Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kwRQhJS9GRpBdtYTxznDKexyeN8.roa
File:                     kwRQhJS9GRpBdtYTxznDKexyeN8.roa (raw, json)
Hash identifier:          IiDAcTu4Wy60XsAehwkmorD8mfPZtY0l/dCK/9WYLOs=
Subject key identifier:   93:04:50:84:94:BD:19:1A:41:76:D6:13:C7:39:C3:29:EC:72:78:DF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D95348B7A2B50ECDF31755E77A047BAD1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kwRQhJS9GRpBdtYTxznDKexyeN8.roa
Signing time:             Thu 16 Apr 2026 07:32:21 +0000
ROA not before:           Thu 16 Apr 2026 07:32:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56655
IP address blocks:        31.56.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:34:8b:7a:2b:50:ec:df:31:75:5e:77:a0:47:ba:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 16 07:32:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9304508494bd191a4176d613c739c329ec7278df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:55:c4:7c:84:7e:c9:5b:c4:85:8f:73:b5:0f:
                    39:6b:ff:cb:73:e0:1d:d6:1d:f7:3c:e4:2b:4b:3b:
                    29:c9:75:38:a2:7f:f7:a3:d9:7f:cd:64:09:93:aa:
                    30:36:06:c0:06:8a:1b:b3:74:30:67:19:67:2a:c8:
                    36:cb:cf:78:5e:e2:9e:f7:78:97:da:89:d7:fe:60:
                    57:75:00:e8:30:1e:db:18:19:2c:86:f5:01:94:96:
                    ae:30:71:09:95:bd:ce:d2:5b:e7:67:d6:74:75:bc:
                    4d:15:9e:d7:9d:cb:f9:4e:52:42:46:57:93:8e:aa:
                    b8:fc:78:06:a6:f8:36:1c:fe:26:05:01:a4:9a:ff:
                    80:8f:41:45:a5:f4:d7:ad:a9:6a:4a:16:a0:99:b9:
                    e7:51:a1:e6:94:40:ca:48:69:52:25:ef:65:b4:24:
                    60:7e:53:7d:04:bb:d7:af:6f:4d:8f:0b:5f:b2:11:
                    f8:92:5e:56:0b:5e:8a:7d:41:ad:62:58:b1:2d:da:
                    03:72:e1:b6:63:05:ce:67:c2:8c:40:34:8d:86:cb:
                    22:1a:9e:44:35:74:b5:f5:c9:dc:38:6e:5a:97:66:
                    2f:a9:1d:84:1d:34:4d:15:b6:92:db:54:3f:96:d0:
                    b6:92:a2:f1:7f:54:fd:1e:07:bd:63:b0:72:30:56:
                    b4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:04:50:84:94:BD:19:1A:41:76:D6:13:C7:39:C3:29:EC:72:78:DF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kwRQhJS9GRpBdtYTxznDKexyeN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:bb:d7:0c:94:c0:d3:52:4d:49:60:ea:5b:89:43:eb:c1:95:
         7a:69:a4:1b:0f:ad:a3:9c:86:c2:63:37:c9:02:ad:b4:f7:92:
         a6:ba:4f:8c:05:48:78:31:a9:10:10:d6:47:56:88:9d:39:33:
         c5:e1:b8:df:54:c8:14:6c:5e:ef:a8:31:fd:a2:24:68:14:20:
         54:9b:11:d7:1a:98:3f:e9:53:05:c6:6f:76:7e:39:67:de:f9:
         00:2c:ab:77:ce:33:5f:e2:b1:55:6c:6b:87:de:bc:1f:f1:34:
         9f:c9:6a:99:61:65:ef:99:ab:69:81:f3:62:18:32:b9:f3:4b:
         ef:2e:93:57:4d:d5:06:5c:1e:8f:88:55:08:67:56:96:22:f8:
         e8:db:9e:9d:3b:2c:47:1b:64:7e:50:24:07:3e:78:c4:6e:bd:
         3f:e5:34:74:50:cf:d0:b0:1d:ca:ab:82:c6:27:41:5a:8a:9c:
         5f:ad:65:35:2f:51:3a:62:3b:28:96:aa:26:60:f7:ba:a0:aa:
         be:37:39:a5:07:64:70:78:07:86:51:c2:1d:b1:9b:f0:a0:69:
         58:71:1c:d4:eb:32:f6:8c:59:02:92:eb:be:1f:ff:a5:27:1d:
         41:5c:24:8a:a1:14:13:96:ac:78:a2:f0:1e:d9:83:bd:c1:27:
         3d:cf:26:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2VNIt6K1Ds3zF1XnegR7rRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDE2MDczMjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzA0NTA4NDk0YmQxOTFhNDE3NmQ2MTNjNzM5YzMyOWVjNzI3OGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFXEfIR+yVvEhY9ztQ85a//Lc+Ad
1h33POQrSzspyXU4on/3o9l/zWQJk6owNgbABoobs3QwZxlnKsg2y894XuKe93iX
2onX/mBXdQDoMB7bGBkshvUBlJauMHEJlb3O0lvnZ9Z0dbxNFZ7Xncv5TlJCRleT
jqq4/HgGpvg2HP4mBQGkmv+Aj0FFpfTXralqShagmbnnUaHmlEDKSGlSJe9ltCRg
flN9BLvXr29NjwtfshH4kl5WC16KfUGtYlixLdoDcuG2YwXOZ8KMQDSNhssiGp5E
NXS19cncOG5al2YvqR2EHTRNFbaS21Q/ltC2kqLxf1T9Hge9Y7ByMFa0xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMEUISUvRkaQXbWE8c5wynscnjfMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEva3dSUWhKUzlHUnBCZHRZVHh6bkRLZXh5ZU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjYMA0G
CSqGSIb3DQEBCwUAA4IBAQC3u9cMlMDTUk1JYOpbiUPrwZV6aaQbD62jnIbCYzfJ
Aq2095Kmuk+MBUh4MakQENZHVoidOTPF4bjfVMgUbF7vqDH9oiRoFCBUmxHXGpg/
6VMFxm92fjln3vkALKt3zjNf4rFVbGuH3rwf8TSfyWqZYWXvmatpgfNiGDK580vv
LpNXTdUGXB6PiFUIZ1aWIvjo256dOyxHG2R+UCQHPnjEbr0/5TR0UM/QsB3Kq4LG
J0FaipxfrWU1L1E6YjsolqomYPe6oKq+NzmlB2RweAeGUcIdsZvwoGlYcRzU6zL2
jFkCkuu+H/+lJx1BXCSKoRQTlqx4ovAe2YO9wSc9zyav
-----END CERTIFICATE-----