Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rropQUReiAqzxMizUjgNeju5SNY.roa
File:                     rropQUReiAqzxMizUjgNeju5SNY.roa (raw, json)
Hash identifier:          vTf0gz0CLCTE1PbN2b/BmPnDv/GP+n52zOwwWxfcePQ=
Subject key identifier:   AE:BA:29:41:44:5E:88:0A:B3:C4:C8:B3:52:38:0D:7A:3B:B9:48:D6
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CAAB2C4BE03FEA790966BA81A49CE3B2E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rropQUReiAqzxMizUjgNeju5SNY.roa
Signing time:             Sun 01 Mar 2026 18:39:28 +0000
ROA not before:           Sun 01 Mar 2026 18:39:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395878
IP address blocks:        31.56.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:b2:c4:be:03:fe:a7:90:96:6b:a8:1a:49:ce:3b:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  1 18:39:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aeba2941445e880ab3c4c8b352380d7a3bb948d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b4:c1:36:ca:b2:72:7a:c3:ba:49:63:4a:bf:
                    0e:63:84:ec:51:9a:9c:63:48:9f:5f:e9:a5:e2:3f:
                    f9:91:1d:3f:05:2e:9a:e6:e1:d7:4c:e5:e6:57:54:
                    af:05:ca:2b:2e:21:13:30:1e:a7:f1:ba:60:5e:9d:
                    1d:69:ba:a7:e1:5a:9c:a2:cf:64:49:1b:df:7d:00:
                    ff:8b:05:e4:7d:64:4d:3c:44:60:c3:05:79:b2:fb:
                    81:e4:db:fb:f5:8b:63:01:63:76:a9:02:ff:ea:98:
                    3a:45:5c:b2:ee:90:20:35:5e:97:19:09:2e:d7:40:
                    fb:8b:06:52:7e:ba:88:0b:cf:60:ca:c0:5f:05:fd:
                    2a:60:1d:4f:61:bf:bd:49:dc:73:1a:bb:75:e2:6b:
                    89:ac:fd:8a:5c:61:2e:fc:44:31:ac:12:c9:c8:13:
                    81:4a:41:cd:5c:51:2a:d2:15:4c:cc:a2:68:d7:7d:
                    36:bf:ff:6f:77:24:15:bc:1e:bc:e1:6a:ed:78:6f:
                    1c:b5:9d:e8:04:03:4b:13:a0:95:f6:12:bf:f5:65:
                    a7:6c:63:72:35:8a:7d:8e:02:31:ea:46:a0:d2:ca:
                    01:31:7f:5d:ce:26:01:2d:00:bb:72:06:b2:14:f9:
                    ff:95:76:ec:3c:e1:4f:cf:a6:24:06:d7:9c:13:54:
                    d4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:BA:29:41:44:5E:88:0A:B3:C4:C8:B3:52:38:0D:7A:3B:B9:48:D6
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rropQUReiAqzxMizUjgNeju5SNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:9f:ed:a9:d1:31:f2:53:36:6a:ee:a1:f2:30:eb:3a:b1:fc:
         59:5b:ef:f6:12:87:04:da:c9:ed:a4:a7:1b:6b:86:d9:95:ad:
         7b:e2:fb:68:2e:0e:bf:3c:05:04:d1:2c:83:60:49:a8:18:9a:
         15:13:0e:5c:e0:d0:a3:5f:56:a3:b9:6f:23:a7:6e:77:fc:ff:
         4c:ac:15:8e:dc:f3:0b:19:d5:40:ce:21:19:5f:9b:0e:a2:f2:
         8b:fe:45:bc:e5:29:d5:34:44:93:84:98:e8:9b:89:0b:16:a3:
         01:ca:49:d1:c6:76:6e:8d:0a:a6:50:20:b0:45:b6:18:1d:64:
         53:c4:ef:64:92:dd:6b:63:07:36:1f:c7:ab:47:f0:dd:8b:24:
         d0:68:d4:ce:15:7b:b4:23:46:7e:1b:94:1e:0e:72:1d:73:48:
         f0:a6:32:17:f7:53:02:0b:da:5d:03:40:88:59:3f:9c:28:b9:
         f0:4c:32:a1:a2:ca:62:d9:81:0c:ff:7a:af:6a:d1:97:66:1e:
         bc:47:44:e6:50:8a:e4:36:ea:02:a3:82:3f:b2:a3:d7:8d:a9:
         54:58:2b:76:2d:f6:df:45:fa:19:51:3d:62:4e:eb:f9:4d:61:
         06:52:47:04:fd:57:c4:8c:a8:96:19:91:b9:66:6f:db:55:7b:
         93:db:36:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyqssS+A/6nkJZrqBpJzjsuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzAxMTgzOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWJhMjk0MTQ0NWU4ODBhYjNjNGM4YjM1MjM4MGQ3YTNiYjk0OGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTBNsqycnrDukljSr8OY4TsUZqc
Y0ifX+ml4j/5kR0/BS6a5uHXTOXmV1SvBcorLiETMB6n8bpgXp0dabqn4Vqcos9k
SRvffQD/iwXkfWRNPERgwwV5svuB5Nv79YtjAWN2qQL/6pg6RVyy7pAgNV6XGQku
10D7iwZSfrqIC89gysBfBf0qYB1PYb+9SdxzGrt14muJrP2KXGEu/EQxrBLJyBOB
SkHNXFEq0hVMzKJo1302v/9vdyQVvB684WrteG8ctZ3oBANLE6CV9hK/9WWnbGNy
NYp9jgIx6kag0soBMX9dziYBLQC7cgayFPn/lXbsPOFPz6YkBtecE1TUqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK66KUFEXogKs8TIs1I4DXo7uUjWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcnJvcFFVUmVpQXF6eE1pelVqZ05lanU1U05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzguMA0G
CSqGSIb3DQEBCwUAA4IBAQC/n+2p0THyUzZq7qHyMOs6sfxZW+/2EocE2sntpKcb
a4bZla174vtoLg6/PAUE0SyDYEmoGJoVEw5c4NCjX1ajuW8jp253/P9MrBWO3PML
GdVAziEZX5sOovKL/kW85SnVNESThJjom4kLFqMByknRxnZujQqmUCCwRbYYHWRT
xO9kkt1rYwc2H8erR/DdiyTQaNTOFXu0I0Z+G5QeDnIdc0jwpjIX91MCC9pdA0CI
WT+cKLnwTDKhospi2YEM/3qvatGXZh68R0TmUIrkNuoCo4I/sqPXjalUWCt2Lfbf
RfoZUT1iTuv5TWEGUkcE/VfEjKiWGZG5Zm/bVXuT2zar
-----END CERTIFICATE-----