Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fBxU3MsqCtU0xGlK9KV_yNLKAv0.roa
File:                     fBxU3MsqCtU0xGlK9KV_yNLKAv0.roa (raw, json)
Hash identifier:          or3vZm9BnON8vw4nQt15HletLWHB8UGmnaVAKgMe7uw=
Subject key identifier:   7C:1C:54:DC:CB:2A:0A:D5:34:C4:69:4A:F4:A5:7F:C8:D2:CA:02:FD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E891B9DEA7451C3B419B6B64B60FCF58C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fBxU3MsqCtU0xGlK9KV_yNLKAv0.roa
Signing time:             Tue 02 Jun 2026 16:12:28 +0000
ROA not before:           Tue 02 Jun 2026 16:12:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        31.57.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:89:1b:9d:ea:74:51:c3:b4:19:b6:b6:4b:60:fc:f5:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  2 16:12:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c1c54dccb2a0ad534c4694af4a57fc8d2ca02fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ca:08:48:44:76:17:df:70:0a:35:e5:75:e5:
                    7a:f1:8a:df:4c:45:9b:5a:50:92:55:0b:39:9c:f8:
                    0a:39:fc:95:6c:53:6d:ef:ce:a6:8f:89:a0:84:d7:
                    ab:82:9b:f4:40:6d:2e:88:7b:12:79:22:41:50:55:
                    86:38:d3:95:f6:ae:d4:85:f4:9f:20:da:c6:0b:56:
                    38:7d:6e:eb:54:eb:2d:a6:96:eb:d8:27:43:45:74:
                    ba:56:44:7b:a0:39:7f:92:59:1e:79:0d:30:dd:c0:
                    3e:3f:c8:1e:17:23:db:81:89:ce:52:22:3e:d4:8e:
                    78:4a:df:93:14:6b:e7:f1:89:10:ad:e4:3b:86:3a:
                    f4:81:60:ad:e4:2f:36:27:56:ba:4a:22:0b:bc:c9:
                    ec:26:15:51:49:d3:34:41:16:7e:ab:8b:89:ba:a7:
                    cd:89:2b:a6:d9:6c:e9:8e:7a:3e:b6:cc:ef:1c:2b:
                    5f:aa:6e:57:d0:c7:47:6d:88:07:ef:86:44:b8:0b:
                    f8:2a:4a:53:ee:fb:da:a2:23:fb:aa:43:ea:49:59:
                    99:76:cd:32:50:c0:dd:55:1d:d5:e5:52:c1:b6:d6:
                    99:9e:b9:e2:78:a5:8b:3f:98:eb:7b:af:6f:16:84:
                    f2:36:0a:65:a6:4c:41:7d:b8:cc:53:3b:3e:2d:62:
                    4a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:1C:54:DC:CB:2A:0A:D5:34:C4:69:4A:F4:A5:7F:C8:D2:CA:02:FD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fBxU3MsqCtU0xGlK9KV_yNLKAv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:50:84:e0:46:20:6f:03:23:38:63:90:6c:80:c4:8d:dc:39:
         32:9a:23:bb:05:5a:be:d9:6e:10:2a:a1:a7:5b:fa:f9:c9:c5:
         38:f7:b8:98:c2:6b:a6:c0:7f:87:91:b2:63:b2:10:13:c8:3a:
         e9:82:ff:f1:4c:07:a8:e5:60:97:74:1c:9e:1d:59:c4:28:68:
         19:20:35:ed:0a:99:57:ba:15:94:14:e3:61:4a:32:66:4b:ed:
         a5:e6:8c:a2:2f:fa:79:1d:6d:20:a2:40:fd:94:65:5a:66:e7:
         48:1a:d6:a9:bd:16:a4:26:c8:0a:ad:28:54:fa:2b:ce:fc:3c:
         e3:9a:5e:9e:cc:7b:9f:45:ac:24:13:f5:43:bb:32:0f:60:22:
         52:b4:2d:06:de:ee:3a:0b:3b:84:f8:fa:df:40:f0:18:23:d8:
         22:80:18:17:e5:f4:24:3c:14:ef:a9:d0:50:bc:89:1a:9c:73:
         1d:45:89:01:37:42:33:47:19:a5:78:b7:9b:1f:e0:23:04:4b:
         39:6f:ca:f1:f8:19:ee:95:6a:7f:db:d0:b5:a8:c9:93:7c:0d:
         03:f6:a9:81:7b:06:94:aa:88:7c:48:d0:f3:0f:f9:90:14:7f:
         be:0b:d9:c5:fa:67:f6:9c:88:43:03:c7:0c:6d:2d:85:1c:1a:
         9f:01:4b:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6JG53qdFHDtBm2tktg/PWMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjAyMTYxMjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzFjNTRkY2NiMmEwYWQ1MzRjNDY5NGFmNGE1N2ZjOGQyY2EwMmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcoISER2F99wCjXldeV68YrfTEWb
WlCSVQs5nPgKOfyVbFNt786mj4mghNergpv0QG0uiHsSeSJBUFWGONOV9q7UhfSf
INrGC1Y4fW7rVOstppbr2CdDRXS6VkR7oDl/klkeeQ0w3cA+P8geFyPbgYnOUiI+
1I54St+TFGvn8YkQreQ7hjr0gWCt5C82J1a6SiILvMnsJhVRSdM0QRZ+q4uJuqfN
iSum2Wzpjno+tszvHCtfqm5X0MdHbYgH74ZEuAv4KkpT7vvaoiP7qkPqSVmZds0y
UMDdVR3V5VLBttaZnrnieKWLP5jre69vFoTyNgplpkxBfbjMUzs+LWJK0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwcVNzLKgrVNMRpSvSlf8jSygL9MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZkJ4VTNNc3FDdFUweEdsSzlLVl95TkxLQXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznuMA0G
CSqGSIb3DQEBCwUAA4IBAQCGUITgRiBvAyM4Y5BsgMSN3DkymiO7BVq+2W4QKqGn
W/r5ycU497iYwmumwH+HkbJjshATyDrpgv/xTAeo5WCXdByeHVnEKGgZIDXtCplX
uhWUFONhSjJmS+2l5oyiL/p5HW0gokD9lGVaZudIGtapvRakJsgKrShU+ivO/Dzj
ml6ezHufRawkE/VDuzIPYCJStC0G3u46CzuE+PrfQPAYI9gigBgX5fQkPBTvqdBQ
vIkanHMdRYkBN0IzRxmleLebH+AjBEs5b8rx+BnulWp/29C1qMmTfA0D9qmBewaU
qoh8SNDzD/mQFH++C9nF+mf2nIhDA8cMbS2FHBqfAUuZ
-----END CERTIFICATE-----