Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0PHzjhUj2Ao-LoVRek664FKx3Ac.roa
File:                     0PHzjhUj2Ao-LoVRek664FKx3Ac.roa (raw, json)
Hash identifier:          bEI8er2xn9rO+0kp8tnpCKOv6iOrbM2H0tV9CvdNPVY=
Subject key identifier:   D0:F1:F3:8E:15:23:D8:0A:3E:2E:85:51:7A:4E:BA:E0:52:B1:DC:07
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C48305B72DEAFE80ED71118CA7BF49D14
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0PHzjhUj2Ao-LoVRek664FKx3Ac.roa
Signing time:             Tue 10 Feb 2026 15:34:14 +0000
ROA not before:           Tue 10 Feb 2026 15:34:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     394380
IP address blocks:        31.57.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:48:30:5b:72:de:af:e8:0e:d7:11:18:ca:7b:f4:9d:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 10 15:34:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0f1f38e1523d80a3e2e85517a4ebae052b1dc07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:91:e0:85:9a:5f:7e:6a:1e:67:fe:72:b2:3a:
                    95:a1:c2:4b:6a:31:af:da:b9:31:98:dc:58:8a:cc:
                    12:28:d7:ea:b6:3f:40:d1:34:3c:dc:a1:58:ea:33:
                    9e:68:ee:d1:96:4c:17:60:8c:0e:0f:b5:1c:97:62:
                    e9:0c:a6:bd:99:90:c8:f0:22:6d:3b:66:e2:23:8a:
                    d0:0e:7f:ab:75:db:c7:68:3b:f2:cf:d1:4e:ab:2d:
                    32:ea:fd:ca:87:ee:20:1d:f1:3b:ac:e9:12:2f:3c:
                    2c:e3:c1:d0:b9:23:35:ac:4c:2e:86:3b:de:f5:9a:
                    4b:33:e9:ea:08:7d:a8:33:44:9d:62:db:01:ca:c1:
                    f6:14:89:e5:3a:7d:12:1a:ff:fe:ad:c6:61:96:7b:
                    a9:b9:0e:86:af:0f:ae:c6:80:35:ec:c2:03:f8:1b:
                    d7:8f:77:5a:af:bf:bb:54:2f:0b:cb:17:93:e9:2b:
                    1e:9b:dc:e3:88:6c:bf:e6:3d:41:49:b5:98:d2:21:
                    6a:15:bc:83:a6:f9:8c:99:cc:59:6a:62:f5:b8:4d:
                    01:d1:6c:df:7a:3b:6d:8e:1e:46:75:82:00:d3:01:
                    62:c5:d0:ce:df:3f:e2:6c:3b:40:63:dd:31:2a:e4:
                    5d:6b:86:ae:09:cd:de:ea:2c:ae:f1:a8:b5:21:88:
                    8a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F1:F3:8E:15:23:D8:0A:3E:2E:85:51:7A:4E:BA:E0:52:B1:DC:07
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0PHzjhUj2Ao-LoVRek664FKx3Ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:55:01:7d:97:a9:30:bc:b3:e6:9e:5e:4f:8d:c2:61:32:1b:
         f1:8d:10:16:d3:93:8f:00:61:36:e1:3c:af:f9:d3:81:15:5b:
         c1:e7:5a:70:11:af:fb:2c:57:b0:e4:8b:af:e1:65:16:ae:f0:
         f9:f0:f9:83:ca:45:a8:91:7d:d2:60:5d:34:3b:13:c8:da:01:
         53:50:2b:47:7e:cb:c7:0e:1f:d5:35:3c:5c:c9:d4:10:5b:55:
         00:56:86:bb:c0:bb:55:24:ad:37:f7:a9:bb:34:21:ea:b1:1a:
         e7:91:c2:17:d3:b3:d8:07:70:14:43:d4:fa:39:32:9e:13:6e:
         2b:e7:2a:34:b9:ce:aa:96:72:2a:f6:2d:e6:bb:17:91:38:e1:
         94:a9:d5:7c:06:9d:fe:25:44:23:a0:f4:5b:82:c5:f9:ab:41:
         0d:cd:3d:ff:40:c1:ec:21:fc:65:67:49:01:c5:b3:d2:55:42:
         bb:87:ea:41:d9:fc:fc:3d:4e:c8:1e:80:4b:ce:66:81:0a:df:
         c2:54:67:43:db:45:bc:54:4b:25:63:f1:14:65:e8:be:66:e3:
         e3:f1:25:6f:4c:98:ec:67:c0:7a:6a:d4:54:9d:c8:2a:68:26:
         b1:d7:ba:27:b5:76:8e:ae:a5:a6:35:54:34:72:80:eb:42:b8:
         0c:cc:7f:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxIMFty3q/oDtcRGMp79J0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjEwMTUzNDE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGYxZjM4ZTE1MjNkODBhM2UyZTg1NTE3YTRlYmFlMDUyYjFkYzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pHghZpffmoeZ/5ysjqVocJLajGv
2rkxmNxYiswSKNfqtj9A0TQ83KFY6jOeaO7RlkwXYIwOD7Ucl2LpDKa9mZDI8CJt
O2biI4rQDn+rddvHaDvyz9FOqy0y6v3Kh+4gHfE7rOkSLzws48HQuSM1rEwuhjve
9ZpLM+nqCH2oM0SdYtsBysH2FInlOn0SGv/+rcZhlnupuQ6Grw+uxoA17MID+BvX
j3dar7+7VC8LyxeT6Ssem9zjiGy/5j1BSbWY0iFqFbyDpvmMmcxZamL1uE0B0Wzf
ejttjh5GdYIA0wFixdDO3z/ibDtAY90xKuRda4auCc3e6iyu8ai1IYiKUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDx844VI9gKPi6FUXpOuuBSsdwHMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMFBIempoVWoyQW8tTG9WUmVrNjY0Rkt4M0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznDMA0G
CSqGSIb3DQEBCwUAA4IBAQAfVQF9l6kwvLPmnl5PjcJhMhvxjRAW05OPAGE24Tyv
+dOBFVvB51pwEa/7LFew5Iuv4WUWrvD58PmDykWokX3SYF00OxPI2gFTUCtHfsvH
Dh/VNTxcydQQW1UAVoa7wLtVJK0396m7NCHqsRrnkcIX07PYB3AUQ9T6OTKeE24r
5yo0uc6qlnIq9i3muxeROOGUqdV8Bp3+JUQjoPRbgsX5q0ENzT3/QMHsIfxlZ0kB
xbPSVUK7h+pB2fz8PU7IHoBLzmaBCt/CVGdD20W8VEslY/EUZei+ZuPj8SVvTJjs
Z8B6atRUncgqaCax17ontXaOrqWmNVQ0coDrQrgMzH/Y
-----END CERTIFICATE-----