Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nCWVOK2a30clpWFsHLZlPuNK7cc.roa
File:                     nCWVOK2a30clpWFsHLZlPuNK7cc.roa (raw, json)
Hash identifier:          IBTJ0S7uH3hvt9rUh4YE/PgXmDfURI1GG0wQUSBmaR0=
Subject key identifier:   9C:25:95:38:AD:9A:DF:47:25:A5:61:6C:1C:B6:65:3E:E3:4A:ED:C7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EAC319C5CE72E75416334272429710223
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nCWVOK2a30clpWFsHLZlPuNK7cc.roa
Signing time:             Tue 09 Jun 2026 11:43:12 +0000
ROA not before:           Tue 09 Jun 2026 11:43:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209888
IP address blocks:        31.56.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:31:9c:5c:e7:2e:75:41:63:34:27:24:29:71:02:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  9 11:43:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c259538ad9adf4725a5616c1cb6653ee34aedc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:19:26:01:66:6c:8c:f1:58:18:d2:25:20:67:
                    d5:3c:33:42:15:19:74:52:f3:8f:88:4d:9f:30:e1:
                    18:d1:a1:d9:de:de:bd:de:36:1a:13:ce:7c:ad:c8:
                    90:bd:54:05:ca:5f:68:15:8b:67:fa:30:94:53:c3:
                    5e:6e:d2:42:71:af:77:9b:2d:3d:f0:4a:8b:e4:36:
                    0b:1c:c8:23:8d:f6:19:4a:2e:0f:76:c8:76:59:33:
                    72:e4:d4:02:e2:f1:e1:66:e8:18:14:76:09:fb:f0:
                    c1:e9:b3:ce:5f:78:eb:87:f9:3f:5f:32:2e:0e:02:
                    13:68:45:d7:06:c2:53:71:90:c8:11:da:5c:1c:e0:
                    c6:9e:68:5e:e3:a8:f6:37:83:f2:ab:4c:12:82:95:
                    30:a2:e0:60:31:ff:09:ba:65:50:1b:1a:7e:de:78:
                    7a:97:dd:42:ff:67:84:41:c0:bd:52:f3:1f:6c:29:
                    a1:4a:71:5d:fd:61:6e:90:48:b1:e2:ed:66:6a:ba:
                    bc:a5:79:13:99:86:90:2b:73:58:89:e7:e4:00:3d:
                    8e:94:ed:3e:77:b7:e9:4b:47:6d:67:0d:ba:77:28:
                    3e:e2:46:04:c2:4c:44:52:3b:ba:3e:5d:6b:36:8c:
                    fa:31:3b:e4:97:b0:6c:2c:47:eb:90:91:69:3c:47:
                    85:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:25:95:38:AD:9A:DF:47:25:A5:61:6C:1C:B6:65:3E:E3:4A:ED:C7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nCWVOK2a30clpWFsHLZlPuNK7cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:04:b3:1a:93:44:86:6f:fb:b6:b4:5c:a7:30:b8:3f:e3:49:
         46:73:82:37:d0:f2:a2:f2:4d:42:bf:c4:53:70:fe:19:db:97:
         5a:9e:41:be:f4:52:33:b7:b6:bb:14:84:fa:e0:50:9f:a0:d4:
         f5:85:d8:7e:40:db:8a:49:6f:9b:eb:c7:66:29:c2:f0:8f:b8:
         b5:7b:67:2a:3e:a7:d1:12:b5:0e:b4:fc:87:ab:aa:ef:07:29:
         08:48:b7:a8:c5:30:27:4d:42:0a:58:33:66:cf:5c:fb:54:70:
         1d:5a:3f:ee:28:59:f9:6a:9e:d2:91:b6:7f:1c:e3:5c:d8:d2:
         d7:da:e1:77:96:d5:b3:45:37:1a:95:cf:42:d5:81:49:05:d0:
         a5:c7:d1:73:de:32:2d:5d:9f:23:a7:a1:51:88:63:61:12:35:
         26:f8:2b:77:27:01:0b:b9:60:6b:9c:8a:22:0c:54:c4:7e:23:
         d5:39:b4:e8:a7:0d:84:43:c4:49:05:33:52:b1:06:1a:94:64:
         87:39:88:72:6e:5c:ff:2a:c1:c3:a7:ac:f0:32:49:ce:e1:b8:
         65:1f:ea:1e:75:d4:63:0e:d6:91:40:d9:75:dc:96:5d:9f:d2:
         65:ea:eb:a9:07:a2:22:0d:19:c5:d9:f2:fa:fa:5e:60:8d:c6:
         62:fe:cd:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6sMZxc5y51QWM0JyQpcQIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA5MTE0MzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzI1OTUzOGFkOWFkZjQ3MjVhNTYxNmMxY2I2NjUzZWUzNGFlZGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhkmAWZsjPFYGNIlIGfVPDNCFRl0
UvOPiE2fMOEY0aHZ3t693jYaE858rciQvVQFyl9oFYtn+jCUU8NebtJCca93my09
8EqL5DYLHMgjjfYZSi4Pdsh2WTNy5NQC4vHhZugYFHYJ+/DB6bPOX3jrh/k/XzIu
DgITaEXXBsJTcZDIEdpcHODGnmhe46j2N4Pyq0wSgpUwouBgMf8JumVQGxp+3nh6
l91C/2eEQcC9UvMfbCmhSnFd/WFukEix4u1marq8pXkTmYaQK3NYiefkAD2OlO0+
d7fpS0dtZw26dyg+4kYEwkxEUju6Pl1rNoz6MTvkl7BsLEfrkJFpPEeFVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwllTitmt9HJaVhbBy2ZT7jSu3HMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbkNXVk9LMmEzMGNscFdGc0hMWmxQdU5LN2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzihMA0G
CSqGSIb3DQEBCwUAA4IBAQDDBLMak0SGb/u2tFynMLg/40lGc4I30PKi8k1Cv8RT
cP4Z25dankG+9FIzt7a7FIT64FCfoNT1hdh+QNuKSW+b68dmKcLwj7i1e2cqPqfR
ErUOtPyHq6rvBykISLeoxTAnTUIKWDNmz1z7VHAdWj/uKFn5ap7SkbZ/HONc2NLX
2uF3ltWzRTcalc9C1YFJBdClx9Fz3jItXZ8jp6FRiGNhEjUm+Ct3JwELuWBrnIoi
DFTEfiPVObTopw2EQ8RJBTNSsQYalGSHOYhyblz/KsHDp6zwMknO4bhlH+oeddRj
DtaRQNl13JZdn9Jl6uupB6IiDRnF2fL6+l5gjcZi/s0I
-----END CERTIFICATE-----