Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KFO346h2A0ULbMnIffFDBAzOyi0.roa
File:                     KFO346h2A0ULbMnIffFDBAzOyi0.roa (raw, json)
Hash identifier:          hz5w1O1dUHX7prYCzkog/GvxPbN4eDCJVBJCfbSxhfg=
Subject key identifier:   28:53:B7:E3:A8:76:03:45:0B:6C:C9:C8:7D:F1:43:04:0C:CE:CA:2D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EBAC9E3560A35229B075AA11C225ED693
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KFO346h2A0ULbMnIffFDBAzOyi0.roa
Signing time:             Fri 12 Jun 2026 07:44:13 +0000
ROA not before:           Fri 12 Jun 2026 07:44:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        31.56.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:c9:e3:56:0a:35:22:9b:07:5a:a1:1c:22:5e:d6:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 12 07:44:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2853b7e3a87603450b6cc9c87df143040cceca2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8a:59:d6:9b:76:79:b8:0e:e2:0e:20:9b:55:
                    e9:e4:f4:c1:2d:61:e5:42:49:2d:b3:43:d4:93:b2:
                    ca:28:a6:b1:81:38:e1:ba:25:a8:87:3b:34:45:3f:
                    be:b5:19:73:fd:50:d7:ef:c9:3f:a8:56:de:38:8b:
                    f5:c2:92:f2:71:80:2f:f4:45:e5:0e:be:0d:7a:f2:
                    e4:b4:bb:f5:62:c9:9f:25:99:08:dc:e3:50:78:c7:
                    a3:c3:89:5d:57:a7:e6:66:52:44:6b:6d:3b:36:30:
                    f6:80:24:82:aa:b3:ca:d3:84:9d:33:d0:bd:ba:82:
                    89:a7:ae:20:9c:be:0d:47:8d:e8:73:3a:21:0b:a3:
                    4d:90:fb:dd:b3:2f:fc:1b:bf:fb:78:b3:3a:9f:5f:
                    27:48:fe:79:d8:74:1a:5e:6a:f5:ad:fc:c7:82:4f:
                    31:a8:c4:bd:93:a0:c2:86:b5:ed:61:eb:4a:64:5c:
                    27:d8:24:42:c4:88:4b:d2:bb:11:85:ee:96:48:34:
                    b2:60:55:de:62:62:ec:6d:9b:4e:ec:37:48:5b:c2:
                    87:a9:5d:88:04:25:f9:8d:d0:b4:ef:88:50:9e:5a:
                    78:78:aa:8a:83:24:18:10:a8:82:c9:41:e2:43:40:
                    e8:08:e9:73:b9:2c:66:4e:42:b1:bd:c2:02:88:2b:
                    48:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:53:B7:E3:A8:76:03:45:0B:6C:C9:C8:7D:F1:43:04:0C:CE:CA:2D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KFO346h2A0ULbMnIffFDBAzOyi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:76:e1:6d:c4:6b:f6:fd:05:e8:3c:f6:5b:eb:8f:70:bd:d6:
         e1:e7:3f:57:db:86:72:a4:03:8b:5b:68:de:5c:09:83:0b:a3:
         d5:2a:95:d7:63:5f:07:58:50:b5:69:02:86:6f:d2:3d:8f:ec:
         58:37:9f:90:50:21:19:13:16:e6:18:a9:23:3e:3a:fb:62:75:
         e1:5f:88:d5:07:eb:5b:12:a4:69:a2:6f:cf:ca:1a:8e:94:ac:
         d8:0a:28:c5:7d:58:95:fd:26:3b:5b:22:41:64:7f:ae:8b:03:
         a9:9d:f4:b3:2b:e0:4c:1c:6e:dc:d1:b4:8f:89:79:4b:04:45:
         9a:98:8b:ea:7a:3a:53:37:38:04:52:5a:5c:66:bd:fa:31:34:
         46:56:11:8c:29:40:e7:04:0d:e3:33:5b:2a:1b:c7:25:cc:08:
         2f:80:f3:5a:80:ef:09:63:2a:74:e5:39:70:4f:a9:dc:7b:9f:
         35:04:61:4f:c9:75:4c:61:46:11:b0:75:8e:a0:e8:5c:cb:04:
         70:6b:0d:c5:cc:4e:b2:1f:e2:be:0c:78:c3:d6:cf:e3:eb:7e:
         34:b3:d7:7c:90:4c:53:07:88:db:50:ed:bc:96:ca:0e:59:57:
         42:c3:21:d9:07:1c:1b:aa:d0:76:bb:10:46:97:f6:86:fe:e7:
         e5:89:0b:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ66yeNWCjUimwdaoRwiXtaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjEyMDc0NDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODUzYjdlM2E4NzYwMzQ1MGI2Y2M5Yzg3ZGYxNDMwNDBjY2VjYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYpZ1pt2ebgO4g4gm1Xp5PTBLWHl
Qkkts0PUk7LKKKaxgTjhuiWohzs0RT++tRlz/VDX78k/qFbeOIv1wpLycYAv9EXl
Dr4NevLktLv1YsmfJZkI3ONQeMejw4ldV6fmZlJEa207NjD2gCSCqrPK04SdM9C9
uoKJp64gnL4NR43oczohC6NNkPvdsy/8G7/7eLM6n18nSP552HQaXmr1rfzHgk8x
qMS9k6DChrXtYetKZFwn2CRCxIhL0rsRhe6WSDSyYFXeYmLsbZtO7DdIW8KHqV2I
BCX5jdC074hQnlp4eKqKgyQYEKiCyUHiQ0DoCOlzuSxmTkKxvcICiCtIGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChTt+OodgNFC2zJyH3xQwQMzsotMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvS0ZPMzQ2aDJBMFVMYk1uSWZmRkRCQXpPeWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzh6MA0G
CSqGSIb3DQEBCwUAA4IBAQA/duFtxGv2/QXoPPZb649wvdbh5z9X24ZypAOLW2je
XAmDC6PVKpXXY18HWFC1aQKGb9I9j+xYN5+QUCEZExbmGKkjPjr7YnXhX4jVB+tb
EqRpom/PyhqOlKzYCijFfViV/SY7WyJBZH+uiwOpnfSzK+BMHG7c0bSPiXlLBEWa
mIvqejpTNzgEUlpcZr36MTRGVhGMKUDnBA3jM1sqG8clzAgvgPNagO8JYyp05Tlw
T6nce581BGFPyXVMYUYRsHWOoOhcywRwaw3FzE6yH+K+DHjD1s/j6340s9d8kExT
B4jbUO28lsoOWVdCwyHZBxwbqtB2uxBGl/aG/ufliQvq
-----END CERTIFICATE-----