Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VVhpBbEp9s52kR_ksH11vZm_N3Q.roa
File:                     VVhpBbEp9s52kR_ksH11vZm_N3Q.roa (raw, json)
Hash identifier:          2WVl4GfLLrYwM3aVjhRxqeGENIKXwLuaNGREb58P7kI=
Subject key identifier:   55:58:69:05:B1:29:F6:CE:76:91:1F:E4:B0:7D:75:BD:99:BF:37:74
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C98ED8DAD64A5C147C5BA8D03A58F3D28
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VVhpBbEp9s52kR_ksH11vZm_N3Q.roa
Signing time:             Thu 26 Feb 2026 07:50:30 +0000
ROA not before:           Thu 26 Feb 2026 07:50:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64439
IP address blocks:        31.56.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:37:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:98:ed:8d:ad:64:a5:c1:47:c5:ba:8d:03:a5:8f:3d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 26 07:50:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55586905b129f6ce76911fe4b07d75bd99bf3774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8e:70:7d:be:f9:b0:a7:4d:5f:40:68:fe:77:
                    d0:f4:4f:bb:1b:db:de:b0:64:1f:e5:e3:e1:2c:3a:
                    32:59:be:af:3d:31:88:6b:33:e1:4a:38:09:0d:00:
                    20:da:f7:74:00:47:e5:f4:74:c9:98:66:d9:89:e8:
                    57:4f:85:21:df:d4:8a:06:d7:de:76:d5:1d:16:12:
                    e0:fd:12:1a:b1:37:a1:f8:50:e7:39:7a:0c:fd:d3:
                    9d:49:57:07:36:7a:c2:62:2b:71:5d:54:85:33:bb:
                    f5:ec:ad:28:d1:9e:ea:e9:30:9b:92:06:b5:f6:11:
                    6b:24:f8:6e:1f:e3:ac:0f:a6:4d:19:9b:bb:8b:22:
                    2b:72:45:d5:03:ab:50:5e:29:e6:81:71:f7:58:29:
                    2d:be:4a:1f:2b:d6:8a:9c:93:21:b4:9a:af:cd:ac:
                    8a:50:6f:4e:52:29:c4:b6:97:d7:f3:e5:f6:cc:a1:
                    5d:c0:d1:03:32:98:8a:bf:91:89:d2:bf:45:df:e7:
                    b8:a9:df:6c:cb:a1:9d:11:8c:ac:3f:fb:a1:9b:9e:
                    61:0c:b8:c9:8f:1b:8a:83:fb:76:60:c2:ca:4c:d5:
                    db:37:65:00:8c:05:a0:dd:3c:d0:e2:6a:2b:33:c0:
                    28:7b:a9:18:5d:6a:54:62:d6:24:e2:12:24:7b:bb:
                    0a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:58:69:05:B1:29:F6:CE:76:91:1F:E4:B0:7D:75:BD:99:BF:37:74
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VVhpBbEp9s52kR_ksH11vZm_N3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:4f:db:74:09:c7:1b:b7:28:e8:41:aa:f3:6c:58:9c:c1:97:
         4a:11:62:6e:ec:0b:95:e8:1b:1d:13:8b:a8:7d:70:5d:36:9e:
         3b:e7:91:f8:02:3f:d9:55:e7:87:a6:e5:37:47:d1:ed:1b:ca:
         77:99:75:1c:60:8b:e1:ff:85:e1:21:a3:d4:a6:5a:be:f1:78:
         8d:67:10:b2:d9:e4:1a:27:9c:f2:2c:f3:87:39:bf:ce:87:6f:
         09:36:e6:93:95:41:8a:28:70:21:7e:df:88:a7:5e:17:ae:7a:
         44:8d:29:f9:5d:de:cc:ad:39:be:f5:5b:f9:e1:b2:d3:8d:6d:
         84:83:d3:40:87:65:58:51:12:5f:9b:23:4c:5a:19:51:80:83:
         8b:db:76:6c:bc:65:b5:99:3d:3a:c7:52:50:06:fd:a0:ae:ed:
         b0:e7:80:c0:a0:4a:5b:75:50:f3:7d:e3:ba:51:93:da:76:76:
         1e:a4:23:e6:54:26:42:3c:5b:41:01:77:91:22:d0:d6:72:f8:
         e9:1b:eb:41:ff:09:9e:73:ff:64:a3:9e:85:76:3a:f9:67:11:
         ff:65:cb:0b:1e:ac:35:b5:d9:1f:c6:b7:30:a4:51:df:d9:6b:
         1b:66:96:ce:08:a0:cc:e7:23:db:6d:83:78:49:5b:7b:c4:93:
         ac:07:c7:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyY7Y2tZKXBR8W6jQOljz0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjI2MDc1MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTU4NjkwNWIxMjlmNmNlNzY5MTFmZTRiMDdkNzViZDk5YmYzNzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAko5wfb75sKdNX0Bo/nfQ9E+7G9ve
sGQf5ePhLDoyWb6vPTGIazPhSjgJDQAg2vd0AEfl9HTJmGbZiehXT4Uh39SKBtfe
dtUdFhLg/RIasTeh+FDnOXoM/dOdSVcHNnrCYitxXVSFM7v17K0o0Z7q6TCbkga1
9hFrJPhuH+OsD6ZNGZu7iyIrckXVA6tQXinmgXH3WCktvkofK9aKnJMhtJqvzayK
UG9OUinEtpfX8+X2zKFdwNEDMpiKv5GJ0r9F3+e4qd9sy6GdEYysP/uhm55hDLjJ
jxuKg/t2YMLKTNXbN2UAjAWg3TzQ4morM8Aoe6kYXWpUYtYk4hIke7sKvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVYaQWxKfbOdpEf5LB9db2Zvzd0MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVlZocEJiRXA5czUya1Jfa3NIMTF2Wm1fTjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjTMA0G
CSqGSIb3DQEBCwUAA4IBAQBBT9t0CccbtyjoQarzbFicwZdKEWJu7AuV6BsdE4uo
fXBdNp4755H4Aj/ZVeeHpuU3R9HtG8p3mXUcYIvh/4XhIaPUplq+8XiNZxCy2eQa
J5zyLPOHOb/Oh28JNuaTlUGKKHAhft+Ip14XrnpEjSn5Xd7MrTm+9Vv54bLTjW2E
g9NAh2VYURJfmyNMWhlRgIOL23ZsvGW1mT06x1JQBv2gru2w54DAoEpbdVDzfeO6
UZPadnYepCPmVCZCPFtBAXeRItDWcvjpG+tB/wmec/9ko56Fdjr5ZxH/ZcsLHqw1
tdkfxrcwpFHf2WsbZpbOCKDM5yPbbYN4SVt7xJOsB8cd
-----END CERTIFICATE-----