Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0SeVtBNRVl2XEkQFcoMCuWVdka8.roa
File:                     0SeVtBNRVl2XEkQFcoMCuWVdka8.roa (raw, json)
Hash identifier:          6R5CgVqNVfurU81gaoVWy1ZrSypajHOdpObA5Qei37g=
Subject key identifier:   D1:27:95:B4:13:51:56:5D:97:12:44:05:72:83:02:B9:65:5D:91:AF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D52F90EEE86442330B5ABA89BB05286E1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0SeVtBNRVl2XEkQFcoMCuWVdka8.roa
Signing time:             Fri 03 Apr 2026 10:52:27 +0000
ROA not before:           Fri 03 Apr 2026 10:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        31.56.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:f9:0e:ee:86:44:23:30:b5:ab:a8:9b:b0:52:86:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  3 10:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d12795b41351565d97124405728302b9655d91af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:40:96:db:17:e9:16:ed:92:00:ec:64:fb:c4:
                    e7:42:30:4b:d9:5a:e9:27:62:62:1e:8b:8e:e1:90:
                    50:90:eb:b7:d1:bb:e1:bd:58:a4:92:95:c0:00:40:
                    9e:7e:2c:c9:56:3d:e9:68:ee:f7:e0:b2:60:e8:a1:
                    4b:4c:96:20:fc:f3:b8:a8:be:fb:38:c4:00:ce:f2:
                    e1:79:6c:34:82:d0:f2:df:be:d7:87:53:de:6b:58:
                    9e:5f:19:00:e9:c8:e0:bd:2a:e6:d5:45:22:c9:d5:
                    c1:e8:82:8d:40:53:db:93:dd:35:4d:02:2d:b5:d9:
                    c8:96:58:a9:23:55:39:3b:68:38:10:22:f8:ee:42:
                    61:c3:63:af:94:9f:46:a3:5a:b8:b3:e2:91:f2:42:
                    ff:c3:ce:dc:e5:d5:92:ef:ff:0f:7e:30:1e:2f:e5:
                    f0:86:ff:e1:67:33:04:56:7f:39:1b:00:4b:6a:cb:
                    1b:d9:21:6e:0b:6c:d2:2a:6e:60:36:eb:00:4f:46:
                    88:2c:94:d6:64:e4:4e:a3:14:28:ea:4b:32:85:9a:
                    d6:41:9a:90:b1:2c:6a:6e:fa:d4:2d:25:fa:6e:a2:
                    af:66:da:30:d2:be:c0:cd:52:52:64:e8:6d:c3:c6:
                    c3:95:88:6b:aa:32:7a:b7:cf:c3:b1:90:f1:27:2a:
                    91:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:27:95:B4:13:51:56:5D:97:12:44:05:72:83:02:B9:65:5D:91:AF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0SeVtBNRVl2XEkQFcoMCuWVdka8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e6:b0:8d:a7:d6:4e:26:be:34:b2:01:4c:93:59:ec:69:b9:
         a8:d3:80:b7:9b:67:56:e1:69:f7:0d:89:de:4c:4a:57:26:70:
         10:b3:87:f4:7a:ed:c8:6d:a8:36:8e:22:d8:79:f9:7a:cd:a2:
         bc:d2:04:70:da:e6:80:51:bb:b9:2b:c5:43:5f:aa:d9:e1:71:
         3e:d8:5b:36:d6:95:7c:33:48:26:be:dc:07:07:e2:65:fd:9b:
         1b:a0:12:39:67:c0:0e:73:79:8a:ea:54:a7:8b:42:a1:f8:cb:
         31:e2:88:0d:d8:3c:9d:fa:e0:8c:a7:a9:62:f6:b4:ac:5c:95:
         8d:47:bf:ef:bf:85:f5:5b:2d:c9:ae:d0:10:58:72:ed:78:14:
         68:52:0f:7a:0c:12:93:29:5e:b4:a8:99:af:be:57:d6:d9:7a:
         b0:0f:2c:04:39:4a:07:49:35:6f:58:a6:98:b4:21:29:51:4d:
         e7:36:fe:65:5d:76:94:61:05:b8:8c:14:45:98:76:54:ff:cf:
         24:2e:a1:91:3f:46:bc:b5:8d:73:cc:b2:fa:f9:7f:e2:d4:67:
         19:43:9b:93:6e:ed:2c:4e:8c:7c:bc:a9:97:22:9e:5d:d3:24:
         1a:1d:96:50:b0:ac:86:fe:21:40:3a:88:da:d0:c5:14:93:c5:
         46:16:6f:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1S+Q7uhkQjMLWrqJuwUobhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDAzMTA1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTI3OTViNDEzNTE1NjVkOTcxMjQ0MDU3MjgzMDJiOTY1NWQ5MWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUCW2xfpFu2SAOxk+8TnQjBL2Vrp
J2JiHouO4ZBQkOu30bvhvVikkpXAAECefizJVj3paO734LJg6KFLTJYg/PO4qL77
OMQAzvLheWw0gtDy377Xh1Pea1ieXxkA6cjgvSrm1UUiydXB6IKNQFPbk901TQIt
tdnIllipI1U5O2g4ECL47kJhw2OvlJ9Go1q4s+KR8kL/w87c5dWS7/8PfjAeL+Xw
hv/hZzMEVn85GwBLassb2SFuC2zSKm5gNusAT0aILJTWZOROoxQo6ksyhZrWQZqQ
sSxqbvrULSX6bqKvZtow0r7AzVJSZOhtw8bDlYhrqjJ6t8/DsZDxJyqRdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEnlbQTUVZdlxJEBXKDArllXZGvMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMFNlVnRCTlJWbDJYRWtRRmNvTUN1V1Zka2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzghMA0G
CSqGSIb3DQEBCwUAA4IBAQCs5rCNp9ZOJr40sgFMk1nsabmo04C3m2dW4Wn3DYne
TEpXJnAQs4f0eu3Ibag2jiLYefl6zaK80gRw2uaAUbu5K8VDX6rZ4XE+2Fs21pV8
M0gmvtwHB+Jl/ZsboBI5Z8AOc3mK6lSni0Kh+Msx4ogN2Dyd+uCMp6li9rSsXJWN
R7/vv4X1Wy3JrtAQWHLteBRoUg96DBKTKV60qJmvvlfW2XqwDywEOUoHSTVvWKaY
tCEpUU3nNv5lXXaUYQW4jBRFmHZU/88kLqGRP0a8tY1zzLL6+X/i1GcZQ5uTbu0s
Tox8vKmXIp5d0yQaHZZQsKyG/iFAOoja0MUUk8VGFm+B
-----END CERTIFICATE-----