Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zZYwZc0HWjMC4C1FjLhDqie1vyQ.roa
File:                     zZYwZc0HWjMC4C1FjLhDqie1vyQ.roa (raw, json)
Hash identifier:          I5gdP/ZWOwmIQZ47yslWCrbjNuQP3k4fnD8CjSsLtAU=
Subject key identifier:   CD:96:30:65:CD:07:5A:33:02:E0:2D:45:8C:B8:43:AA:27:B5:BF:24
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CBE52439C8DA57FD8A88A69579E3CEE6F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zZYwZc0HWjMC4C1FjLhDqie1vyQ.roa
Signing time:             Thu 05 Mar 2026 14:06:28 +0000
ROA not before:           Thu 05 Mar 2026 14:06:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        31.57.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:52:43:9c:8d:a5:7f:d8:a8:8a:69:57:9e:3c:ee:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  5 14:06:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd963065cd075a3302e02d458cb843aa27b5bf24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:84:d5:b9:5b:fa:21:8e:8c:3d:8a:99:7c:e5:
                    b3:56:9d:f8:83:ed:06:26:e7:cc:05:0b:8e:4e:76:
                    46:8d:24:66:a3:25:87:03:7c:10:1f:07:71:db:cc:
                    d8:2a:6b:ee:b4:c5:1e:de:03:17:66:52:6e:ca:df:
                    d6:fe:e1:88:98:6f:ac:8d:20:04:c2:70:41:f6:d6:
                    be:c5:9d:7d:9d:3e:7b:82:5e:a7:b4:d8:0f:08:c9:
                    43:fe:44:43:63:e2:6a:13:04:c4:42:79:f8:63:59:
                    bc:6b:e0:d9:a1:e2:27:14:2d:fc:24:1d:75:78:c5:
                    cc:f3:fb:ba:e4:51:b8:d7:dc:5b:58:e8:8d:11:a9:
                    cd:15:c7:c9:9f:45:fc:d1:73:83:10:47:4b:2f:a1:
                    97:ce:24:a3:91:26:7b:9c:7b:79:a6:0c:c3:db:ce:
                    8e:0e:3e:00:52:cc:41:33:f6:7f:c8:a6:54:6b:b6:
                    4c:21:27:71:72:bb:1a:da:da:dc:d1:41:c9:01:16:
                    a7:48:8e:44:ab:96:d2:3b:be:70:8c:54:2b:d1:df:
                    a3:d5:5a:47:79:4f:80:2e:0d:66:87:73:61:19:74:
                    a0:e3:56:82:7b:3b:a8:56:fd:27:36:32:f5:8c:cb:
                    e4:08:a1:0a:03:9e:37:3f:9a:6d:46:d9:1b:c9:89:
                    e0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:96:30:65:CD:07:5A:33:02:E0:2D:45:8C:B8:43:AA:27:B5:BF:24
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zZYwZc0HWjMC4C1FjLhDqie1vyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:ed:8b:d5:28:3e:05:be:e3:99:5f:e7:ca:de:a7:6e:55:b2:
         31:ab:b9:3e:a1:68:83:2e:13:89:37:cd:c6:7a:20:28:86:8c:
         ec:1b:08:30:66:d3:be:14:4e:5c:46:52:f3:8f:14:f6:11:58:
         e1:88:3f:4b:23:ce:a5:1f:ab:2f:1f:1f:49:19:0a:2c:c6:97:
         14:ba:87:32:04:2c:41:cc:fa:35:7d:ca:be:26:4f:82:f4:2b:
         44:19:51:90:53:a6:09:9a:9d:17:f9:90:c6:f5:43:93:e3:67:
         46:69:43:3b:10:ac:14:1f:76:02:85:17:b6:6c:e1:d5:79:86:
         e6:67:88:c5:46:15:b5:b6:bb:19:2e:1b:28:76:a7:f8:ad:5a:
         68:98:91:45:52:fb:65:cc:cc:fc:e0:8f:bc:1d:d2:ae:b7:33:
         cf:11:1c:8d:a0:2e:3d:96:e7:39:b9:ce:ef:61:bd:5d:2e:9a:
         6f:63:9d:56:ff:11:a1:c7:cb:75:c6:79:7b:dd:37:9c:f5:62:
         f7:79:f2:22:d6:a4:22:66:68:73:a8:2d:a4:c4:b1:27:fc:77:
         15:6a:c1:50:9e:30:1f:21:80:fd:ec:82:b7:2a:ad:b8:8b:8e:
         04:42:df:e2:a1:e8:ea:18:7f:54:ff:30:0a:ce:c7:65:27:3c:
         09:1d:72:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy+UkOcjaV/2KiKaVeePO5vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzA1MTQwNjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDk2MzA2NWNkMDc1YTMzMDJlMDJkNDU4Y2I4NDNhYTI3YjViZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoTVuVv6IY6MPYqZfOWzVp34g+0G
JufMBQuOTnZGjSRmoyWHA3wQHwdx28zYKmvutMUe3gMXZlJuyt/W/uGImG+sjSAE
wnBB9ta+xZ19nT57gl6ntNgPCMlD/kRDY+JqEwTEQnn4Y1m8a+DZoeInFC38JB11
eMXM8/u65FG419xbWOiNEanNFcfJn0X80XODEEdLL6GXziSjkSZ7nHt5pgzD286O
Dj4AUsxBM/Z/yKZUa7ZMISdxcrsa2trc0UHJARanSI5Eq5bSO75wjFQr0d+j1VpH
eU+ALg1mh3NhGXSg41aCezuoVv0nNjL1jMvkCKEKA543P5ptRtkbyYngiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2WMGXNB1ozAuAtRYy4Q6ontb8kMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvelpZd1pjMEhXak1DNEMxRmpMaERxaWUxdnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzniMA0G
CSqGSIb3DQEBCwUAA4IBAQAu7YvVKD4FvuOZX+fK3qduVbIxq7k+oWiDLhOJN83G
eiAohozsGwgwZtO+FE5cRlLzjxT2EVjhiD9LI86lH6svHx9JGQosxpcUuocyBCxB
zPo1fcq+Jk+C9CtEGVGQU6YJmp0X+ZDG9UOT42dGaUM7EKwUH3YChRe2bOHVeYbm
Z4jFRhW1trsZLhsodqf4rVpomJFFUvtlzMz84I+8HdKutzPPERyNoC49luc5uc7v
Yb1dLppvY51W/xGhx8t1xnl73Tec9WL3efIi1qQiZmhzqC2kxLEn/HcVasFQnjAf
IYD97IK3Kq24i44EQt/ioejqGH9U/zAKzsdlJzwJHXJP
-----END CERTIFICATE-----