Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/H0VAvtler--giIRKYSGE5Yv10R0.roa
File:                     H0VAvtler--giIRKYSGE5Yv10R0.roa (raw, json)
Hash identifier:          Ih6KTbc0QZMeU9WpBHjd1SX2NcNaaDR5xKGuuANOId0=
Subject key identifier:   1F:45:40:BE:D9:5E:AF:EF:A0:88:84:4A:61:21:84:E5:8B:F5:D1:1D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C8AD481154E243DEABA30ED667D9D32A1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/H0VAvtler--giIRKYSGE5Yv10R0.roa
Signing time:             Mon 23 Feb 2026 14:08:28 +0000
ROA not before:           Mon 23 Feb 2026 14:08:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        31.57.37.0/24 maxlen: 24
                          31.57.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:d4:81:15:4e:24:3d:ea:ba:30:ed:66:7d:9d:32:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 23 14:08:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f4540bed95eafefa088844a612184e58bf5d11d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:75:d0:e2:9f:ea:18:41:ff:06:07:4c:e7:0e:
                    c1:89:08:0a:62:e7:50:29:a5:58:f3:6b:07:ab:c6:
                    dc:9b:c7:97:2b:33:88:ab:e2:f5:5f:59:61:c8:6a:
                    16:41:12:0e:1b:64:b7:c5:24:2e:74:5c:ba:2d:d0:
                    ce:c4:72:fa:00:88:f8:63:f7:33:28:db:5a:05:95:
                    c4:f0:58:7c:99:23:29:e6:32:d1:cd:9b:dd:dc:db:
                    fb:29:4e:12:02:44:93:45:40:26:0d:34:46:b6:be:
                    66:d5:f1:a9:82:97:af:65:b2:aa:ab:01:52:94:21:
                    50:37:da:23:54:17:e1:46:19:8c:fa:45:b9:5e:8a:
                    d8:9e:be:33:9a:ab:8f:dd:46:5c:fd:93:fa:ef:46:
                    ed:52:ea:9d:5b:c2:0a:b6:f4:35:a4:76:23:01:27:
                    65:67:8d:0b:57:05:7e:d9:67:aa:75:45:6e:10:d2:
                    33:5a:29:5e:da:f8:10:00:dc:85:dc:aa:c0:90:83:
                    88:9f:87:5f:69:c0:a9:24:8b:d7:14:a2:35:56:19:
                    53:69:77:ce:71:6e:4c:1e:6c:28:53:86:69:1b:17:
                    62:ff:7b:e9:69:e4:62:19:ea:1c:7e:2c:c6:0b:b8:
                    4e:b7:a9:48:31:8d:6d:f5:7d:d2:e4:17:f8:26:61:
                    f5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:45:40:BE:D9:5E:AF:EF:A0:88:84:4A:61:21:84:E5:8B:F5:D1:1D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/H0VAvtler--giIRKYSGE5Yv10R0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.37.0/24
                  31.57.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:bd:b5:ef:de:43:2b:39:4d:a1:cf:fe:d3:a3:0a:39:41:58:
         9b:5b:bf:b2:e7:dc:7f:d2:3e:17:8e:c6:6c:96:bb:5f:7e:8a:
         10:a8:81:33:4c:22:66:54:c4:1f:e2:20:24:7d:6f:71:8f:57:
         00:52:50:e2:d8:b7:63:be:86:7a:81:c0:59:8a:6b:04:ca:d3:
         95:c0:69:1f:a2:6a:f7:6f:0b:11:d2:04:6b:41:43:6e:37:39:
         21:8e:d1:ca:6e:c7:51:af:7d:41:79:09:ce:d9:ba:53:1e:9f:
         42:96:a6:2a:31:c1:f0:d0:4e:a9:3c:d6:e9:f0:c1:f6:cd:38:
         b5:04:b5:83:f0:f3:58:9a:48:05:be:4d:f0:fe:82:2f:cb:9b:
         1b:85:5d:91:68:70:2c:0c:a7:5a:a6:07:de:83:4a:b6:1e:12:
         e6:aa:52:96:ff:56:02:73:78:f8:c9:30:aa:e4:7c:d7:e8:04:
         26:0b:94:80:e7:a5:78:2b:6a:5e:b5:b8:bc:1c:c1:58:dd:c6:
         a9:f4:5b:83:eb:7c:64:3a:a5:6e:83:6a:a3:60:9d:15:29:57:
         cd:0e:31:6b:b9:ea:48:c6:17:4b:79:25:ed:19:7b:b3:1b:54:
         ae:14:e4:49:ec:c3:1b:65:44:49:97:6f:12:27:b7:a2:76:41:
         ec:32:13:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyK1IEVTiQ96row7WZ9nTKhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjIzMTQwODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjQ1NDBiZWQ5NWVhZmVmYTA4ODg0NGE2MTIxODRlNThiZjVkMTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHXQ4p/qGEH/BgdM5w7BiQgKYudQ
KaVY82sHq8bcm8eXKzOIq+L1X1lhyGoWQRIOG2S3xSQudFy6LdDOxHL6AIj4Y/cz
KNtaBZXE8Fh8mSMp5jLRzZvd3Nv7KU4SAkSTRUAmDTRGtr5m1fGpgpevZbKqqwFS
lCFQN9ojVBfhRhmM+kW5XorYnr4zmquP3UZc/ZP670btUuqdW8IKtvQ1pHYjASdl
Z40LVwV+2WeqdUVuENIzWile2vgQANyF3KrAkIOIn4dfacCpJIvXFKI1VhlTaXfO
cW5MHmwoU4ZpGxdi/3vpaeRiGeocfizGC7hOt6lIMY1t9X3S5Bf4JmH1bQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB9FQL7ZXq/voIiESmEhhOWL9dEdMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSDBWQXZ0bGVyLS1naUlSS1lTR0U1WXYxMFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzklAwQA
Hzm5MA0GCSqGSIb3DQEBCwUAA4IBAQBjvbXv3kMrOU2hz/7Towo5QVibW7+y59x/
0j4XjsZslrtffooQqIEzTCJmVMQf4iAkfW9xj1cAUlDi2LdjvoZ6gcBZimsEytOV
wGkfomr3bwsR0gRrQUNuNzkhjtHKbsdRr31BeQnO2bpTHp9ClqYqMcHw0E6pPNbp
8MH2zTi1BLWD8PNYmkgFvk3w/oIvy5sbhV2RaHAsDKdapgfeg0q2HhLmqlKW/1YC
c3j4yTCq5HzX6AQmC5SA56V4K2petbi8HMFY3cap9FuD63xkOqVug2qjYJ0VKVfN
DjFruepIxhdLeSXtGXuzG1SuFORJ7MMbZURJl28SJ7eidkHsMhPY
-----END CERTIFICATE-----