:03:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402203
IP address blocks:        31.57.25.0/24 maxlen: 24
                          31.59.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:4e:65:b9:41:51:2a:55:57:ee:c1:4f:46:9c:de:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 25 14:03:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc61550d1dcb224f11b22244d1a158b1ea252c18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d8:b1:f8:26:4e:75:af:5e:0d:85:36:8d:9a:
                    5d:72:65:1f:04:33:73:e1:cb:07:22:1a:87:2e:c2:
                    2a:4a:28:9e:51:17:67:cb:82:69:e0:38:6e:7d:a5:
                    fa:fc:49:05:06:27:3b:06:f7:8a:fc:ab:f1:22:2d:
                    b2:cb:7f:02:46:8f:03:e7:ab:71:9d:a2:81:d8:96:
                    c8:e3:c9:3e:20:61:5b:ec:4a:18:c5:cf:6b:27:24:
                    69:4c:1a:9e:1e:7b:49:e8:2a:20:8f:b8:7b:24:dd:
                    e3:80:75:e1:a5:9e:83:76:6b:63:a7:a3:71:26:05:
                    a0:10:47:d3:b1:dd:5a:87:92:42:f4:57:70:12:ca:
                    40:39:0b:d7:82:e2:30:4d:ec:de:1c:a4:ce:c1:4f:
                    9c:62:2e:74:70:c3:65:e6:0e:1b:1c:47:49:79:8a:
                    b9:a4:09:98:f5:96:42:c8:cc:ea:37:f3:b2:75:84:
                    28:08:1e:94:f6:72:19:f8:55:be:43:d7:4d:19:82:
                    5d:26:32:47:b7:05:50:0d:08:b9:5e:67:d5:70:21:
                    7d:b7:8b:4b:8e:e4:76:6f:8f:79:7c:f0:0d:aa:33:
                    d6:9e:02:49:de:f8:fd:8c:82:10:67:b6:83:23:f4:
                    95:e0:3b:e8:eb:f1:f9:3e:9b:2f:ee:87:8f:de:37:
                    0c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:61:55:0D:1D:CB:22:4F:11:B2:22:44:D1:A1:58:B1:EA:25:2C:18
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zGFVDR3LIk8RsiJE0aFYseolLBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.25.0/24
                  31.59.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:4a:39:bb:ed:5e:fd:23:13:ed:ea:99:0a:e4:37:0a:e2:59:
         5b:92:44:ec:13:85:e7:85:1d:48:c1:8f:9b:0f:e0:44:e9:88:
         93:d0:8e:41:26:58:14:40:53:f5:71:be:bf:cb:c6:6b:00:07:
         0b:9d:e1:d9:39:1d:fa:80:55:e0:dc:4b:b3:d5:ce:49:c2:bf:
         34:68:4d:74:4d:f3:62:27:5f:62:91:71:51:1c:32:4b:fe:9c:
         39:a3:4d:64:2a:12:89:07:8b:ad:99:2a:5c:04:d1:4c:de:5a:
         ff:c8:0a:65:fc:d3:de:41:32:3f:54:8d:c7:bb:43:c6:88:10:
         f8:66:c0:33:b4:04:05:d4:03:ab:b9:36:b8:c5:93:8c:28:f9:
         d1:b4:ad:b6:5a:1b:d3:2a:e3:25:28:87:42:08:f9:dc:ac:70:
         74:9c:32:c7:39:d9:bc:c8:06:88:8e:8b:0b:f7:e1:15:e0:32:
         5e:be:89:03:03:81:81:eb:4a:6a:5d:6e:e7:d5:d1:4b:77:6f:
         c2:48:9f:a1:d4:09:f3:fa:85:96:e1:b9:35:dd:4c:89:18:ed:
         de:7a:ed:60:cb:46:e3:89:f4:e0:6e:c4:f5:18:72:22:c4:da:
         b3:b6:e7:cd:eb:30:ee:d5:0a:03:97:ba:7c:a0:8e:07:89:39:
         e7:1a:e1:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0lTmW5QVEqVVfuwU9GnN7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzI1MTQwMzA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzYxNTUwZDFkY2IyMjRmMTFiMjIyNDRkMWExNThiMWVhMjUyYzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktix+CZOda9eDYU2jZpdcmUfBDNz
4csHIhqHLsIqSiieURdny4Jp4DhufaX6/EkFBic7BveK/KvxIi2yy38CRo8D56tx
naKB2JbI48k+IGFb7EoYxc9rJyRpTBqeHntJ6Cogj7h7JN3jgHXhpZ6Ddmtjp6Nx
JgWgEEfTsd1ah5JC9FdwEspAOQvXguIwTezeHKTOwU+cYi50cMNl5g4bHEdJeYq5
pAmY9ZZCyMzqN/OydYQoCB6U9nIZ+FW+Q9dNGYJdJjJHtwVQDQi5XmfVcCF9t4tL
juR2b495fPANqjPWngJJ3vj9jIIQZ7aDI/SV4Dvo6/H5Ppsv7oeP3jcMtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMxhVQ0dyyJPEbIiRNGhWLHqJSwYMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvekdGVkRSM0xJazhSc2lKRTBhRllzZW9sTEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzkZAwQA
Hzs1MA0GCSqGSIb3DQEBCwUAA4IBAQBsSjm77V79IxPt6pkK5DcK4llbkkTsE4Xn
hR1IwY+bD+BE6YiT0I5BJlgUQFP1cb6/y8ZrAAcLneHZOR36gFXg3Euz1c5Jwr80
aE10TfNiJ19ikXFRHDJL/pw5o01kKhKJB4utmSpcBNFM3lr/yApl/NPeQTI/VI3H
u0PGiBD4ZsAztAQF1AOruTa4xZOMKPnRtK22WhvTKuMlKIdCCPncrHB0nDLHOdm8
yAaIjosL9+EV4DJevokDA4GB60pqXW7n1dFLd2/CSJ+h1Anz+oWW4bk13UyJGO3e
eu1gy0bjifTgbsT1GHIixNqztufN6zDu1QoDl7p8oI4HiTnnGuEY
-----END CERTIFICATE-----