Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/njFm7fr58RAKp3RAGXd8YuawE98.roa
File:                     njFm7fr58RAKp3RAGXd8YuawE98.roa (raw, json)
Hash identifier:          amXy9Gmw8bbTrpSma58MDa8RXRfSTqslSt+h7BqN/b4=
Subject key identifier:   9E:31:66:ED:FA:F9:F1:10:0A:A7:74:40:19:77:7C:62:E6:B0:13:DF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C8AE23C1BD92751A7B3E083A973ABA644
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/njFm7fr58RAKp3RAGXd8YuawE98.roa
Signing time:             Mon 23 Feb 2026 14:23:28 +0000
ROA not before:           Mon 23 Feb 2026 14:23:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36680
IP address blocks:        31.57.184.0/24 maxlen: 24
                          31.57.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:38:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:e2:3c:1b:d9:27:51:a7:b3:e0:83:a9:73:ab:a6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 23 14:23:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e3166edfaf9f1100aa7744019777c62e6b013df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:81:5e:93:7e:aa:8f:7f:b6:f7:0d:6d:dd:fe:
                    d9:c1:76:a7:32:9f:0b:9f:18:af:11:e1:91:08:04:
                    f9:06:b3:9e:7a:bd:20:00:6d:10:cd:53:46:d9:0d:
                    a3:ec:ec:02:19:b5:1a:da:7c:78:28:e3:e9:f2:74:
                    95:69:cc:62:65:13:04:41:94:7b:c9:56:ec:56:0b:
                    99:83:0e:dd:a3:09:20:23:8d:c2:62:5d:43:01:51:
                    70:a4:f3:52:21:74:dd:54:7f:b1:60:12:7c:b5:b4:
                    3e:f6:20:38:41:0e:58:b6:eb:16:c5:1d:4a:6b:c9:
                    c5:6a:25:54:7e:7c:14:82:55:ed:8e:ed:cc:8b:1e:
                    b2:70:b0:6b:0c:3b:89:1a:f1:78:b6:68:1f:5e:2c:
                    fb:00:5d:c4:20:94:fd:d9:63:8b:23:b3:27:17:0a:
                    d9:58:a7:4f:94:4c:4b:8b:29:e7:b6:b2:05:0e:ab:
                    67:41:8d:6f:27:85:4a:74:40:63:d6:13:0d:92:e6:
                    22:69:0f:95:f3:58:f2:e4:fa:fb:77:95:e4:35:a3:
                    b2:f4:5e:05:94:4a:94:54:fd:fd:f4:42:88:03:c2:
                    ee:43:91:11:c2:53:da:b2:7e:eb:b8:73:b7:90:7d:
                    9c:fc:be:6d:23:85:b9:09:7f:c9:1c:61:1c:5f:c8:
                    4b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:31:66:ED:FA:F9:F1:10:0A:A7:74:40:19:77:7C:62:E6:B0:13:DF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/njFm7fr58RAKp3RAGXd8YuawE98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.184.0/24
                  31.57.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:3c:57:91:d7:90:b1:88:84:0b:c5:cf:29:3c:b4:7e:08:c6:
         8d:a3:4b:e4:58:21:ba:dc:aa:f7:fd:d6:43:c2:cf:a0:1f:1c:
         8f:d8:3e:6b:fd:86:62:f8:2d:a9:4a:4b:06:26:18:cd:b4:31:
         91:de:ff:ab:71:fb:7a:3c:ef:e0:f5:f1:a7:25:c1:fc:50:2e:
         84:12:ae:3d:bc:39:09:b2:43:85:68:f7:33:f4:4e:32:9b:dc:
         03:0b:c0:e7:bc:29:8f:9a:5b:78:9b:f8:13:b2:4b:c4:bf:0a:
         10:4f:97:65:51:cb:f5:34:c1:1e:49:a4:07:ed:3f:13:97:07:
         99:7e:41:fe:d6:c7:8a:30:76:29:0c:5d:27:ea:01:9c:e1:dc:
         fd:cd:cf:a4:5d:d6:ac:0c:19:95:e9:c5:2e:79:98:c7:37:bc:
         40:d3:56:49:5b:df:9f:3c:65:6d:de:96:53:18:af:82:30:c3:
         73:4d:8c:ec:88:38:7a:88:f7:76:4a:bc:f2:67:fe:0e:75:63:
         9e:27:a9:69:44:06:3a:e0:eb:e0:c1:a2:64:c5:cc:11:80:3e:
         28:dc:c2:da:50:61:b0:96:62:e9:b4:6d:0a:37:89:aa:3b:a7:
         03:35:e5:36:22:f5:68:36:8c:fb:0d:71:b5:01:c7:18:fb:3f:
         4d:86:80:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyK4jwb2SdRp7Pgg6lzq6ZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjIzMTQyMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTMxNjZlZGZhZjlmMTEwMGFhNzc0NDAxOTc3N2M2MmU2YjAxM2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4Fek36qj3+29w1t3f7ZwXanMp8L
nxivEeGRCAT5BrOeer0gAG0QzVNG2Q2j7OwCGbUa2nx4KOPp8nSVacxiZRMEQZR7
yVbsVguZgw7dowkgI43CYl1DAVFwpPNSIXTdVH+xYBJ8tbQ+9iA4QQ5YtusWxR1K
a8nFaiVUfnwUglXtju3Mix6ycLBrDDuJGvF4tmgfXiz7AF3EIJT92WOLI7MnFwrZ
WKdPlExLiynntrIFDqtnQY1vJ4VKdEBj1hMNkuYiaQ+V81jy5Pr7d5XkNaOy9F4F
lEqUVP399EKIA8LuQ5ERwlPasn7ruHO3kH2c/L5tI4W5CX/JHGEcX8hLAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ4xZu36+fEQCqd0QBl3fGLmsBPfMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbmpGbTdmcjU4UkFLcDNSQUdYZDhZdWF3RTk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzm4AwQA
HznYMA0GCSqGSIb3DQEBCwUAA4IBAQCcPFeR15CxiIQLxc8pPLR+CMaNo0vkWCG6
3Kr3/dZDws+gHxyP2D5r/YZi+C2pSksGJhjNtDGR3v+rcft6PO/g9fGnJcH8UC6E
Eq49vDkJskOFaPcz9E4ym9wDC8DnvCmPmlt4m/gTskvEvwoQT5dlUcv1NMEeSaQH
7T8TlweZfkH+1seKMHYpDF0n6gGc4dz9zc+kXdasDBmV6cUueZjHN7xA01ZJW9+f
PGVt3pZTGK+CMMNzTYzsiDh6iPd2SrzyZ/4OdWOeJ6lpRAY64OvgwaJkxcwRgD4o
3MLaUGGwlmLptG0KN4mqO6cDNeU2IvVoNoz7DXG1AccY+z9NhoBs
-----END CERTIFICATE-----