Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bqweymJmyJTTfcVIX3Qvg6vvkaQ.roa
File:                     bqweymJmyJTTfcVIX3Qvg6vvkaQ.roa (raw, json)
Hash identifier:          7x9I0evHOcd4dolllrIfx9lK6HaLRckf6+YH4VFUvdo=
Subject key identifier:   6E:AC:1E:CA:62:66:C8:94:D3:7D:C5:48:5F:74:2F:83:AB:EF:91:A4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E9E55EF9EDF6BF2E150E01E2F69DE666B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bqweymJmyJTTfcVIX3Qvg6vvkaQ.roa
Signing time:             Sat 06 Jun 2026 19:08:12 +0000
ROA not before:           Sat 06 Jun 2026 19:08:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402221
IP address blocks:        31.56.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9e:55:ef:9e:df:6b:f2:e1:50:e0:1e:2f:69:de:66:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  6 19:08:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6eac1eca6266c894d37dc5485f742f83abef91a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f3:8d:77:48:e2:b8:09:62:ae:80:51:85:61:
                    77:9e:71:4c:7c:07:82:34:98:18:97:c0:71:f2:0e:
                    5d:33:80:ec:ff:62:49:b3:b0:93:1b:2f:13:17:24:
                    cd:1d:50:98:2b:5f:2f:b1:24:43:29:ea:cd:fc:d0:
                    e2:64:28:3a:fd:b5:1b:2c:77:3b:2f:c1:d0:bf:cd:
                    25:95:1d:6a:a7:0d:ad:56:c0:77:d5:5d:08:fc:c0:
                    fa:a7:f0:47:8b:53:c2:1d:6a:66:20:66:a3:56:a2:
                    03:43:8d:b1:2a:4b:97:3d:a0:75:a2:6f:08:09:d3:
                    d9:e1:90:ec:0f:02:f9:fe:df:50:a1:57:a2:a3:3c:
                    2d:9e:71:f1:21:7a:7f:85:48:1d:26:43:51:9a:92:
                    94:85:74:16:c0:5a:57:d7:53:03:c6:15:31:3e:39:
                    87:6f:22:ba:25:b9:d8:f2:d0:93:5b:27:02:be:35:
                    17:30:18:b4:31:8f:30:2c:80:ed:2d:01:90:11:12:
                    be:3a:b1:15:c6:e1:27:66:85:26:f2:04:10:d1:71:
                    d3:93:5a:51:96:2f:ac:c9:48:e0:05:53:86:94:e8:
                    65:92:f6:89:be:11:e7:e9:95:ce:43:86:46:a0:71:
                    11:6b:65:41:87:a2:98:8d:84:6f:b9:cc:16:85:0e:
                    f3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:AC:1E:CA:62:66:C8:94:D3:7D:C5:48:5F:74:2F:83:AB:EF:91:A4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bqweymJmyJTTfcVIX3Qvg6vvkaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:d6:c4:4f:b7:0b:ef:b3:20:11:39:a4:71:e9:0b:ee:96:3d:
         02:f4:8a:6f:1c:8b:a8:36:ba:87:6f:90:5f:ce:3b:80:f2:3b:
         0f:5e:8e:b4:74:41:a8:24:47:09:42:60:db:21:5b:48:9f:52:
         e4:70:fe:3e:c0:62:8b:bf:5c:7c:db:ea:51:7e:e3:22:13:4f:
         9b:58:ee:c1:9d:28:30:cf:c0:36:b1:22:24:56:cb:b5:e6:a6:
         cc:74:7a:eb:95:b6:45:f5:4a:1c:69:c9:9f:09:45:74:0f:1b:
         df:b8:7c:3c:6a:40:28:df:25:7e:ea:28:f3:0c:aa:a8:48:50:
         e2:ec:59:e0:7d:8b:9a:06:6c:67:01:82:ec:64:d5:a6:4f:57:
         8d:dd:99:84:b6:2f:04:53:bd:52:ab:b7:88:b5:3f:fb:e9:04:
         9f:91:da:59:a6:a0:81:c6:f1:da:a4:0f:59:48:7d:67:c9:44:
         d8:1e:f3:7e:92:ed:de:1f:24:39:3b:55:44:32:95:54:80:0d:
         ad:65:19:54:4e:1b:1e:6a:2b:80:be:c7:03:be:f1:1b:3e:4b:
         4a:04:f8:78:6e:d3:3e:d2:b7:8d:04:e3:4b:1d:1c:c8:85:14:
         11:62:31:cc:ee:83:3a:23:b0:0d:d7:64:1c:cf:0b:18:d8:ee:
         40:2b:95:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6eVe+e32vy4VDgHi9p3mZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA2MTkwODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWFjMWVjYTYyNjZjODk0ZDM3ZGM1NDg1Zjc0MmY4M2FiZWY5MWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/ONd0jiuAliroBRhWF3nnFMfAeC
NJgYl8Bx8g5dM4Ds/2JJs7CTGy8TFyTNHVCYK18vsSRDKerN/NDiZCg6/bUbLHc7
L8HQv80llR1qpw2tVsB31V0I/MD6p/BHi1PCHWpmIGajVqIDQ42xKkuXPaB1om8I
CdPZ4ZDsDwL5/t9QoVeiozwtnnHxIXp/hUgdJkNRmpKUhXQWwFpX11MDxhUxPjmH
byK6JbnY8tCTWycCvjUXMBi0MY8wLIDtLQGQERK+OrEVxuEnZoUm8gQQ0XHTk1pR
li+syUjgBVOGlOhlkvaJvhHn6ZXOQ4ZGoHERa2VBh6KYjYRvucwWhQ7zxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6sHspiZsiU033FSF90L4Or75GkMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYnF3ZXltSm15SlRUZmNWSVgzUXZnNnZ2a2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjmMA0G
CSqGSIb3DQEBCwUAA4IBAQC/1sRPtwvvsyAROaRx6Qvulj0C9IpvHIuoNrqHb5Bf
zjuA8jsPXo60dEGoJEcJQmDbIVtIn1LkcP4+wGKLv1x82+pRfuMiE0+bWO7BnSgw
z8A2sSIkVsu15qbMdHrrlbZF9UocacmfCUV0DxvfuHw8akAo3yV+6ijzDKqoSFDi
7FngfYuaBmxnAYLsZNWmT1eN3ZmEti8EU71Sq7eItT/76QSfkdpZpqCBxvHapA9Z
SH1nyUTYHvN+ku3eHyQ5O1VEMpVUgA2tZRlUThseaiuAvscDvvEbPktKBPh4btM+
0reNBONLHRzIhRQRYjHM7oM6I7AN12QczwsY2O5AK5Xa
-----END CERTIFICATE-----