Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_SNyj_VXZGE31b46flhusV6OjlE.roa
File:                     _SNyj_VXZGE31b46flhusV6OjlE.roa (raw, json)
Hash identifier:          NKbAMX4FnGd2yvhqkzwZ0JcNhnRQcW+9LkGAUOU5+NI=
Subject key identifier:   FD:23:72:8F:F5:57:64:61:37:D5:BE:3A:7E:58:6E:B1:5E:8E:8E:51
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E9E56D685C02084031E3C2C2632A68D6E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_SNyj_VXZGE31b46flhusV6OjlE.roa
Signing time:             Sat 06 Jun 2026 19:09:11 +0000
ROA not before:           Sat 06 Jun 2026 19:09:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402507
IP address blocks:        31.57.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 07:44:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9e:56:d6:85:c0:20:84:03:1e:3c:2c:26:32:a6:8d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  6 19:09:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd23728ff557646137d5be3a7e586eb15e8e8e51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:61:fd:dc:52:de:cd:da:1b:fa:8b:e7:58:86:
                    30:8d:cd:f7:62:3f:f5:b8:b7:3c:e6:87:93:75:c6:
                    37:1a:05:9b:91:ed:f1:bc:06:42:1c:41:dc:08:9b:
                    ce:86:6a:d7:8d:41:6a:5f:31:c7:bb:2e:ea:27:c2:
                    c1:84:29:4c:40:31:a5:d6:80:84:d5:91:38:c0:81:
                    99:df:30:be:be:df:c5:bc:4c:44:c0:c4:77:40:89:
                    74:8e:8d:87:8e:22:d9:97:81:68:3d:c7:ef:80:e9:
                    52:2e:24:6b:09:0c:56:11:61:67:72:b4:74:3a:88:
                    f2:92:0b:83:f3:9f:14:b4:03:15:32:4c:c1:65:10:
                    b9:2f:ff:a9:78:82:82:51:f3:2b:62:a4:32:24:b7:
                    83:89:c2:6e:a0:7f:26:da:72:b8:e1:fe:f8:52:7d:
                    f8:f8:90:11:9a:38:ea:22:05:17:11:4e:ce:0b:aa:
                    b1:8a:ee:da:3b:30:23:b3:05:21:2a:cb:93:3f:91:
                    5f:1e:5d:a5:d0:87:60:17:dc:6e:32:0e:2d:b1:60:
                    1b:ae:04:2a:7f:7e:3c:56:8c:de:66:c8:82:c9:8c:
                    13:54:6b:e6:18:ab:ac:7f:82:97:b6:b0:4a:7d:f8:
                    86:9a:a0:a6:b6:4a:f1:8b:ea:d3:be:31:ab:7d:26:
                    46:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:23:72:8F:F5:57:64:61:37:D5:BE:3A:7E:58:6E:B1:5E:8E:8E:51
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_SNyj_VXZGE31b46flhusV6OjlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:a3:33:bf:1a:90:3e:d6:62:6c:f6:76:a7:76:c4:00:16:a0:
         70:cc:35:41:c6:00:90:00:1a:0f:ae:3a:dc:08:a5:3a:ae:c7:
         ca:ee:b9:c0:bb:47:22:2b:d7:59:2f:20:e2:1c:a2:2a:57:0c:
         8d:4b:a2:53:f1:d5:75:e8:d1:f0:c6:5e:72:26:36:5a:9b:fe:
         28:be:6f:58:9a:e9:c5:37:15:c4:61:6e:18:6c:75:a2:70:a7:
         a1:80:74:01:83:cc:eb:78:43:59:76:a4:d3:20:02:c9:08:d8:
         4f:59:1c:50:b5:a3:7c:f9:86:e7:c5:7c:e1:ba:c9:28:a5:ca:
         a9:48:c4:77:b1:dd:c4:e1:a6:7d:7f:7c:78:5e:56:67:d8:15:
         2f:0d:97:e5:9e:cc:a3:87:60:7b:32:24:0a:e9:9d:25:22:71:
         c9:b5:ec:14:2d:28:fa:3e:86:7b:92:8d:f2:3b:46:32:36:3d:
         72:79:58:9e:8e:2a:c1:8e:c8:2c:e2:77:40:10:7e:37:c1:9e:
         a5:95:67:a6:d9:3e:79:7e:37:08:21:7d:ac:db:66:f0:8f:0a:
         9f:fc:bf:ec:6c:66:d7:55:fb:55:e8:cc:87:29:00:80:a3:94:
         1b:89:e7:74:59:d7:a4:8c:4d:a5:ef:bc:fc:13:10:77:8d:8e:
         10:ec:73:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6eVtaFwCCEAx48LCYypo1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA2MTkwOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDIzNzI4ZmY1NTc2NDYxMzdkNWJlM2E3ZTU4NmViMTVlOGU4ZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGH93FLezdob+ovnWIYwjc33Yj/1
uLc85oeTdcY3GgWbke3xvAZCHEHcCJvOhmrXjUFqXzHHuy7qJ8LBhClMQDGl1oCE
1ZE4wIGZ3zC+vt/FvExEwMR3QIl0jo2HjiLZl4FoPcfvgOlSLiRrCQxWEWFncrR0
OojykguD858UtAMVMkzBZRC5L/+peIKCUfMrYqQyJLeDicJuoH8m2nK44f74Un34
+JARmjjqIgUXEU7OC6qxiu7aOzAjswUhKsuTP5FfHl2l0IdgF9xuMg4tsWAbrgQq
f348VozeZsiCyYwTVGvmGKusf4KXtrBKffiGmqCmtkrxi+rTvjGrfSZGTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0jco/1V2RhN9W+On5YbrFejo5RMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvX1NOeWpfVlhaR0UzMWI0NmZsaHVzVjZPamxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzlmMA0G
CSqGSIb3DQEBCwUAA4IBAQByozO/GpA+1mJs9nandsQAFqBwzDVBxgCQABoPrjrc
CKU6rsfK7rnAu0ciK9dZLyDiHKIqVwyNS6JT8dV16NHwxl5yJjZam/4ovm9YmunF
NxXEYW4YbHWicKehgHQBg8zreENZdqTTIALJCNhPWRxQtaN8+YbnxXzhuskopcqp
SMR3sd3E4aZ9f3x4XlZn2BUvDZflnsyjh2B7MiQK6Z0lInHJtewULSj6PoZ7ko3y
O0YyNj1yeViejirBjsgs4ndAEH43wZ6llWem2T55fjcIIX2s22bwjwqf/L/sbGbX
VftV6MyHKQCAo5Qbied0WdekjE2l77z8ExB3jY4Q7HPB
-----END CERTIFICATE-----