Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/sTjGyHBGoCEHEXKT-ansy1AL6JI.roa
File:                     sTjGyHBGoCEHEXKT-ansy1AL6JI.roa (raw, json)
Hash identifier:          IpzBh+yvz64D/49z8lE7Fj8lEEdqKF/3uixFmJhYl5s=
Subject key identifier:   B1:38:C6:C8:70:46:A0:21:07:11:72:93:F9:A9:EC:CB:50:0B:E8:92
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D4846FD8434AACD16DB7630442F34B399
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/sTjGyHBGoCEHEXKT-ansy1AL6JI.roa
Signing time:             Wed 01 Apr 2026 09:01:45 +0000
ROA not before:           Wed 01 Apr 2026 09:01:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213618
IP address blocks:        31.57.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:46:fd:84:34:aa:cd:16:db:76:30:44:2f:34:b3:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  1 09:01:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b138c6c87046a02107117293f9a9eccb500be892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:45:6e:ec:ac:9c:81:ee:ea:09:08:a5:a8:57:
                    e3:6f:87:26:48:79:22:3f:59:e0:9e:4f:be:6c:9c:
                    79:b6:64:0d:93:a8:ef:fd:be:84:e0:ba:58:6c:e0:
                    69:99:57:8e:71:4a:77:0f:ea:55:5d:76:83:20:2e:
                    65:3b:18:bb:0d:b9:10:40:5d:73:f7:ca:eb:e1:10:
                    a8:39:49:65:1b:14:38:0b:61:8f:7a:36:fc:bb:f5:
                    0b:c5:2d:54:13:4b:5d:17:14:01:e1:59:43:97:bb:
                    6b:c8:27:ed:d7:64:8f:ef:b8:a3:cb:9f:82:08:15:
                    ba:c0:0d:d2:f5:e5:9b:4c:1f:02:ed:a7:22:28:c8:
                    4e:10:fe:d6:b7:be:7b:de:bb:9e:d4:35:26:9a:11:
                    71:7e:39:8e:5e:3a:2d:6d:f8:18:54:06:b1:77:dc:
                    71:ed:7c:f7:19:1d:0d:9e:81:a3:29:6a:45:87:df:
                    7d:64:1c:bf:37:0e:77:e1:47:04:9b:96:51:24:c3:
                    e6:29:03:ef:23:8c:44:45:3d:83:f7:e1:86:68:91:
                    3b:f5:ea:19:95:7c:88:a1:67:73:f0:2e:b2:ea:0b:
                    c0:2f:06:cc:e9:0d:4e:ca:f6:75:97:a3:2c:df:ee:
                    3e:5b:60:89:c0:10:00:f2:14:e1:22:63:71:cf:14:
                    9a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:38:C6:C8:70:46:A0:21:07:11:72:93:F9:A9:EC:CB:50:0B:E8:92
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/sTjGyHBGoCEHEXKT-ansy1AL6JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:85:c8:be:29:b5:c3:e5:8e:80:90:50:b2:eb:6f:1c:8d:06:
         94:a7:e5:26:ff:f3:8e:bf:84:e3:a5:b2:84:23:e0:0c:e4:9a:
         e0:9c:02:09:e0:3e:bd:ad:da:b2:55:a7:e0:4a:3e:2a:27:d7:
         e9:d1:02:88:c4:aa:c7:50:56:54:75:ae:0b:da:0b:2d:5a:da:
         de:91:5a:a7:d3:d2:3d:f2:fa:45:fb:da:44:30:95:f3:e7:22:
         cc:72:53:d9:36:ae:87:ac:2c:00:67:c3:3a:3a:26:3c:02:ac:
         83:52:ce:c3:54:74:b7:64:11:f0:97:73:66:6c:88:39:3e:a4:
         b6:87:09:c8:e2:70:83:78:74:a6:aa:68:17:1c:b0:bc:9a:40:
         c7:96:17:4c:49:31:33:e4:6b:49:5a:d0:55:65:b2:e1:f8:61:
         ac:81:bf:76:3b:15:4a:ad:47:13:11:4b:20:28:03:b7:b2:a6:
         5e:3c:ac:d8:02:fd:e0:ff:15:aa:04:06:35:dc:e4:75:a0:55:
         11:16:64:43:ff:2f:49:37:69:6b:e4:5e:e7:e0:2d:b1:39:14:
         1c:87:d2:d7:78:39:98:69:da:9d:82:e1:5c:c9:1c:12:4f:51:
         47:b9:6e:ea:06:36:15:2e:d6:8c:f4:ba:41:06:04:d4:f9:71:
         1a:24:cf:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1IRv2ENKrNFtt2MEQvNLOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDAxMDkwMTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTM4YzZjODcwNDZhMDIxMDcxMTcyOTNmOWE5ZWNjYjUwMGJlODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkVu7Kycge7qCQilqFfjb4cmSHki
P1ngnk++bJx5tmQNk6jv/b6E4LpYbOBpmVeOcUp3D+pVXXaDIC5lOxi7DbkQQF1z
98rr4RCoOUllGxQ4C2GPejb8u/ULxS1UE0tdFxQB4VlDl7tryCft12SP77ijy5+C
CBW6wA3S9eWbTB8C7aciKMhOEP7Wt7573rue1DUmmhFxfjmOXjotbfgYVAaxd9xx
7Xz3GR0NnoGjKWpFh999ZBy/Nw534UcEm5ZRJMPmKQPvI4xERT2D9+GGaJE79eoZ
lXyIoWdz8C6y6gvALwbM6Q1OyvZ1l6Ms3+4+W2CJwBAA8hThImNxzxSarwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLE4xshwRqAhBxFyk/mp7MtQC+iSMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvc1RqR3lIQkdvQ0VIRVhLVC1hbnN5MUFMNkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmMMA0G
CSqGSIb3DQEBCwUAA4IBAQCjhci+KbXD5Y6AkFCy628cjQaUp+Um//OOv4TjpbKE
I+AM5JrgnAIJ4D69rdqyVafgSj4qJ9fp0QKIxKrHUFZUda4L2gstWtrekVqn09I9
8vpF+9pEMJXz5yLMclPZNq6HrCwAZ8M6OiY8AqyDUs7DVHS3ZBHwl3NmbIg5PqS2
hwnI4nCDeHSmqmgXHLC8mkDHlhdMSTEz5GtJWtBVZbLh+GGsgb92OxVKrUcTEUsg
KAO3sqZePKzYAv3g/xWqBAY13OR1oFURFmRD/y9JN2lr5F7n4C2xORQch9LXeDmY
adqdguFcyRwST1FHuW7qBjYVLtaM9LpBBgTU+XEaJM+K
-----END CERTIFICATE-----