Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GUtpcnf0Dk0nZj5HNqzYIhFuoO4.roa
File:                     GUtpcnf0Dk0nZj5HNqzYIhFuoO4.roa (raw, json)
Hash identifier:          7NyT2WUf4UZiumc1WGOQLkDsRy06uvOLeVnerC458CU=
Subject key identifier:   19:4B:69:72:77:F4:0E:4D:27:66:3E:47:36:AC:D8:22:11:6E:A0:EE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E7D2182C0BDA3974904F0E274F0F7F2DB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GUtpcnf0Dk0nZj5HNqzYIhFuoO4.roa
Signing time:             Sun 31 May 2026 08:23:28 +0000
ROA not before:           Sun 31 May 2026 08:23:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210464
IP address blocks:        31.57.56.0/24 maxlen: 24
                          217.60.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7d:21:82:c0:bd:a3:97:49:04:f0:e2:74:f0:f7:f2:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 31 08:23:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=194b697277f40e4d27663e4736acd822116ea0ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7a:8f:fd:d9:6d:59:fa:fb:e9:d0:ec:6d:a2:
                    26:e5:96:bd:20:7a:1e:09:79:02:58:62:53:1f:1f:
                    c6:d0:26:82:77:26:96:f4:87:5c:a4:1c:19:a9:8a:
                    35:99:a4:7c:0d:14:fb:b1:54:dc:a5:b7:db:54:19:
                    9c:df:ff:b6:3f:d1:b7:f6:5c:9a:14:74:b7:77:66:
                    7f:0a:78:c7:73:97:93:e7:8d:ef:83:18:92:e4:ba:
                    76:1e:71:70:c8:3a:41:f4:a2:05:61:da:98:35:42:
                    14:34:93:ef:e6:86:31:de:92:94:09:dd:62:16:2f:
                    81:95:11:49:ea:4b:46:63:2d:23:cb:44:60:0b:3c:
                    2e:46:6c:b3:c7:99:1a:10:06:f3:e5:38:ef:1d:37:
                    50:33:1d:fe:71:db:2f:af:10:fc:59:23:4c:35:ff:
                    50:78:8d:ff:fc:46:04:b4:fd:9b:ab:a9:8c:35:79:
                    29:90:3f:b5:d2:76:3f:e4:df:d7:2f:a7:e2:d0:b9:
                    9b:b5:10:b9:7d:c6:69:7b:4f:98:b1:c7:c5:b3:29:
                    42:d2:85:f0:a9:95:c2:6a:90:3e:51:09:7c:81:55:
                    a2:7c:17:d3:23:fc:33:d3:18:69:60:e6:9b:12:0e:
                    a6:fe:3a:eb:13:44:f9:14:0c:34:e4:20:17:75:ad:
                    88:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:4B:69:72:77:F4:0E:4D:27:66:3E:47:36:AC:D8:22:11:6E:A0:EE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GUtpcnf0Dk0nZj5HNqzYIhFuoO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.56.0/24
                  217.60.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:97:08:a9:d7:e1:63:b1:98:3a:4d:e2:16:c5:70:d0:c2:c9:
         f3:bc:91:e3:bb:c0:ec:94:89:99:4c:25:d3:8b:23:6d:8d:5a:
         f6:a5:aa:e6:96:75:52:f7:65:56:9b:ec:a9:08:b2:26:03:1a:
         d4:7f:30:a5:6d:15:91:14:dc:01:9c:3b:a5:b5:32:16:e6:86:
         d3:1b:80:3a:cf:c9:96:54:59:0d:23:41:a6:b1:6a:2a:66:e7:
         d4:70:a4:0a:d5:b6:12:6c:f5:e4:b3:7e:fd:68:10:f9:fb:a1:
         24:28:7f:b5:a1:67:9a:e4:28:b8:84:ad:b7:ac:f0:2f:3d:c5:
         55:82:66:17:9d:40:88:85:7e:ed:82:e7:92:c2:36:41:3d:2e:
         e2:ad:d8:98:e8:1b:45:1e:f5:45:54:18:e1:11:6a:e1:25:bd:
         7e:26:ca:b5:a3:52:24:e1:dc:85:88:b0:15:ef:cc:48:81:5c:
         ac:d0:1f:0b:03:bc:e3:44:63:3c:15:a0:89:7e:20:ef:10:ff:
         13:94:a4:c1:5d:e8:27:08:69:bf:23:09:42:52:eb:65:45:57:
         79:90:7e:e9:75:c0:56:75:e7:c5:e7:95:b3:06:38:e4:be:b5:
         4d:d3:86:68:ec:64:dc:76:79:e4:c0:43:80:93:01:1f:2d:4d:
         db:b3:44:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ59IYLAvaOXSQTw4nTw9/LbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTMxMDgyMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTRiNjk3Mjc3ZjQwZTRkMjc2NjNlNDczNmFjZDgyMjExNmVhMGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXqP/dltWfr76dDsbaIm5Za9IHoe
CXkCWGJTHx/G0CaCdyaW9IdcpBwZqYo1maR8DRT7sVTcpbfbVBmc3/+2P9G39lya
FHS3d2Z/CnjHc5eT543vgxiS5Lp2HnFwyDpB9KIFYdqYNUIUNJPv5oYx3pKUCd1i
Fi+BlRFJ6ktGYy0jy0RgCzwuRmyzx5kaEAbz5TjvHTdQMx3+cdsvrxD8WSNMNf9Q
eI3//EYEtP2bq6mMNXkpkD+10nY/5N/XL6fi0LmbtRC5fcZpe0+YscfFsylC0oXw
qZXCapA+UQl8gVWifBfTI/wz0xhpYOabEg6m/jrrE0T5FAw05CAXda2IRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBlLaXJ39A5NJ2Y+Rzas2CIRbqDuMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvR1V0cGNuZjBEazBuWmo1SE5xellJaEZ1b080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzk4AwQA
2TxgMA0GCSqGSIb3DQEBCwUAA4IBAQAVlwip1+FjsZg6TeIWxXDQwsnzvJHju8Ds
lImZTCXTiyNtjVr2parmlnVS92VWm+ypCLImAxrUfzClbRWRFNwBnDultTIW5obT
G4A6z8mWVFkNI0GmsWoqZufUcKQK1bYSbPXks379aBD5+6EkKH+1oWea5Ci4hK23
rPAvPcVVgmYXnUCIhX7tgueSwjZBPS7irdiY6BtFHvVFVBjhEWrhJb1+Jsq1o1Ik
4dyFiLAV78xIgVys0B8LA7zjRGM8FaCJfiDvEP8TlKTBXegnCGm/IwlCUutlRVd5
kH7pdcBWdefF55WzBjjkvrVN04Zo7GTcdnnkwEOAkwEfLU3bs0Rg
-----END CERTIFICATE-----