Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GHhczmq2wmBc3KqMQBANvT0T83w.roa
File:                     GHhczmq2wmBc3KqMQBANvT0T83w.roa (raw, json)
Hash identifier:          wHsFBuqiZRzxrsl4atQeOjtXIT1DXCOWd0FAiBT1A64=
Subject key identifier:   18:78:5C:CE:6A:B6:C2:60:5C:DC:AA:8C:40:10:0D:BD:3D:13:F3:7C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E6D33C19904FDAC08520BC05512728370
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GHhczmq2wmBc3KqMQBANvT0T83w.roa
Signing time:             Thu 28 May 2026 06:09:28 +0000
ROA not before:           Thu 28 May 2026 06:09:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198805
IP address blocks:        31.56.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6d:33:c1:99:04:fd:ac:08:52:0b:c0:55:12:72:83:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 28 06:09:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=18785cce6ab6c2605cdcaa8c40100dbd3d13f37c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:49:c6:1b:ab:89:4d:f2:85:fe:8c:31:cf:5c:
                    90:9b:a7:5b:18:0d:a3:91:fb:cc:b0:bd:c1:4a:74:
                    e6:6f:7b:75:87:b0:7f:10:43:14:d0:dc:08:43:f8:
                    33:ed:dd:1b:8c:e4:66:d6:7c:1f:a2:1c:60:47:b6:
                    70:a8:c5:04:f6:f6:0a:ee:59:28:3b:38:cc:5a:b8:
                    7b:99:fe:61:54:fa:46:8c:3a:4f:99:55:48:26:84:
                    85:90:c9:48:ab:12:5a:3b:40:0a:34:17:35:cd:25:
                    a9:c6:3d:52:89:1f:5b:72:bf:c0:15:d3:19:42:07:
                    42:94:ee:ea:a5:fa:18:22:8c:96:a6:47:fc:30:6e:
                    71:ec:8b:f2:43:97:af:b3:fa:50:ad:a5:70:38:49:
                    3a:3d:db:9d:8e:26:51:1d:20:7a:2a:34:cc:d7:7f:
                    e3:9f:1b:ae:83:12:6e:d3:ff:bc:35:91:20:7e:e9:
                    ee:3a:56:cf:f0:c0:74:89:3b:ac:01:72:35:59:71:
                    74:36:f4:16:8b:5d:80:11:74:11:1d:e6:23:fa:49:
                    3d:bf:8e:11:07:c0:61:df:6a:02:8f:56:e1:96:ab:
                    bc:41:1d:87:ae:30:a6:c4:16:35:e3:b3:b1:a1:35:
                    5a:dc:61:01:b8:71:c8:23:82:d2:b4:75:f7:3d:5b:
                    73:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:78:5C:CE:6A:B6:C2:60:5C:DC:AA:8C:40:10:0D:BD:3D:13:F3:7C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GHhczmq2wmBc3KqMQBANvT0T83w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:46:c7:b3:f9:75:ff:ef:a3:91:4e:db:da:5b:48:17:7f:9c:
         32:24:91:84:9c:4f:f0:ba:af:c0:ea:72:4f:56:95:31:b1:bb:
         bd:86:e5:b8:00:ae:9e:92:7a:ff:b9:15:cc:1d:e8:ee:b6:eb:
         d8:63:9b:d9:0a:b3:e5:49:9c:d0:0a:3a:72:09:40:3a:2f:25:
         aa:c8:d8:e9:8d:2f:a5:cc:9e:d1:8d:86:0e:aa:83:a0:e8:f1:
         8f:76:35:92:d6:44:90:0b:2c:aa:08:f1:79:8e:b2:34:4a:cd:
         6a:5f:fb:55:63:18:f8:40:c9:b0:21:b6:5f:c7:e9:89:61:db:
         54:ed:a0:a3:40:9b:d8:9c:b3:59:fc:2b:b7:a2:e9:b5:6f:72:
         cd:88:6f:11:b5:d8:05:11:10:30:ef:63:39:15:78:c8:48:da:
         63:82:57:37:b4:6c:29:85:b3:4d:55:37:3b:54:ce:73:4c:0f:
         81:66:33:88:a3:8d:a9:fa:f1:49:2e:57:87:52:17:b6:bd:0a:
         bf:83:cb:02:18:0e:0b:0e:12:cb:58:35:b8:a3:ba:fd:23:43:
         ce:f4:82:0f:cd:cc:44:60:74:81:22:b6:04:35:81:a8:20:0a:
         b3:7f:8f:a7:39:87:82:9b:ad:ed:51:70:2d:f4:f0:3f:d8:15:
         90:69:f9:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5tM8GZBP2sCFILwFUScoNwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTI4MDYwOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODc4NWNjZTZhYjZjMjYwNWNkY2FhOGM0MDEwMGRiZDNkMTNmMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20nGG6uJTfKF/owxz1yQm6dbGA2j
kfvMsL3BSnTmb3t1h7B/EEMU0NwIQ/gz7d0bjORm1nwfohxgR7ZwqMUE9vYK7lko
OzjMWrh7mf5hVPpGjDpPmVVIJoSFkMlIqxJaO0AKNBc1zSWpxj1SiR9bcr/AFdMZ
QgdClO7qpfoYIoyWpkf8MG5x7IvyQ5evs/pQraVwOEk6PdudjiZRHSB6KjTM13/j
nxuugxJu0/+8NZEgfunuOlbP8MB0iTusAXI1WXF0NvQWi12AEXQRHeYj+kk9v44R
B8Bh32oCj1bhlqu8QR2HrjCmxBY147OxoTVa3GEBuHHII4LStHX3PVtzRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBh4XM5qtsJgXNyqjEAQDb09E/N8MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvR0hoY3ptcTJ3bUJjM0txTVFCQU52VDBUODN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzinMA0G
CSqGSIb3DQEBCwUAA4IBAQA1Rsez+XX/76ORTtvaW0gXf5wyJJGEnE/wuq/A6nJP
VpUxsbu9huW4AK6eknr/uRXMHejutuvYY5vZCrPlSZzQCjpyCUA6LyWqyNjpjS+l
zJ7RjYYOqoOg6PGPdjWS1kSQCyyqCPF5jrI0Ss1qX/tVYxj4QMmwIbZfx+mJYdtU
7aCjQJvYnLNZ/Cu3oum1b3LNiG8RtdgFERAw72M5FXjISNpjglc3tGwphbNNVTc7
VM5zTA+BZjOIo42p+vFJLleHUhe2vQq/g8sCGA4LDhLLWDW4o7r9I0PO9IIPzcxE
YHSBIrYENYGoIAqzf4+nOYeCm63tUXAt9PA/2BWQafkZ
-----END CERTIFICATE-----