Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aHwBGEuAnN3xelUK67cA08699yw.roa
File:                     aHwBGEuAnN3xelUK67cA08699yw.roa (raw, json)
Hash identifier:          xWl4hc6LXzzeqQ6JRDtAoJhxXSOt8Yy5OpYHegQ8Cpw=
Subject key identifier:   68:7C:01:18:4B:80:9C:DD:F1:7A:55:0A:EB:B7:00:D3:CE:BD:F7:2C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E743BAD44151E346A9326BE65785FA48F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aHwBGEuAnN3xelUK67cA08699yw.roa
Signing time:             Fri 29 May 2026 14:55:28 +0000
ROA not before:           Fri 29 May 2026 14:55:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34989
IP address blocks:        31.56.217.0/24 maxlen: 24
                          31.58.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:74:3b:ad:44:15:1e:34:6a:93:26:be:65:78:5f:a4:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 29 14:55:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=687c01184b809cddf17a550aebb700d3cebdf72c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9e:61:3e:fb:49:5c:b9:b9:aa:c1:88:20:45:
                    b7:50:78:7b:45:1e:67:83:22:d9:9d:9d:02:c7:6d:
                    57:d1:05:f7:8b:d8:14:ec:63:5b:0b:63:67:90:48:
                    3d:9b:86:09:31:79:60:20:14:72:a0:ad:7f:3d:41:
                    0d:0a:dd:e2:e2:99:f3:32:9f:46:07:3b:1d:7a:b7:
                    72:bb:88:c2:f2:33:3c:8a:b2:63:38:68:e3:79:d0:
                    84:82:ec:5c:0e:08:71:8e:67:55:cd:e4:e7:77:a4:
                    57:6b:9b:57:f9:9a:2d:a1:1b:d4:07:de:70:3c:78:
                    dc:b6:ec:1a:84:ea:a7:8f:c0:cc:a1:7c:bb:05:53:
                    5b:2e:47:ca:7d:9c:56:37:2c:43:fd:8c:2e:e8:bd:
                    cf:d8:bc:87:d6:a1:40:a9:72:a9:da:6b:ac:97:3b:
                    d1:37:78:36:9e:5a:e1:ab:66:3f:eb:f2:57:02:a3:
                    64:ad:04:32:b3:56:48:e4:82:f2:e0:b2:cd:2d:1b:
                    b8:73:80:62:10:36:49:bf:7c:9b:3f:52:75:f6:57:
                    0c:ac:d4:ed:ec:39:f3:eb:c5:f2:d2:b5:44:dc:86:
                    2d:15:7c:d8:31:dc:52:e0:89:4c:fd:31:fc:97:ea:
                    9c:cb:00:72:25:74:86:1e:fa:d7:8d:54:b7:dd:f8:
                    fe:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:7C:01:18:4B:80:9C:DD:F1:7A:55:0A:EB:B7:00:D3:CE:BD:F7:2C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aHwBGEuAnN3xelUK67cA08699yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.217.0/24
                  31.58.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:c8:e7:8a:45:32:80:9a:89:6f:f2:77:73:60:4f:92:b0:b9:
         e4:34:74:85:d4:bf:ab:db:f3:f7:f6:95:ac:27:6f:d0:b3:76:
         62:9a:ce:1d:bd:cb:cc:64:e4:bd:63:80:af:19:f5:ac:bc:14:
         a3:d4:78:8a:24:45:dc:c2:5c:5c:5e:09:cf:6f:3d:36:b5:69:
         3b:11:96:dc:e6:70:36:52:fb:2b:40:4f:05:55:1c:c3:b9:2d:
         7b:11:f2:51:0d:0f:54:50:96:eb:86:d8:eb:24:8d:e6:17:a5:
         73:80:28:40:a5:f3:a0:4c:70:cc:aa:9c:de:15:5b:23:50:f6:
         e4:f8:d4:33:fe:84:b1:1d:cf:64:f0:35:10:84:90:d8:08:e8:
         34:58:32:18:19:3a:fa:b8:dd:af:af:80:2b:a4:b6:68:72:1c:
         9d:1e:bb:ca:c7:c1:e4:28:3a:bf:cf:82:7d:5c:08:7e:0e:b2:
         d1:15:8f:a0:bb:0f:93:fd:ce:52:7e:94:05:36:f4:4e:f9:d0:
         14:ff:80:f2:df:67:0f:70:85:c9:28:71:8b:c0:f9:f3:0e:70:
         b2:d7:08:0d:be:94:9b:79:c3:37:21:7c:49:c2:04:88:28:f8:
         de:e4:a1:e3:19:6b:a1:85:94:88:70:88:3f:44:8b:7f:3c:07:
         64:14:7c:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ50O61EFR40apMmvmV4X6SPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTI5MTQ1NTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODdjMDExODRiODA5Y2RkZjE3YTU1MGFlYmI3MDBkM2NlYmRmNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp5hPvtJXLm5qsGIIEW3UHh7RR5n
gyLZnZ0Cx21X0QX3i9gU7GNbC2NnkEg9m4YJMXlgIBRyoK1/PUENCt3i4pnzMp9G
Bzsderdyu4jC8jM8irJjOGjjedCEguxcDghxjmdVzeTnd6RXa5tX+ZotoRvUB95w
PHjctuwahOqnj8DMoXy7BVNbLkfKfZxWNyxD/Ywu6L3P2LyH1qFAqXKp2muslzvR
N3g2nlrhq2Y/6/JXAqNkrQQys1ZI5ILy4LLNLRu4c4BiEDZJv3ybP1J19lcMrNTt
7Dnz68Xy0rVE3IYtFXzYMdxS4IlM/TH8l+qcywByJXSGHvrXjVS33fj+RwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGh8ARhLgJzd8XpVCuu3ANPOvfcsMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYUh3QkdFdUFuTjN4ZWxVSzY3Y0EwODY5OXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzjZAwQA
Hzo3MA0GCSqGSIb3DQEBCwUAA4IBAQCDyOeKRTKAmolv8ndzYE+SsLnkNHSF1L+r
2/P39pWsJ2/Qs3Zims4dvcvMZOS9Y4CvGfWsvBSj1HiKJEXcwlxcXgnPbz02tWk7
EZbc5nA2UvsrQE8FVRzDuS17EfJRDQ9UUJbrhtjrJI3mF6VzgChApfOgTHDMqpze
FVsjUPbk+NQz/oSxHc9k8DUQhJDYCOg0WDIYGTr6uN2vr4ArpLZochydHrvKx8Hk
KDq/z4J9XAh+DrLRFY+guw+T/c5SfpQFNvRO+dAU/4Dy32cPcIXJKHGLwPnzDnCy
1wgNvpSbecM3IXxJwgSIKPje5KHjGWuhhZSIcIg/RIt/PAdkFHw1
-----END CERTIFICATE-----