Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KpOfr1Po7JA6Kk5Icn5rNcm7bcs.roa
File:                     KpOfr1Po7JA6Kk5Icn5rNcm7bcs.roa (raw, json)
Hash identifier:          5LLdzzz/6MEiGcZ8Pds5kKUsfElBcr1oDAL1u73cQXA=
Subject key identifier:   2A:93:9F:AF:53:E8:EC:90:3A:2A:4E:48:72:7E:6B:35:C9:BB:6D:CB
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D8A738C458A16CED8B0EC6905ECBCF407
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KpOfr1Po7JA6Kk5Icn5rNcm7bcs.roa
Signing time:             Tue 14 Apr 2026 05:25:21 +0000
ROA not before:           Tue 14 Apr 2026 05:25:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205838
IP address blocks:        31.57.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8a:73:8c:45:8a:16:ce:d8:b0:ec:69:05:ec:bc:f4:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 14 05:25:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a939faf53e8ec903a2a4e48727e6b35c9bb6dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:4a:ed:93:9c:5a:54:f8:7c:bb:a8:51:c6:22:
                    fb:ed:03:18:8b:16:00:3d:ac:04:ff:f8:2a:ab:f7:
                    9d:7c:76:8f:e1:bf:9d:f6:fe:73:76:5d:8f:35:f1:
                    b6:eb:85:92:a1:2a:ee:d4:0b:fc:20:b7:60:46:47:
                    c0:e7:26:87:d8:0c:2a:9f:f7:64:c7:2b:1e:8c:86:
                    4f:11:01:e0:31:31:91:14:f4:11:f5:9d:fb:55:33:
                    ba:1a:cc:72:91:7b:c0:1f:e6:91:8f:52:76:43:a6:
                    74:b2:ba:ac:63:d4:97:37:c8:c0:12:45:fb:83:76:
                    47:d9:71:e7:2d:04:c0:2f:aa:20:3d:3f:d1:d0:d8:
                    40:05:60:ff:2b:1a:a8:5d:11:5a:84:a7:e7:91:e0:
                    3f:a1:b2:e1:73:df:cd:49:df:31:53:06:f9:c8:f4:
                    32:2f:ce:32:e6:ea:3e:7b:d2:63:ef:3d:13:90:ae:
                    24:fe:af:92:1a:28:04:b2:4d:59:c7:9b:ee:dd:0b:
                    fa:53:8f:04:01:11:1c:96:e0:aa:c6:7e:3a:76:e0:
                    59:86:a2:66:23:1f:ea:e3:8f:76:4a:7d:07:98:24:
                    6d:5f:3a:f2:6c:36:38:fb:21:a2:41:68:3b:16:08:
                    30:d0:4a:f6:3d:b2:92:91:b5:b9:0e:36:41:f1:01:
                    a4:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:93:9F:AF:53:E8:EC:90:3A:2A:4E:48:72:7E:6B:35:C9:BB:6D:CB
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KpOfr1Po7JA6Kk5Icn5rNcm7bcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:8c:d3:b6:11:5e:f5:6f:5b:a9:96:26:fa:ed:40:59:d0:b3:
         bd:a2:1c:92:87:f4:60:53:40:b9:3a:81:dd:1e:01:5b:9d:d1:
         fa:77:a4:21:52:f1:f0:02:09:d3:a8:9c:ec:97:df:c7:4d:59:
         79:29:70:e0:05:8d:45:59:8a:fe:90:f4:2d:b1:84:3f:c6:5f:
         6e:a6:cc:76:ec:6d:21:80:e4:9b:39:0a:d9:17:fa:5a:5c:c7:
         46:c1:ba:9c:1f:c5:a6:62:f0:9e:44:be:f1:f5:8a:05:b3:0d:
         63:d5:77:b1:bc:41:f3:8e:49:88:3d:3e:ff:cb:6c:1c:cd:bc:
         aa:ea:ff:87:c4:2b:e4:b8:a6:a6:13:30:20:32:a3:4d:3e:b7:
         d8:d6:e4:3e:0f:85:e8:d6:b0:7f:22:72:9a:a1:30:fb:16:ab:
         ed:04:c9:57:4c:a4:61:72:bf:12:fa:d5:23:64:a4:d7:06:02:
         19:a3:d7:45:d0:88:0f:d3:c2:6e:98:c2:7c:f5:1e:b1:ed:eb:
         9d:1e:6d:82:6b:79:fc:b4:86:16:25:be:e9:46:40:c9:8a:1c:
         e0:76:f3:4f:b6:9c:02:f9:04:26:0f:61:99:9a:a1:33:16:ee:
         0d:ea:56:4a:70:c1:3a:6d:b6:92:19:dc:77:79:64:9b:ac:3e:
         63:da:a8:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Kc4xFihbO2LDsaQXsvPQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDE0MDUyNTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTkzOWZhZjUzZThlYzkwM2EyYTRlNDg3MjdlNmIzNWM5YmI2ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ertk5xaVPh8u6hRxiL77QMYixYA
PawE//gqq/edfHaP4b+d9v5zdl2PNfG264WSoSru1Av8ILdgRkfA5yaH2Awqn/dk
xysejIZPEQHgMTGRFPQR9Z37VTO6GsxykXvAH+aRj1J2Q6Z0srqsY9SXN8jAEkX7
g3ZH2XHnLQTAL6ogPT/R0NhABWD/KxqoXRFahKfnkeA/obLhc9/NSd8xUwb5yPQy
L84y5uo+e9Jj7z0TkK4k/q+SGigEsk1Zx5vu3Qv6U48EAREcluCqxn46duBZhqJm
Ix/q4492Sn0HmCRtXzrybDY4+yGiQWg7Fggw0Er2PbKSkbW5DjZB8QGknwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqTn69T6OyQOipOSHJ+azXJu23LMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvS3BPZnIxUG83SkE2S2s1SWNuNXJOY203YmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzlCMA0G
CSqGSIb3DQEBCwUAA4IBAQBUjNO2EV71b1uplib67UBZ0LO9ohySh/RgU0C5OoHd
HgFbndH6d6QhUvHwAgnTqJzsl9/HTVl5KXDgBY1FWYr+kPQtsYQ/xl9upsx27G0h
gOSbOQrZF/paXMdGwbqcH8WmYvCeRL7x9YoFsw1j1XexvEHzjkmIPT7/y2wczbyq
6v+HxCvkuKamEzAgMqNNPrfY1uQ+D4Xo1rB/InKaoTD7FqvtBMlXTKRhcr8S+tUj
ZKTXBgIZo9dF0IgP08JumMJ89R6x7eudHm2Ca3n8tIYWJb7pRkDJihzgdvNPtpwC
+QQmD2GZmqEzFu4N6lZKcME6bbaSGdx3eWSbrD5j2qhW
-----END CERTIFICATE-----