Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KuPS6NmUFe-yN3qyYqQDccOmoyQ.roa
File:                     KuPS6NmUFe-yN3qyYqQDccOmoyQ.roa (raw, json)
Hash identifier:          udSmgQyLaKNvmHcMZLld7VLIIO9NVzQlZWrmnX88VSw=
Subject key identifier:   2A:E3:D2:E8:D9:94:15:EF:B2:37:7A:B2:62:A4:03:71:C3:A6:A3:24
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E466CD6681FE04A01ABFACE4A1E87E8C4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KuPS6NmUFe-yN3qyYqQDccOmoyQ.roa
Signing time:             Wed 20 May 2026 17:26:38 +0000
ROA not before:           Wed 20 May 2026 17:26:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212890
IP address blocks:        31.59.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:6c:d6:68:1f:e0:4a:01:ab:fa:ce:4a:1e:87:e8:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 20 17:26:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ae3d2e8d99415efb2377ab262a40371c3a6a324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:be:c4:dc:c5:cd:a6:b3:48:30:66:be:9c:81:
                    bf:2b:dd:df:5b:1b:34:9b:dd:36:02:c1:9a:ee:e0:
                    a2:ae:0c:fc:9e:1e:b0:49:8a:08:21:36:a1:3d:05:
                    44:71:84:4f:7c:1c:24:7f:e1:23:4e:e1:46:d3:2e:
                    32:ea:cd:cc:23:83:ac:98:5c:a9:12:f7:f4:d7:5d:
                    b4:05:b1:b4:2d:6b:f7:da:c4:b2:76:05:04:75:ee:
                    c5:16:56:5c:dd:ff:58:95:ff:5b:cd:76:e4:fb:31:
                    d8:8c:0e:89:49:8c:ce:d3:16:82:f4:f6:35:72:95:
                    d4:de:d6:67:3c:34:e4:b9:4d:e1:88:72:42:1e:df:
                    cf:d9:48:34:e3:4a:c6:f2:e4:8b:03:9b:27:7d:95:
                    39:48:96:71:7d:6f:b7:1d:c6:5f:70:d3:e2:47:76:
                    0b:6d:1b:2b:d9:14:f7:ab:80:06:bd:60:cb:d3:1b:
                    44:53:31:98:21:b9:cc:62:0c:8c:89:db:c8:61:d1:
                    15:54:23:bc:57:5a:53:2a:2e:1e:b7:f1:84:49:9c:
                    e5:00:b2:42:25:bb:58:6b:96:65:d1:20:ad:0b:70:
                    a3:b5:5e:00:37:65:09:71:dc:ee:df:df:9f:e3:9a:
                    74:d1:4b:24:b3:c7:a7:9a:66:13:db:da:5e:87:69:
                    e4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E3:D2:E8:D9:94:15:EF:B2:37:7A:B2:62:A4:03:71:C3:A6:A3:24
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KuPS6NmUFe-yN3qyYqQDccOmoyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:27:3d:c0:63:d2:83:ed:ec:93:de:f3:65:2d:1c:6f:5f:88:
         62:ad:85:14:d2:ba:5d:71:1a:89:8a:9a:65:89:f6:4d:44:55:
         02:03:2e:1f:87:73:49:a5:f3:33:89:e5:7b:e7:3f:85:8b:ab:
         87:90:ee:59:67:f7:b4:44:bf:15:32:59:ce:0d:91:68:0a:4a:
         fb:9f:5a:59:92:fd:15:2d:5c:ab:78:ca:91:09:ee:87:35:8c:
         69:3c:ba:97:3f:07:3e:9c:5c:ac:0f:9e:69:cd:ca:82:af:bf:
         99:8e:85:a7:74:bd:3f:d8:9d:32:f1:c1:04:fc:20:f8:30:d6:
         df:b8:49:23:49:58:33:53:0b:8e:90:6d:79:cc:fa:92:42:a6:
         33:93:a3:a3:1b:b1:e7:9b:7b:e9:45:ce:f5:f9:79:6a:8a:48:
         5a:a0:e3:1d:0a:47:60:0c:aa:60:92:23:16:eb:51:a8:39:4b:
         69:ae:b1:25:1e:2e:9d:18:90:55:94:1e:0b:1f:18:55:a1:bc:
         13:26:d5:2a:96:cc:bd:29:6a:0f:da:c8:fe:43:95:ac:02:91:
         08:c4:61:7c:fa:20:24:c7:01:df:27:f7:9f:c0:2c:64:c4:a3:
         e1:4f:38:90:5e:6b:a2:7c:3c:b9:67:f3:d2:f9:a7:44:0f:b3:
         3d:82:33:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5GbNZoH+BKAav6zkoeh+jEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTIwMTcyNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWUzZDJlOGQ5OTQxNWVmYjIzNzdhYjI2MmE0MDM3MWMzYTZhMzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL7E3MXNprNIMGa+nIG/K93fWxs0
m902AsGa7uCirgz8nh6wSYoIITahPQVEcYRPfBwkf+EjTuFG0y4y6s3MI4OsmFyp
Evf01120BbG0LWv32sSydgUEde7FFlZc3f9Ylf9bzXbk+zHYjA6JSYzO0xaC9PY1
cpXU3tZnPDTkuU3hiHJCHt/P2Ug040rG8uSLA5snfZU5SJZxfW+3HcZfcNPiR3YL
bRsr2RT3q4AGvWDL0xtEUzGYIbnMYgyMidvIYdEVVCO8V1pTKi4et/GESZzlALJC
JbtYa5Zl0SCtC3CjtV4AN2UJcdzu39+f45p00Usks8enmmYT29peh2nkjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrj0ujZlBXvsjd6smKkA3HDpqMkMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvS3VQUzZObVVGZS15TjNxeVlxUURjY09tb3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzttMA0G
CSqGSIb3DQEBCwUAA4IBAQA4Jz3AY9KD7eyT3vNlLRxvX4hirYUU0rpdcRqJippl
ifZNRFUCAy4fh3NJpfMzieV75z+Fi6uHkO5ZZ/e0RL8VMlnODZFoCkr7n1pZkv0V
LVyreMqRCe6HNYxpPLqXPwc+nFysD55pzcqCr7+ZjoWndL0/2J0y8cEE/CD4MNbf
uEkjSVgzUwuOkG15zPqSQqYzk6OjG7Hnm3vpRc71+XlqikhaoOMdCkdgDKpgkiMW
61GoOUtprrElHi6dGJBVlB4LHxhVobwTJtUqlsy9KWoP2sj+Q5WsApEIxGF8+iAk
xwHfJ/efwCxkxKPhTziQXmuifDy5Z/PS+adED7M9gjPu
-----END CERTIFICATE-----