Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xgJmVlptBNQt3QagFPEWieFT9Eo.roa
File:                     xgJmVlptBNQt3QagFPEWieFT9Eo.roa (raw, json)
Hash identifier:          pa8k4UeAokpGoiqSIy0M3W5AWBzJDZO9I4EPfOK+fII=
Subject key identifier:   C6:02:66:56:5A:6D:04:D4:2D:DD:06:A0:14:F1:16:89:E1:53:F4:4A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EA5CACC069105FEB53E3AB792C6786709
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xgJmVlptBNQt3QagFPEWieFT9Eo.roa
Signing time:             Mon 08 Jun 2026 05:53:11 +0000
ROA not before:           Mon 08 Jun 2026 05:53:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31924
IP address blocks:        31.56.1.0/24 maxlen: 24
                          31.59.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:ca:cc:06:91:05:fe:b5:3e:3a:b7:92:c6:78:67:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  8 05:53:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c60266565a6d04d42ddd06a014f11689e153f44a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:51:84:8c:3d:31:4c:c7:10:16:ac:23:ff:83:
                    70:73:a1:af:0e:31:27:f1:9a:ea:1a:6a:e1:28:6c:
                    0e:28:a7:31:18:67:81:6a:63:b7:1c:9a:d6:45:f9:
                    1c:82:c7:70:42:47:44:cf:cf:c1:3b:78:6e:cd:2d:
                    80:48:94:3c:db:79:5c:15:ed:6d:03:df:68:0c:9a:
                    13:1f:7e:3f:36:2e:4c:66:47:0b:b8:26:51:cd:b1:
                    9f:94:78:ed:e6:55:a4:64:41:e6:c4:be:22:0c:95:
                    27:65:de:92:32:28:21:f6:c4:02:9d:d8:3c:13:77:
                    a1:39:4d:fd:6f:d5:9f:05:9a:58:50:1b:7d:1d:a1:
                    63:eb:95:a0:8b:87:a6:3d:b9:29:b5:82:d7:38:ec:
                    3e:93:c5:17:7b:0b:b5:19:40:8a:4c:29:41:ed:5e:
                    9d:81:92:df:61:5f:aa:c6:a1:2f:62:3d:f4:57:23:
                    2a:ff:9c:d3:8a:1e:db:3f:5b:e9:a5:c9:f4:dd:a3:
                    9d:05:30:b3:d0:ea:11:44:c6:ee:cf:e5:5e:b0:0c:
                    b0:c7:2e:6a:93:d9:96:f9:7a:14:de:62:2b:37:77:
                    63:12:2b:9c:c0:0a:da:85:72:90:1e:c4:f3:5b:8d:
                    15:d4:aa:dd:69:3b:c4:d6:75:ea:5c:d3:f9:6d:3f:
                    a6:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:02:66:56:5A:6D:04:D4:2D:DD:06:A0:14:F1:16:89:E1:53:F4:4A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xgJmVlptBNQt3QagFPEWieFT9Eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.1.0/24
                  31.59.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:0b:a5:f5:ff:a7:55:6c:19:da:5b:e2:cd:12:cb:e3:e0:fa:
         5d:53:5a:e3:c0:0c:de:74:ea:2b:47:8b:b4:1a:59:5a:e4:4e:
         b2:fc:37:3f:a3:e5:95:3e:e6:e6:c1:30:20:4c:c0:88:66:88:
         62:c6:91:8e:eb:fd:35:01:db:54:55:e9:8d:e7:55:18:ab:a7:
         d3:ee:99:42:38:4f:88:58:9b:f3:c5:73:77:8d:cf:53:04:1e:
         8e:33:e2:26:2e:52:84:56:16:00:0e:7f:63:9e:03:c9:70:1a:
         d3:d3:3e:a9:ad:e2:bf:5d:78:88:76:f9:fb:e4:de:17:6a:c9:
         48:71:37:2b:e2:78:07:19:13:13:d4:e3:3f:ac:4b:ab:c4:13:
         f8:f6:0c:cb:26:b8:67:da:ef:26:b5:26:e7:9a:6c:cf:ea:4c:
         70:49:bf:c4:cc:94:ed:1d:c6:04:29:f5:1c:42:61:aa:fa:b8:
         02:c2:a1:f1:f7:67:7b:63:bc:c2:81:5a:25:9b:b2:8b:99:e9:
         e4:0b:54:85:8e:1b:45:9b:32:d4:06:1a:0e:de:f7:f9:71:a8:
         f8:af:84:75:12:37:e1:5c:d6:c5:43:0c:9b:6f:16:c9:6c:0b:
         70:4d:ff:14:9c:b4:ae:6a:ec:06:27:49:1d:38:43:bc:d3:fe:
         6a:f7:95:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6lyswGkQX+tT46t5LGeGcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA4MDU1MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjAyNjY1NjVhNmQwNGQ0MmRkZDA2YTAxNGYxMTY4OWUxNTNmNDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1GEjD0xTMcQFqwj/4Nwc6GvDjEn
8ZrqGmrhKGwOKKcxGGeBamO3HJrWRfkcgsdwQkdEz8/BO3huzS2ASJQ823lcFe1t
A99oDJoTH34/Ni5MZkcLuCZRzbGflHjt5lWkZEHmxL4iDJUnZd6SMigh9sQCndg8
E3ehOU39b9WfBZpYUBt9HaFj65Wgi4emPbkptYLXOOw+k8UXewu1GUCKTClB7V6d
gZLfYV+qxqEvYj30VyMq/5zTih7bP1vppcn03aOdBTCz0OoRRMbuz+VesAywxy5q
k9mW+XoU3mIrN3djEiucwArahXKQHsTzW40V1KrdaTvE1nXqXNP5bT+mfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMYCZlZabQTULd0GoBTxFonhU/RKMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveGdKbVZscHRCTlF0M1FhZ0ZQRVdpZUZUOUVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzgBAwQA
HztIMA0GCSqGSIb3DQEBCwUAA4IBAQAIC6X1/6dVbBnaW+LNEsvj4PpdU1rjwAze
dOorR4u0Glla5E6y/Dc/o+WVPubmwTAgTMCIZohixpGO6/01AdtUVemN51UYq6fT
7plCOE+IWJvzxXN3jc9TBB6OM+ImLlKEVhYADn9jngPJcBrT0z6preK/XXiIdvn7
5N4XaslIcTcr4ngHGRMT1OM/rEurxBP49gzLJrhn2u8mtSbnmmzP6kxwSb/EzJTt
HcYEKfUcQmGq+rgCwqHx92d7Y7zCgVolm7KLmenkC1SFjhtFmzLUBhoO3vf5caj4
r4R1EjfhXNbFQwybbxbJbAtwTf8UnLSuauwGJ0kdOEO80/5q95WT
-----END CERTIFICATE-----