Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Hp0oaa7HahsYQnVUL1rYJYrIwjM.roa
File:                     Hp0oaa7HahsYQnVUL1rYJYrIwjM.roa (raw, json)
Hash identifier:          1LKb2hrQ132th0J1ZD1is9a9po3utIkU5mEmhEwXtQc=
Subject key identifier:   1E:9D:28:69:AE:C7:6A:1B:18:42:75:54:2F:5A:D8:25:8A:C8:C2:33
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019ECB3CBAD3072FADA64FCAF011DB84CAAE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Hp0oaa7HahsYQnVUL1rYJYrIwjM.roa
Signing time:             Mon 15 Jun 2026 12:23:35 +0000
ROA not before:           Mon 15 Jun 2026 12:23:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205480
IP address blocks:        31.58.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:3c:ba:d3:07:2f:ad:a6:4f:ca:f0:11:db:84:ca:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 15 12:23:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e9d2869aec76a1b184275542f5ad8258ac8c233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e1:44:b5:6c:e6:17:42:e6:f0:1d:45:75:32:
                    8b:d6:b8:23:79:1b:c1:cf:69:8f:50:03:b2:2d:ac:
                    af:f8:21:6c:97:07:aa:79:4d:36:cf:50:95:5d:59:
                    55:95:d5:a4:71:82:9c:51:d9:74:b6:92:8c:8a:16:
                    5d:63:ef:69:19:73:e0:5a:f3:3f:c3:fa:99:56:c4:
                    c3:60:35:ed:ab:7d:ae:d8:53:d7:a6:87:03:5a:da:
                    a0:05:60:d0:74:b2:a6:ec:0e:ef:3e:df:bc:6f:a4:
                    f5:bb:9d:e1:b4:3f:f0:6c:bf:81:d0:dd:2f:ea:f8:
                    a9:1f:79:70:37:83:c2:75:e7:71:7a:d9:d8:a9:dc:
                    59:3b:60:e5:e6:16:7b:2b:cd:72:02:47:e4:03:10:
                    a3:f9:1a:bf:c6:a0:fb:78:2a:19:c0:dc:7e:b8:b4:
                    d9:71:27:72:25:12:06:23:e6:24:ca:d0:2c:49:60:
                    97:ad:42:b3:c1:8c:be:fa:a3:2f:af:24:f8:3e:3c:
                    e8:0f:b4:a9:c0:a7:0b:50:44:f2:3d:d8:31:d9:96:
                    0f:51:79:01:00:fa:59:99:34:69:87:e1:eb:dc:7c:
                    b5:62:35:59:57:c6:b8:46:12:aa:29:a0:7d:af:dd:
                    0d:fb:51:c0:74:98:6d:89:d5:ac:72:f1:8a:eb:f4:
                    72:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:9D:28:69:AE:C7:6A:1B:18:42:75:54:2F:5A:D8:25:8A:C8:C2:33
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Hp0oaa7HahsYQnVUL1rYJYrIwjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:76:bb:c6:57:c5:e2:ad:82:d6:ab:8f:27:39:ef:8e:71:4c:
         56:99:21:da:ce:60:7a:0d:3c:bb:34:16:a0:e6:e4:bc:b0:5d:
         28:d8:9e:0c:33:55:f3:f7:de:8d:da:42:41:78:c9:51:13:8e:
         5b:fd:80:62:96:82:51:13:b3:8b:9a:5d:ee:06:c8:69:38:4d:
         39:d7:0f:ca:4a:7d:84:16:97:b0:8f:9d:ef:5e:49:6c:e6:80:
         b4:2d:55:21:e8:b2:34:fd:35:11:41:88:61:f3:37:9f:fb:3f:
         80:99:64:3b:81:f1:72:f6:40:9f:de:e8:7b:e2:df:a6:2e:03:
         59:6e:2f:5f:0c:9c:77:66:d8:90:c4:bb:c9:16:cf:1c:0e:4f:
         01:5f:ce:9f:f2:50:ad:c2:ac:3d:62:8a:17:e7:2e:4a:5a:c2:
         06:2d:19:23:f5:5c:a0:a7:19:e9:c4:ca:4c:4e:1b:68:ef:71:
         19:93:b0:95:2a:1a:ff:88:df:fa:93:b6:6a:25:6b:cc:4f:ba:
         65:7f:f0:e9:f1:79:65:da:2f:40:c8:ca:20:de:0f:8a:9f:65:
         7b:68:b1:99:79:f0:80:7b:b2:f9:75:98:1e:fa:c2:6a:0f:83:
         53:88:d3:dc:10:9d:51:a4:26:96:13:37:f1:13:bb:cc:a0:da:
         59:19:9b:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7LPLrTBy+tpk/K8BHbhMquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjE1MTIyMzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTlkMjg2OWFlYzc2YTFiMTg0Mjc1NTQyZjVhZDgyNThhYzhjMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOFEtWzmF0Lm8B1FdTKL1rgjeRvB
z2mPUAOyLayv+CFslweqeU02z1CVXVlVldWkcYKcUdl0tpKMihZdY+9pGXPgWvM/
w/qZVsTDYDXtq32u2FPXpocDWtqgBWDQdLKm7A7vPt+8b6T1u53htD/wbL+B0N0v
6vipH3lwN4PCdedxetnYqdxZO2Dl5hZ7K81yAkfkAxCj+Rq/xqD7eCoZwNx+uLTZ
cSdyJRIGI+YkytAsSWCXrUKzwYy++qMvryT4PjzoD7SpwKcLUETyPdgx2ZYPUXkB
APpZmTRph+Hr3Hy1YjVZV8a4RhKqKaB9r90N+1HAdJhtidWscvGK6/Ry6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6dKGmux2obGEJ1VC9a2CWKyMIzMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSHAwb2FhN0hhaHNZUW5WVUwxcllKWXJJd2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzq1MA0G
CSqGSIb3DQEBCwUAA4IBAQCHdrvGV8XirYLWq48nOe+OcUxWmSHazmB6DTy7NBag
5uS8sF0o2J4MM1Xz996N2kJBeMlRE45b/YBiloJRE7OLml3uBshpOE051w/KSn2E
Fpewj53vXkls5oC0LVUh6LI0/TURQYhh8zef+z+AmWQ7gfFy9kCf3uh74t+mLgNZ
bi9fDJx3ZtiQxLvJFs8cDk8BX86f8lCtwqw9YooX5y5KWsIGLRkj9VygpxnpxMpM
Thto73EZk7CVKhr/iN/6k7ZqJWvMT7plf/Dp8Xll2i9AyMog3g+Kn2V7aLGZefCA
e7L5dZge+sJqD4NTiNPcEJ1RpCaWEzfxE7vMoNpZGZux
-----END CERTIFICATE-----