Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Bj67FHFMUeiWq9V8KZvjtkIX-qg.roa
File:                     Bj67FHFMUeiWq9V8KZvjtkIX-qg.roa (raw, json)
Hash identifier:          Mx7yjfpE/Y0Kus9ZWoL84gGixsm2Z+DHNLCzBJxrFjo=
Subject key identifier:   06:3E:BB:14:71:4C:51:E8:96:AB:D5:7C:29:9B:E3:B6:42:17:FA:A8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D8025006C59344F9C82237F12F86E64FF
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Bj67FHFMUeiWq9V8KZvjtkIX-qg.roa
Signing time:             Sun 12 Apr 2026 05:23:21 +0000
ROA not before:           Sun 12 Apr 2026 05:23:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401856
IP address blocks:        31.56.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:48:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:80:25:00:6c:59:34:4f:9c:82:23:7f:12:f8:6e:64:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 12 05:23:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=063ebb14714c51e896abd57c299be3b64217faa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f5:40:a5:8e:d6:40:05:0f:ee:e5:eb:48:55:
                    fd:53:10:c6:cd:d7:84:3e:31:06:ff:b8:1d:e8:de:
                    7d:84:d4:72:0c:b7:3d:82:96:b4:35:80:3c:aa:93:
                    b2:eb:db:70:53:3c:06:31:ef:8b:bc:89:b8:36:e8:
                    2c:d0:66:61:9d:73:40:81:bf:ee:27:8b:a3:88:56:
                    a9:d1:07:75:00:c5:ac:be:6b:05:74:34:f4:e4:7a:
                    c7:e9:72:e4:ac:bd:5a:99:5a:f8:18:de:b7:c0:a1:
                    aa:fe:e0:6b:51:02:ea:81:96:35:fc:d8:e1:1c:de:
                    ad:96:f7:c0:1d:6e:b7:30:ac:e3:25:ee:e1:8b:58:
                    f4:c6:3c:13:4f:51:c8:ed:07:2b:e5:34:a2:6b:d2:
                    7b:a2:32:dd:ef:06:60:91:02:c9:25:f8:7e:6d:96:
                    3e:7b:a8:72:eb:87:98:61:7c:6c:7c:25:98:bb:80:
                    1c:35:a8:e2:74:24:99:e2:b3:0e:21:9e:ef:eb:d8:
                    b7:aa:25:25:7d:e2:fd:6a:a6:0d:ef:b6:9a:6c:d1:
                    f2:6e:2f:33:dc:49:85:67:7b:c0:72:d5:cc:b4:fa:
                    27:31:7a:1d:a2:ee:47:f1:65:9f:9a:4c:2b:98:97:
                    71:9d:f1:b4:7a:e2:4d:92:64:d8:01:40:c9:2d:c2:
                    f8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:3E:BB:14:71:4C:51:E8:96:AB:D5:7C:29:9B:E3:B6:42:17:FA:A8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Bj67FHFMUeiWq9V8KZvjtkIX-qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:38:11:88:11:90:64:90:45:32:de:31:1a:e1:2e:fb:8f:b1:
         3d:e4:ba:95:79:f9:3b:50:8f:56:15:26:07:3b:b9:03:78:2c:
         ad:8f:8e:fc:30:95:ef:89:06:d0:39:b1:14:09:fa:4b:16:60:
         d4:53:3d:86:4d:eb:29:10:d3:e9:ff:e3:9d:da:b2:ac:8f:59:
         b8:25:82:7e:f9:4b:a0:5d:35:04:ee:91:b9:42:01:2c:6f:a7:
         5f:84:a4:70:ec:90:c0:6b:77:3c:a3:9f:9e:3f:ea:28:6b:4c:
         9b:06:0c:e5:2a:68:57:48:bf:a1:be:e2:b9:fa:0e:13:31:ec:
         fd:ec:3d:97:75:a1:28:a9:32:d8:88:29:53:75:ed:9b:9b:d1:
         80:34:fe:69:0f:67:d6:83:c1:6f:35:40:9b:a8:d1:50:00:65:
         9b:73:43:3e:01:79:fc:3d:6b:a6:08:30:83:7b:75:9a:79:67:
         36:55:bb:7c:0d:18:bd:34:5a:ad:a3:a2:bc:90:75:3e:66:f2:
         ed:cb:27:b8:91:05:1c:96:53:95:18:0c:9c:51:f2:4f:ab:4c:
         b9:b5:6f:d5:d4:3b:b6:92:74:76:5b:0f:13:dc:74:89:f5:7c:
         84:5b:7f:01:97:6f:5d:45:37:63:54:09:17:c3:7b:1f:e9:31:
         39:14:3e:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2AJQBsWTRPnIIjfxL4bmT/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDEyMDUyMzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjNlYmIxNDcxNGM1MWU4OTZhYmQ1N2MyOTliZTNiNjQyMTdmYWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fVApY7WQAUP7uXrSFX9UxDGzdeE
PjEG/7gd6N59hNRyDLc9gpa0NYA8qpOy69twUzwGMe+LvIm4Nugs0GZhnXNAgb/u
J4ujiFap0Qd1AMWsvmsFdDT05HrH6XLkrL1amVr4GN63wKGq/uBrUQLqgZY1/Njh
HN6tlvfAHW63MKzjJe7hi1j0xjwTT1HI7Qcr5TSia9J7ojLd7wZgkQLJJfh+bZY+
e6hy64eYYXxsfCWYu4AcNajidCSZ4rMOIZ7v69i3qiUlfeL9aqYN77aabNHybi8z
3EmFZ3vActXMtPonMXodou5H8WWfmkwrmJdxnfG0euJNkmTYAUDJLcL4uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAY+uxRxTFHolqvVfCmb47ZCF/qoMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQmo2N0ZIRk1VZWlXcTlWOEtadmp0a0lYLXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhFMA0G
CSqGSIb3DQEBCwUAA4IBAQCSOBGIEZBkkEUy3jEa4S77j7E95LqVefk7UI9WFSYH
O7kDeCytj478MJXviQbQObEUCfpLFmDUUz2GTespENPp/+Od2rKsj1m4JYJ++Uug
XTUE7pG5QgEsb6dfhKRw7JDAa3c8o5+eP+ooa0ybBgzlKmhXSL+hvuK5+g4TMez9
7D2XdaEoqTLYiClTde2bm9GANP5pD2fWg8FvNUCbqNFQAGWbc0M+AXn8PWumCDCD
e3WaeWc2Vbt8DRi9NFqto6K8kHU+ZvLtyye4kQUcllOVGAycUfJPq0y5tW/V1Du2
knR2Ww8T3HSJ9XyEW38Bl29dRTdjVAkXw3sf6TE5FD64
-----END CERTIFICATE-----