Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9c1rRPAXIyTUViCt0Dyf4H5pgVY.roa
File:                     9c1rRPAXIyTUViCt0Dyf4H5pgVY.roa (raw, json)
Hash identifier:          IqxarWmPvibaeZBHBwNTT253rFtQa3c5n0kS5r5aBzA=
Subject key identifier:   F5:CD:6B:44:F0:17:23:24:D4:56:20:AD:D0:3C:9F:E0:7E:69:81:56
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C8F77F07F48150663036073CE2AE7AD48
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9c1rRPAXIyTUViCt0Dyf4H5pgVY.roa
Signing time:             Tue 24 Feb 2026 11:45:28 +0000
ROA not before:           Tue 24 Feb 2026 11:45:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        31.57.50.0/24 maxlen: 24
                          31.57.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:77:f0:7f:48:15:06:63:03:60:73:ce:2a:e7:ad:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 24 11:45:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5cd6b44f0172324d45620add03c9fe07e698156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:bb:ec:89:7f:53:b4:cf:52:df:e3:a6:c0:57:
                    9b:d0:12:e6:ab:1d:18:52:75:35:e4:d2:ea:1a:3d:
                    6c:1a:9e:fa:af:46:6f:90:09:db:00:4e:65:5f:91:
                    cc:26:b1:27:5d:19:d8:02:c8:7c:58:d1:29:2c:08:
                    31:7f:ab:30:62:6b:63:d6:ec:bd:7c:5b:b3:9b:f6:
                    4e:5e:6d:96:00:4a:90:a8:ff:54:90:de:c9:6d:7d:
                    66:3e:6b:dd:3f:56:2b:47:da:50:66:ed:53:71:41:
                    af:01:da:ff:57:33:43:e2:0d:9c:a5:4c:39:9f:44:
                    cd:b2:ce:a2:95:09:b8:e4:8a:f5:03:e5:c1:db:54:
                    93:6a:6f:f4:02:aa:5e:04:09:a0:59:ac:d4:e3:8f:
                    eb:ba:b6:2c:07:0f:7d:b0:b7:69:5d:4f:fc:c1:3a:
                    a4:60:9a:da:28:68:a4:7f:bd:6d:7e:57:34:8b:9d:
                    36:d5:43:9c:81:63:8f:72:a0:7f:e6:99:e1:d5:a8:
                    85:16:97:3f:fd:72:84:3a:49:e1:07:76:67:d6:63:
                    7e:36:95:b2:32:b5:d4:82:f2:fe:be:40:c1:f7:f9:
                    15:b9:18:b4:54:89:e3:1b:2b:c0:16:d1:45:33:25:
                    46:32:99:93:c0:c2:4d:fe:cf:53:63:c2:48:01:e8:
                    dd:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:CD:6B:44:F0:17:23:24:D4:56:20:AD:D0:3C:9F:E0:7E:69:81:56
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9c1rRPAXIyTUViCt0Dyf4H5pgVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.50.0/24
                  31.57.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:6d:b1:2b:13:89:d9:f4:17:02:92:3a:83:7a:b3:99:0e:d9:
         a7:98:5a:ec:66:10:6d:71:34:d2:e2:d7:de:75:2d:7c:db:2d:
         e2:13:cc:9b:54:cb:cb:35:c6:8b:b7:41:ca:d9:e5:58:4b:ae:
         9f:84:07:a6:98:65:b0:94:42:60:41:76:69:a1:11:14:9b:61:
         f8:89:74:1b:b9:db:fe:06:37:2a:27:2e:4f:d1:60:f7:27:a0:
         37:47:f9:6a:79:c3:ed:fb:75:68:35:b8:67:cb:c2:d7:1d:9d:
         70:a0:08:52:fe:cf:8d:a8:d5:29:a9:e8:fe:30:8d:ad:a3:92:
         70:f7:2e:2d:b9:5e:42:f9:6b:1e:19:32:87:31:e0:e6:b1:cd:
         0a:d9:e1:c6:9b:92:56:df:55:19:3a:75:88:9c:1e:60:d6:39:
         d4:6e:02:7f:09:27:8e:47:18:bf:b6:b3:53:e5:ec:66:a8:36:
         93:1c:d2:dd:1b:7b:68:f3:d3:c7:5d:1d:96:22:91:1c:4e:e0:
         8c:89:01:0b:e7:c0:74:be:15:1d:eb:93:9b:ea:b5:e7:93:fb:
         b4:1e:56:96:d3:53:85:eb:5a:c2:6d:af:4a:f3:fb:4b:8f:20:
         04:b9:c4:e8:84:d4:54:3c:92:d3:06:a7:35:ca:8b:3a:e7:8b:
         4d:58:8c:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyPd/B/SBUGYwNgc84q561IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjI0MTE0NTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWNkNmI0NGYwMTcyMzI0ZDQ1NjIwYWRkMDNjOWZlMDdlNjk4MTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLvsiX9TtM9S3+OmwFeb0BLmqx0Y
UnU15NLqGj1sGp76r0ZvkAnbAE5lX5HMJrEnXRnYAsh8WNEpLAgxf6swYmtj1uy9
fFuzm/ZOXm2WAEqQqP9UkN7JbX1mPmvdP1YrR9pQZu1TcUGvAdr/VzND4g2cpUw5
n0TNss6ilQm45Ir1A+XB21STam/0AqpeBAmgWazU44/rurYsBw99sLdpXU/8wTqk
YJraKGikf71tflc0i5021UOcgWOPcqB/5pnh1aiFFpc//XKEOknhB3Zn1mN+NpWy
MrXUgvL+vkDB9/kVuRi0VInjGyvAFtFFMyVGMpmTwMJN/s9TY8JIAejdeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPXNa0TwFyMk1FYgrdA8n+B+aYFWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOWMxclJQQVhJeVRVVmlDdDBEeWY0SDVwZ1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzkyAwQA
Hzk8MA0GCSqGSIb3DQEBCwUAA4IBAQBYbbErE4nZ9BcCkjqDerOZDtmnmFrsZhBt
cTTS4tfedS182y3iE8ybVMvLNcaLt0HK2eVYS66fhAemmGWwlEJgQXZpoREUm2H4
iXQbudv+BjcqJy5P0WD3J6A3R/lqecPt+3VoNbhny8LXHZ1woAhS/s+NqNUpqej+
MI2to5Jw9y4tuV5C+WseGTKHMeDmsc0K2eHGm5JW31UZOnWInB5g1jnUbgJ/CSeO
Rxi/trNT5exmqDaTHNLdG3to89PHXR2WIpEcTuCMiQEL58B0vhUd65Ob6rXnk/u0
HlaW01OF61rCba9K8/tLjyAEucTohNRUPJLTBqc1yos654tNWIws
-----END CERTIFICATE-----