Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uyV61c2Kl2nVyF2Rg3G8lwMv7b8.roa
File:                     uyV61c2Kl2nVyF2Rg3G8lwMv7b8.roa (raw, json)
Hash identifier:          PukZUHXzqxRxR/+WrQPXx/JmBqSg1XXzRKEnVeYGF8g=
Subject key identifier:   BB:25:7A:D5:CD:8A:97:69:D5:C8:5D:91:83:71:BC:97:03:2F:ED:BF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E83109F57561E2246AFEB1493F12038A0
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uyV61c2Kl2nVyF2Rg3G8lwMv7b8.roa
Signing time:             Mon 01 Jun 2026 12:02:45 +0000
ROA not before:           Mon 01 Jun 2026 12:02:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        31.58.100.0/22 maxlen: 24
                          31.59.29.0/24 maxlen: 24
                          31.59.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:10:9f:57:56:1e:22:46:af:eb:14:93:f1:20:38:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  1 12:02:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb257ad5cd8a9769d5c85d918371bc97032fedbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d3:f8:cc:4e:bc:02:5a:28:3d:20:fe:3b:d1:
                    1e:42:08:e9:99:a6:88:ff:43:05:65:83:75:21:bf:
                    4e:c9:24:88:92:76:49:91:f9:3f:85:90:dc:49:3e:
                    b0:cf:a9:37:8a:47:29:1a:28:f1:d3:07:9b:ab:99:
                    75:fd:89:d0:69:32:57:94:cb:97:bb:03:89:76:be:
                    72:8e:44:9f:0e:5c:a9:7c:db:c4:e1:15:b2:1c:e0:
                    e7:2a:fe:92:f6:d4:1b:80:23:95:64:ba:38:a5:75:
                    ac:52:2b:53:c9:b6:9e:76:8d:19:7b:64:90:50:62:
                    48:5b:ef:d6:52:80:27:26:78:0e:e1:b5:c6:75:0e:
                    fd:11:0e:88:2a:75:ce:0d:7e:fd:05:49:0e:21:52:
                    b0:65:24:fc:b1:16:0b:6e:8f:3b:9d:25:c0:f6:23:
                    4b:ca:e1:68:d4:e1:12:15:ca:e9:ba:a7:6f:e8:9d:
                    7a:ad:10:96:2a:9a:f4:a1:a0:1a:56:b4:f4:c4:93:
                    b3:15:8b:3f:77:8d:7c:15:e4:e1:09:91:ec:5e:f6:
                    3f:3a:8a:21:6c:93:df:b9:9c:bf:24:b1:f1:04:9b:
                    11:53:c0:91:24:eb:83:e1:53:0c:64:12:28:68:ef:
                    81:34:86:58:31:ab:9b:12:b0:5f:51:84:19:18:52:
                    11:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:25:7A:D5:CD:8A:97:69:D5:C8:5D:91:83:71:BC:97:03:2F:ED:BF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uyV61c2Kl2nVyF2Rg3G8lwMv7b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.100.0/22
                  31.59.29.0/24
                  31.59.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:df:a8:48:6c:0a:f3:25:c2:5d:7d:a9:f6:b1:08:5a:fd:b9:
         ab:1d:d8:e6:f7:4d:2f:81:00:24:e8:b8:51:c3:ae:b5:a2:34:
         1d:48:26:d0:f6:54:1a:ce:02:9a:e0:49:b0:1d:ef:ab:36:d9:
         ff:3e:1d:50:87:e9:05:ab:c4:2e:bd:20:3d:7e:dc:8c:05:1a:
         37:fe:6c:a6:56:07:62:72:65:c8:9e:55:a0:9f:a3:2d:b8:bc:
         0d:cb:d7:f2:b7:be:49:7a:0c:dd:32:9d:51:fd:e3:4d:16:3f:
         b5:bd:5f:f2:ec:d2:70:29:1a:1f:2b:7c:47:95:bf:1c:4d:d1:
         ae:b8:11:b3:a0:a2:6c:c2:41:28:b2:02:c5:c3:27:70:b5:e4:
         82:7d:5e:1d:fd:06:b9:e3:18:2e:9a:3c:3e:12:8a:ca:76:b1:
         25:50:d8:b2:8c:07:de:0d:4c:a1:ba:f5:62:61:84:3d:c3:a9:
         67:9d:d7:c0:a6:65:f7:38:27:6c:d6:7e:26:23:4f:47:a3:34:
         ba:39:9c:4f:0b:94:60:7b:29:77:2d:14:9c:2f:17:86:fc:32:
         7a:81:75:21:28:b1:37:35:d8:f6:44:7d:66:11:50:e4:3d:27:
         d1:39:9a:58:2c:4a:b4:02:47:94:1e:a4:97:94:71:e4:8d:64:
         b5:3f:15:a9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6DEJ9XVh4iRq/rFJPxIDigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjAxMTIwMjQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjI1N2FkNWNkOGE5NzY5ZDVjODVkOTE4MzcxYmM5NzAzMmZlZGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdP4zE68AlooPSD+O9EeQgjpmaaI
/0MFZYN1Ib9OySSIknZJkfk/hZDcST6wz6k3ikcpGijx0webq5l1/YnQaTJXlMuX
uwOJdr5yjkSfDlypfNvE4RWyHODnKv6S9tQbgCOVZLo4pXWsUitTybaedo0Ze2SQ
UGJIW+/WUoAnJngO4bXGdQ79EQ6IKnXODX79BUkOIVKwZST8sRYLbo87nSXA9iNL
yuFo1OESFcrpuqdv6J16rRCWKpr0oaAaVrT0xJOzFYs/d418FeThCZHsXvY/Oooh
bJPfuZy/JLHxBJsRU8CRJOuD4VMMZBIoaO+BNIZYMaubErBfUYQZGFIREwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLsletXNipdp1chdkYNxvJcDL+2/MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdXlWNjFjMktsMm5WeUYyUmczRzhsd012N2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCHzpkAwQA
HzsdAwQAHzsiMA0GCSqGSIb3DQEBCwUAA4IBAQCI36hIbArzJcJdfan2sQha/bmr
Hdjm900vgQAk6LhRw661ojQdSCbQ9lQazgKa4EmwHe+rNtn/Ph1Qh+kFq8QuvSA9
ftyMBRo3/mymVgdicmXInlWgn6MtuLwNy9fyt75JegzdMp1R/eNNFj+1vV/y7NJw
KRofK3xHlb8cTdGuuBGzoKJswkEosgLFwydwteSCfV4d/Qa54xgumjw+EorKdrEl
UNiyjAfeDUyhuvViYYQ9w6lnndfApmX3OCds1n4mI09HozS6OZxPC5Rgeyl3LRSc
LxeG/DJ6gXUhKLE3Ndj2RH1mEVDkPSfROZpYLEq0AkeUHqSXlHHkjWS1PxWp
-----END CERTIFICATE-----