Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5Q5POfragVjYU3Tc9pIsI73yN4c.roa
File:                     5Q5POfragVjYU3Tc9pIsI73yN4c.roa (raw, json)
Hash identifier:          kYaoLW03QEdDntl4/aBEysdwgJMga7CnSK/Wwl7+qL8=
Subject key identifier:   E5:0E:4F:39:FA:DA:81:58:D8:53:74:DC:F6:92:2C:23:BD:F2:37:87
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E2CA962624D657EE599DA53B3E2C0D17A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5Q5POfragVjYU3Tc9pIsI73yN4c.roa
Signing time:             Fri 15 May 2026 17:22:38 +0000
ROA not before:           Fri 15 May 2026 17:22:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206446
IP address blocks:        31.58.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2c:a9:62:62:4d:65:7e:e5:99:da:53:b3:e2:c0:d1:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 15 17:22:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e50e4f39fada8158d85374dcf6922c23bdf23787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4b:d4:46:86:66:6d:90:cb:fc:36:35:2b:6d:
                    79:1b:9e:bf:a3:79:bf:67:ee:a2:80:0d:e6:3f:31:
                    ea:d7:b4:d9:bf:a4:65:e9:55:20:37:f2:3f:e4:f8:
                    ea:52:0e:1f:b6:f3:ab:d3:f9:69:3a:33:0b:3c:a3:
                    f1:46:d6:eb:fb:9f:90:b9:fc:4e:c6:fb:d0:33:05:
                    0f:f0:10:3d:91:c3:bb:02:f3:e4:65:c0:da:0e:89:
                    cb:e0:bd:1c:40:7c:15:56:a7:37:67:bb:c5:34:e1:
                    94:cb:cb:ca:c3:2e:17:32:86:be:f9:f6:cf:5b:5b:
                    9e:2a:94:41:27:0a:2a:ca:dd:a8:27:21:81:2e:2d:
                    3a:a3:6a:94:52:16:6f:c2:3f:4d:dd:61:cd:98:c9:
                    65:2c:52:20:85:51:32:92:b0:bb:9c:76:85:7f:38:
                    3c:b9:c2:05:ca:aa:57:9a:75:16:6a:75:0e:51:38:
                    4d:4e:65:90:9c:85:2d:ea:af:78:b6:f7:1a:33:11:
                    ad:8a:61:af:d5:82:c4:38:d0:8e:b0:a1:bc:0d:0e:
                    c2:03:05:1b:1c:1b:94:b2:a4:71:fd:68:b6:f2:22:
                    79:a6:81:9c:d1:87:7f:98:bc:4d:0a:f4:c1:06:1b:
                    9a:8f:69:1d:b0:9e:43:3f:87:b4:06:31:e5:32:dd:
                    99:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0E:4F:39:FA:DA:81:58:D8:53:74:DC:F6:92:2C:23:BD:F2:37:87
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5Q5POfragVjYU3Tc9pIsI73yN4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:72:15:98:f7:97:aa:6c:5b:9d:5b:36:90:04:e9:a6:cd:e3:
         06:b0:02:6e:35:40:dd:4c:f6:ef:a0:2a:34:49:4e:79:d2:4d:
         41:65:f9:53:78:37:1a:9d:dc:20:5d:f3:13:0f:90:8a:e2:94:
         2a:a8:04:4f:d6:93:9e:1e:43:d5:e9:78:be:4d:5f:e8:98:df:
         8b:50:cf:23:42:cc:e6:4a:fe:71:a9:ab:08:1a:63:f6:39:aa:
         10:b1:e5:be:b4:3a:db:9b:67:b6:69:ec:3b:8b:87:82:ad:d9:
         88:f7:52:9f:ea:49:f3:1c:cd:82:20:1b:74:bd:4b:50:2b:73:
         bd:eb:12:9a:d4:f5:c6:42:9c:f5:2e:6c:2b:6e:ea:31:36:11:
         c8:0e:b4:a8:f9:a6:c7:16:d8:b1:b0:36:89:7a:66:2b:3b:ac:
         f4:d1:f3:cc:3a:8a:5a:9e:5a:6d:bf:8e:0b:0c:53:ee:1b:d9:
         bd:60:7e:7c:45:c7:b5:39:5e:48:7b:19:4f:0b:3c:3d:a2:69:
         20:67:bf:63:b0:26:7e:bb:36:e2:f6:6e:80:63:e0:e2:d4:25:
         3d:ee:ed:f1:3f:fc:7f:a1:c1:72:9f:5f:49:dd:e6:ae:57:01:
         43:8b:ab:be:f7:50:b3:d6:bc:ee:34:60:0e:88:e7:e8:36:81:
         81:34:c9:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4sqWJiTWV+5ZnaU7PiwNF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTE1MTcyMjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTBlNGYzOWZhZGE4MTU4ZDg1Mzc0ZGNmNjkyMmMyM2JkZjIzNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0vURoZmbZDL/DY1K215G56/o3m/
Z+6igA3mPzHq17TZv6Rl6VUgN/I/5PjqUg4ftvOr0/lpOjMLPKPxRtbr+5+QufxO
xvvQMwUP8BA9kcO7AvPkZcDaDonL4L0cQHwVVqc3Z7vFNOGUy8vKwy4XMoa++fbP
W1ueKpRBJwoqyt2oJyGBLi06o2qUUhZvwj9N3WHNmMllLFIghVEykrC7nHaFfzg8
ucIFyqpXmnUWanUOUThNTmWQnIUt6q94tvcaMxGtimGv1YLEONCOsKG8DQ7CAwUb
HBuUsqRx/Wi28iJ5poGc0Yd/mLxNCvTBBhuaj2kdsJ5DP4e0BjHlMt2ZNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUOTzn62oFY2FN03PaSLCO98jeHMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNVE1UE9mcmFnVmpZVTNUYzlwSXNJNzN5TjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzphMA0G
CSqGSIb3DQEBCwUAA4IBAQBvchWY95eqbFudWzaQBOmmzeMGsAJuNUDdTPbvoCo0
SU550k1BZflTeDcandwgXfMTD5CK4pQqqARP1pOeHkPV6Xi+TV/omN+LUM8jQszm
Sv5xqasIGmP2OaoQseW+tDrbm2e2aew7i4eCrdmI91Kf6knzHM2CIBt0vUtQK3O9
6xKa1PXGQpz1LmwrbuoxNhHIDrSo+abHFtixsDaJemYrO6z00fPMOopanlptv44L
DFPuG9m9YH58Rce1OV5IexlPCzw9omkgZ79jsCZ+uzbi9m6AY+Di1CU97u3xP/x/
ocFyn19J3eauVwFDi6u+91Cz1rzuNGAOiOfoNoGBNMma
-----END CERTIFICATE-----