Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WaprGDavamLM2IW_3yjsZI12ZzE.roa
File:                     WaprGDavamLM2IW_3yjsZI12ZzE.roa (raw, json)
Hash identifier:          6MQEnk6TbbAU1Jp7sXkKM84sD5gQ5/rnacbgKmSOAkM=
Subject key identifier:   59:AA:6B:18:36:AF:6A:62:CC:D8:85:BF:DF:28:EC:64:8D:76:67:31
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C7A2559E12683CCDB76C9A337F0355B28
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WaprGDavamLM2IW_3yjsZI12ZzE.roa
Signing time:             Fri 20 Feb 2026 08:23:14 +0000
ROA not before:           Fri 20 Feb 2026 08:23:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400909
IP address blocks:        31.56.125.0/24 maxlen: 24
                          31.57.148.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:25:59:e1:26:83:cc:db:76:c9:a3:37:f0:35:5b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 20 08:23:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59aa6b1836af6a62ccd885bfdf28ec648d766731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bf:7a:5a:f3:91:f3:57:2d:42:8b:07:af:25:
                    61:ac:5f:4a:62:25:97:88:60:56:78:10:d7:ac:16:
                    96:e0:b7:c1:cd:a6:70:4b:dc:fc:58:8a:02:48:51:
                    9f:6d:16:2e:c2:b0:76:4a:d8:86:1f:68:4a:0d:39:
                    75:84:c4:bb:4f:60:f8:b2:ff:ce:cc:11:c0:c0:67:
                    46:ab:2b:4b:b1:2c:be:f8:e2:3d:27:72:bf:22:89:
                    25:5c:90:d1:0b:cc:20:3a:3c:06:8e:bb:11:9a:0e:
                    3a:65:61:a4:a2:44:66:e3:e6:fa:5b:ed:3d:93:7b:
                    4a:ab:26:21:13:2b:dd:d0:9a:59:3b:77:9a:15:30:
                    a7:8b:f1:ee:fe:8b:08:97:2d:8a:1b:d9:a7:01:b2:
                    a9:72:70:08:69:0e:6c:38:1a:a5:20:b0:63:08:a8:
                    34:81:eb:63:9c:42:1c:7e:db:5a:a1:67:9c:a0:40:
                    10:54:33:95:dc:c4:b4:ad:c5:91:20:5e:ea:4c:db:
                    2e:7c:cf:d6:f6:df:eb:04:91:b9:61:85:03:e7:b2:
                    b1:9e:d6:0c:2d:ff:55:17:96:42:5e:9e:41:5c:bc:
                    0e:d1:13:7a:16:14:43:c6:b6:d4:84:46:3a:cb:65:
                    78:a8:43:17:d1:99:18:8b:05:57:85:71:c6:9b:f0:
                    81:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:AA:6B:18:36:AF:6A:62:CC:D8:85:BF:DF:28:EC:64:8D:76:67:31
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WaprGDavamLM2IW_3yjsZI12ZzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.125.0/24
                  31.57.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:06:b0:95:36:65:83:e7:82:20:a9:8d:e7:fe:67:45:84:41:
         ff:07:c3:12:2f:f9:2e:53:3d:a3:04:2d:c5:91:ba:a9:76:51:
         78:08:d7:97:48:69:03:73:ad:16:34:0b:f9:05:a7:8f:56:2b:
         27:40:95:2a:40:89:1c:00:6b:ec:c5:57:58:e4:d9:ec:21:3b:
         71:24:91:48:1f:26:f7:c0:08:18:f5:0d:5b:54:0c:ca:a5:09:
         8b:31:72:2c:06:e3:21:50:07:6d:84:5c:9a:cd:7f:16:4c:d4:
         8f:76:74:79:80:d6:17:0d:da:a3:19:17:af:c2:ab:f6:e7:ac:
         bd:65:75:eb:7e:d3:e8:5c:8f:ec:b2:d3:a6:d4:74:e9:56:2a:
         3d:76:37:8e:5c:4a:e3:3b:c4:3b:5b:22:10:e4:d6:14:ff:04:
         1d:96:4a:c2:bb:00:bb:af:2e:75:7d:2d:27:1c:d3:5f:6d:38:
         93:18:0f:86:42:c0:2d:62:2c:ee:cf:41:07:b9:51:d1:8d:35:
         e2:fe:e2:be:4c:b5:8a:87:81:59:f6:e6:4e:46:f3:e9:73:8d:
         eb:ed:fb:d1:b2:84:2c:4e:28:b2:ff:4d:38:08:ac:0c:bc:34:
         e0:e8:9d:74:fc:27:36:46:02:80:31:cf:98:7c:87:66:4b:4b:
         14:65:8e:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx6JVnhJoPM23bJozfwNVsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjIwMDgyMzE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWFhNmIxODM2YWY2YTYyY2NkODg1YmZkZjI4ZWM2NDhkNzY2NzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp796WvOR81ctQosHryVhrF9KYiWX
iGBWeBDXrBaW4LfBzaZwS9z8WIoCSFGfbRYuwrB2StiGH2hKDTl1hMS7T2D4sv/O
zBHAwGdGqytLsSy++OI9J3K/IoklXJDRC8wgOjwGjrsRmg46ZWGkokRm4+b6W+09
k3tKqyYhEyvd0JpZO3eaFTCni/Hu/osIly2KG9mnAbKpcnAIaQ5sOBqlILBjCKg0
getjnEIcfttaoWecoEAQVDOV3MS0rcWRIF7qTNsufM/W9t/rBJG5YYUD57KxntYM
Lf9VF5ZCXp5BXLwO0RN6FhRDxrbUhEY6y2V4qEMX0ZkYiwVXhXHGm/CBrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFmqaxg2r2pizNiFv98o7GSNdmcxMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvV2FwckdEYXZhbUxNMklXXzN5anNaSTEyWnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzh9AwQB
HzmUMA0GCSqGSIb3DQEBCwUAA4IBAQBFBrCVNmWD54IgqY3n/mdFhEH/B8MSL/ku
Uz2jBC3FkbqpdlF4CNeXSGkDc60WNAv5BaePVisnQJUqQIkcAGvsxVdY5NnsITtx
JJFIHyb3wAgY9Q1bVAzKpQmLMXIsBuMhUAdthFyazX8WTNSPdnR5gNYXDdqjGRev
wqv256y9ZXXrftPoXI/sstOm1HTpVio9djeOXErjO8Q7WyIQ5NYU/wQdlkrCuwC7
ry51fS0nHNNfbTiTGA+GQsAtYizuz0EHuVHRjTXi/uK+TLWKh4FZ9uZORvPpc43r
7fvRsoQsTiiy/004CKwMvDTg6J10/Cc2RgKAMc+YfIdmS0sUZY52
-----END CERTIFICATE-----