Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vLi6UbEB9hOQY3HFM42Gysl9Hvc.roa
File:                     vLi6UbEB9hOQY3HFM42Gysl9Hvc.roa (raw, json)
Hash identifier:          e2ybrhBeJ9Pr6ag6MAaZB68kEgyLcYtJFakm0f4qLQI=
Subject key identifier:   BC:B8:BA:51:B1:01:F6:13:90:63:71:C5:33:8D:86:CA:C9:7D:1E:F7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EA1EE082A799958B21FAA9950EFF270A2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vLi6UbEB9hOQY3HFM42Gysl9Hvc.roa
Signing time:             Sun 07 Jun 2026 11:53:11 +0000
ROA not before:           Sun 07 Jun 2026 11:53:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203113
IP address blocks:        31.56.100.0/24 maxlen: 24
                          31.59.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a1:ee:08:2a:79:99:58:b2:1f:aa:99:50:ef:f2:70:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  7 11:53:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bcb8ba51b101f613906371c5338d86cac97d1ef7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e5:f3:ce:7f:9e:e0:c1:eb:3c:a3:90:e5:a9:
                    0a:84:71:2b:da:91:48:64:74:90:9d:36:d4:33:13:
                    b5:54:06:78:81:5a:40:9e:47:1e:18:67:e2:2d:c5:
                    24:57:3e:1c:f2:95:7a:04:59:bf:b5:85:df:6b:95:
                    f3:34:ea:a7:6f:2b:53:5c:72:e2:98:5a:a2:0f:18:
                    4f:c4:9c:d7:67:c8:4d:51:4b:a0:f0:d6:df:93:d2:
                    66:20:07:6d:aa:db:97:5f:03:9a:fb:3b:62:90:2f:
                    b9:53:f7:00:e4:56:1d:b8:49:31:f5:d7:8e:67:90:
                    89:5f:66:10:bf:f7:8a:89:1d:c7:49:fe:89:a8:3a:
                    9b:97:d5:48:16:29:1d:b6:11:82:fb:a8:53:63:7b:
                    30:6c:8a:b6:bb:40:2f:12:cf:e9:35:9d:3b:04:49:
                    ab:5e:73:34:a2:7e:6e:3f:05:a3:0c:95:77:c2:6c:
                    8f:fa:84:97:46:26:26:2a:b8:68:c0:e4:0c:4f:63:
                    de:e1:80:45:83:48:73:6e:21:39:89:9c:59:86:49:
                    c3:e7:bb:2a:18:d1:f2:0a:8f:67:1b:b4:ba:21:00:
                    bb:4f:78:9b:c9:ca:70:c7:13:65:b3:1c:78:ba:0f:
                    66:c6:64:b5:ed:e0:c2:e5:5c:98:49:a0:40:20:9e:
                    18:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B8:BA:51:B1:01:F6:13:90:63:71:C5:33:8D:86:CA:C9:7D:1E:F7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vLi6UbEB9hOQY3HFM42Gysl9Hvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.100.0/24
                  31.59.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:89:e7:fe:9b:43:13:02:4f:c6:07:4c:a7:a6:07:97:a7:2f:
         8d:04:36:bb:71:6a:78:3b:30:c6:a0:7b:f8:5a:8f:1a:c3:f8:
         3d:e7:ec:bb:92:38:c5:7e:14:b0:f4:06:ea:09:b3:2e:73:ec:
         f8:f7:78:43:5f:4e:59:50:e0:66:e5:c6:e5:23:93:50:f8:46:
         7f:7b:7b:c8:0d:04:10:58:0a:2c:6a:90:6a:cd:85:b5:16:14:
         98:cc:0e:6e:9b:e1:a9:9c:81:5b:e6:f2:43:cb:43:a8:58:0e:
         44:b5:ef:87:4b:bf:2c:29:c9:b0:d1:89:81:5f:93:18:b8:d6:
         e4:95:bd:87:6e:de:7d:67:8e:9f:3c:6f:e5:76:96:6d:d5:e0:
         f7:3c:4c:19:a4:31:16:e2:7d:95:55:73:31:0e:10:94:75:fa:
         b4:bf:54:d3:ed:e3:fb:dd:69:22:c6:9a:1c:fb:f4:72:97:d4:
         58:ae:36:41:7e:3f:1f:04:46:7f:b5:f2:5c:ee:ac:f5:46:4c:
         1d:0d:ec:66:3e:82:a0:ed:f8:79:61:7f:48:48:05:c3:86:ff:
         83:ea:82:f0:95:c5:6d:2d:0e:69:ff:aa:f3:43:08:4e:f3:e4:
         74:3e:d6:8f:4a:5e:d3:c2:df:c6:16:8e:91:e9:46:c1:d2:87:
         fe:6e:d5:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6h7ggqeZlYsh+qmVDv8nCiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA3MTE1MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2I4YmE1MWIxMDFmNjEzOTA2MzcxYzUzMzhkODZjYWM5N2QxZWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueXzzn+e4MHrPKOQ5akKhHEr2pFI
ZHSQnTbUMxO1VAZ4gVpAnkceGGfiLcUkVz4c8pV6BFm/tYXfa5XzNOqnbytTXHLi
mFqiDxhPxJzXZ8hNUUug8Nbfk9JmIAdtqtuXXwOa+ztikC+5U/cA5FYduEkx9deO
Z5CJX2YQv/eKiR3HSf6JqDqbl9VIFikdthGC+6hTY3swbIq2u0AvEs/pNZ07BEmr
XnM0on5uPwWjDJV3wmyP+oSXRiYmKrhowOQMT2Pe4YBFg0hzbiE5iZxZhknD57sq
GNHyCo9nG7S6IQC7T3ibycpwxxNlsxx4ug9mxmS17eDC5VyYSaBAIJ4Y1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLy4ulGxAfYTkGNxxTONhsrJfR73MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdkxpNlViRUI5aE9RWTNIRk00Mkd5c2w5SHZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzhkAwQA
HzusMA0GCSqGSIb3DQEBCwUAA4IBAQB3ief+m0MTAk/GB0ynpgeXpy+NBDa7cWp4
OzDGoHv4Wo8aw/g95+y7kjjFfhSw9AbqCbMuc+z493hDX05ZUOBm5cblI5NQ+EZ/
e3vIDQQQWAosapBqzYW1FhSYzA5um+GpnIFb5vJDy0OoWA5Ete+HS78sKcmw0YmB
X5MYuNbklb2Hbt59Z46fPG/ldpZt1eD3PEwZpDEW4n2VVXMxDhCUdfq0v1TT7eP7
3Wkixpoc+/Ryl9RYrjZBfj8fBEZ/tfJc7qz1RkwdDexmPoKg7fh5YX9ISAXDhv+D
6oLwlcVtLQ5p/6rzQwhO8+R0PtaPSl7Twt/GFo6R6UbB0of+btWQ
-----END CERTIFICATE-----