Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hfggsLp9TTY63mkNAn1T9Sk-UkM.roa
File:                     hfggsLp9TTY63mkNAn1T9Sk-UkM.roa (raw, json)
Hash identifier:          i9Pemhe6OB54byT2QSfd3U7Rzic5fVFR8xl/Psmf/cc=
Subject key identifier:   85:F8:20:B0:BA:7D:4D:36:3A:DE:69:0D:02:7D:53:F5:29:3E:52:43
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D87CB0A070F5058793FD079D001BE5F8C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hfggsLp9TTY63mkNAn1T9Sk-UkM.roa
Signing time:             Mon 13 Apr 2026 17:02:03 +0000
ROA not before:           Mon 13 Apr 2026 17:02:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199423
IP address blocks:        31.57.102.0/24 maxlen: 24
                          31.57.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:cb:0a:07:0f:50:58:79:3f:d0:79:d0:01:be:5f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 13 17:02:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85f820b0ba7d4d363ade690d027d53f5293e5243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:dc:b6:da:28:6f:b0:b5:ce:83:b3:38:b6:86:
                    d0:7c:18:16:91:b4:ab:99:c0:21:cc:9c:2e:af:6a:
                    e6:3d:62:85:13:cf:48:cf:3f:52:7e:0f:40:4b:66:
                    e9:40:a6:ca:02:71:eb:70:04:0c:6e:dc:1b:ca:6e:
                    c0:12:16:f3:44:cb:3c:79:38:ec:fa:87:2e:e6:db:
                    1b:e7:76:99:cb:0a:6b:8f:ca:ce:5d:49:94:96:39:
                    79:80:d7:a1:25:cd:73:9a:bb:69:e7:3f:1d:93:ae:
                    86:d9:4c:72:23:77:44:b3:ea:27:5d:de:7e:13:20:
                    79:ec:6c:43:92:64:3c:4c:90:3c:8b:a5:aa:67:d8:
                    8a:f7:84:26:8d:7e:1d:57:7c:82:4a:34:ab:09:b8:
                    54:a3:75:20:a7:97:e6:35:ee:4a:f9:08:40:d5:d1:
                    ea:26:9f:41:16:b5:ce:10:9a:c5:44:d0:f9:ab:cf:
                    33:b7:a5:9f:8d:91:ed:52:3e:66:46:82:da:7a:e0:
                    96:2f:40:ce:fc:74:bc:39:fb:7f:60:72:17:fb:20:
                    54:f6:1b:e7:5c:32:1c:00:44:4c:f4:a0:c3:5b:36:
                    82:d4:c4:59:9d:b9:32:6e:10:9e:2c:b7:75:1a:8a:
                    bd:5e:80:1b:0c:d1:ce:80:ea:34:56:a8:97:d7:2b:
                    53:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F8:20:B0:BA:7D:4D:36:3A:DE:69:0D:02:7D:53:F5:29:3E:52:43
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hfggsLp9TTY63mkNAn1T9Sk-UkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.102.0/24
                  31.57.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:90:27:38:5d:bc:db:4b:e6:da:a6:da:fb:7c:a9:0a:98:90:
         26:32:9a:62:17:36:b8:e2:b5:e6:16:f5:46:b8:4e:8e:75:35:
         4e:36:94:05:75:91:1c:90:00:93:16:17:75:cb:1e:34:88:fa:
         da:4f:33:67:48:a3:31:b7:83:a1:1f:f4:ea:88:70:67:b0:8f:
         7a:5f:26:f2:10:05:71:aa:d0:db:7b:4f:d6:8b:49:7e:c6:8a:
         0e:17:ab:6b:04:51:5b:c2:8e:a6:6a:3f:88:aa:06:a0:57:72:
         a6:27:01:eb:57:28:2d:62:3a:ca:ac:4c:ca:98:92:7b:7d:98:
         f0:2b:55:aa:c2:94:a2:9a:82:1d:f6:9e:52:31:e0:66:37:a8:
         52:bc:51:f4:59:93:db:f5:9c:ac:8a:6d:0f:46:1b:29:7b:4e:
         77:8c:ce:af:f7:08:29:db:d1:5d:58:98:de:41:32:f5:40:15:
         4f:82:62:ff:94:1e:86:27:3b:6c:ea:c5:aa:fa:2a:a6:d1:36:
         64:f5:73:0d:4c:34:b8:31:1f:84:ac:be:9a:23:42:f7:9a:b7:
         ff:65:d6:1e:a6:3e:40:16:a7:67:60:30:19:24:f5:50:81:3c:
         b9:af:38:e6:ab:24:0d:fd:ee:13:de:21:4a:16:98:c2:88:27:
         af:ac:0b:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2HywoHD1BYeT/QedABvl+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDEzMTcwMjAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWY4MjBiMGJhN2Q0ZDM2M2FkZTY5MGQwMjdkNTNmNTI5M2U1MjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArty22ihvsLXOg7M4tobQfBgWkbSr
mcAhzJwur2rmPWKFE89Izz9Sfg9AS2bpQKbKAnHrcAQMbtwbym7AEhbzRMs8eTjs
+ocu5tsb53aZywprj8rOXUmUljl5gNehJc1zmrtp5z8dk66G2UxyI3dEs+onXd5+
EyB57GxDkmQ8TJA8i6WqZ9iK94QmjX4dV3yCSjSrCbhUo3Ugp5fmNe5K+QhA1dHq
Jp9BFrXOEJrFRND5q88zt6WfjZHtUj5mRoLaeuCWL0DO/HS8Oft/YHIX+yBU9hvn
XDIcAERM9KDDWzaC1MRZnbkybhCeLLd1Goq9XoAbDNHOgOo0VqiX1ytTfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIX4ILC6fU02Ot5pDQJ9U/UpPlJDMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaGZnZ3NMcDlUVFk2M21rTkFuMVQ5U2stVWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzlmAwQA
Hzm/MA0GCSqGSIb3DQEBCwUAA4IBAQAOkCc4XbzbS+baptr7fKkKmJAmMppiFza4
4rXmFvVGuE6OdTVONpQFdZEckACTFhd1yx40iPraTzNnSKMxt4OhH/TqiHBnsI96
XybyEAVxqtDbe0/Wi0l+xooOF6trBFFbwo6maj+IqgagV3KmJwHrVygtYjrKrEzK
mJJ7fZjwK1WqwpSimoId9p5SMeBmN6hSvFH0WZPb9Zysim0PRhspe053jM6v9wgp
29FdWJjeQTL1QBVPgmL/lB6GJzts6sWq+iqm0TZk9XMNTDS4MR+ErL6aI0L3mrf/
ZdYepj5AFqdnYDAZJPVQgTy5rzjmqyQN/e4T3iFKFpjCiCevrAsL
-----END CERTIFICATE-----