Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/UmmZDpseMxVJubjMnCdvBjgS5YE.roa
File:                     UmmZDpseMxVJubjMnCdvBjgS5YE.roa (raw, json)
Hash identifier:          ufo0u/tlHpT1D5nH808CfRy36uhMArfw5EarcpScIRc=
Subject key identifier:   52:69:99:0E:9B:1E:33:15:49:B9:B8:CC:9C:27:6F:06:38:12:E5:81
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EDF23DABECB2B5AF3172F49F8C8E457EF
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/UmmZDpseMxVJubjMnCdvBjgS5YE.roa
Signing time:             Fri 19 Jun 2026 09:08:49 +0000
ROA not before:           Fri 19 Jun 2026 09:08:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198584
IP address blocks:        31.59.161.0/24 maxlen: 24
                          217.60.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:df:23:da:be:cb:2b:5a:f3:17:2f:49:f8:c8:e4:57:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 19 09:08:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5269990e9b1e331549b9b8cc9c276f063812e581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:73:b9:6b:96:1f:17:2f:c9:52:b0:ea:7f:82:
                    69:bb:0a:d7:0e:03:14:63:a8:3f:52:c3:ca:48:26:
                    24:83:61:ae:7a:a1:29:88:35:d5:30:4e:82:bb:a6:
                    aa:56:d0:95:ea:3e:33:74:42:02:6d:be:5e:82:f5:
                    0c:40:d7:30:a8:b7:56:53:c9:7a:ad:69:d6:fc:5d:
                    80:20:11:ee:27:af:fb:82:65:95:cb:94:48:a9:49:
                    d9:86:fc:11:8c:b9:d2:ca:47:4c:8f:59:ea:28:a6:
                    b1:9d:19:43:71:49:a6:c3:d5:51:68:cd:f6:2c:b9:
                    d4:bf:be:ca:7e:d6:f6:dd:0d:ac:25:0d:a0:00:76:
                    e1:ce:0d:46:28:fe:26:ab:eb:41:51:ea:4b:70:3e:
                    04:6d:3d:12:8e:0f:38:1d:a0:4e:be:cb:a8:58:f3:
                    6b:a1:fe:22:ce:76:4a:d6:1f:c2:bb:b9:3e:c5:18:
                    32:71:f9:84:5d:70:37:4e:c3:25:c2:a5:98:70:02:
                    49:d0:69:ba:5f:17:ff:e8:ba:0d:3d:de:d5:97:1c:
                    59:ef:c7:64:27:2f:47:cf:fb:f5:9f:c3:77:86:c7:
                    4c:2a:b4:08:56:d4:16:ad:29:12:a4:9a:69:bf:8f:
                    d0:2e:4e:5d:ea:4f:24:93:0d:6f:19:5d:c7:e8:cf:
                    85:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:69:99:0E:9B:1E:33:15:49:B9:B8:CC:9C:27:6F:06:38:12:E5:81
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/UmmZDpseMxVJubjMnCdvBjgS5YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.161.0/24
                  217.60.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:ee:71:16:36:36:91:aa:2d:26:c0:75:4d:5e:ca:83:48:e6:
         2b:4f:87:83:33:f0:c9:cb:05:07:c8:53:f5:ea:cb:5a:df:d7:
         eb:e2:b5:5c:8b:c4:5a:db:42:83:e0:58:92:80:ce:5c:02:63:
         f1:ea:93:b4:c6:5b:e3:fa:3d:92:49:2b:92:30:ce:ae:7f:d7:
         c8:21:0a:44:d3:23:36:73:a7:b6:a5:09:5d:0d:c0:ca:64:da:
         0c:d2:4f:17:34:d6:e5:e9:ad:54:0b:71:b2:56:df:a9:4a:6c:
         91:48:cb:9d:34:9a:9a:1b:3d:eb:e3:68:4f:a9:75:f3:46:59:
         2f:45:a0:e7:62:d1:4c:34:4f:a3:aa:5f:80:f7:67:f3:9e:e2:
         5e:1a:08:bf:7b:b2:a1:87:a6:ff:64:db:d7:b8:0d:03:b9:b1:
         c8:10:49:81:f0:cb:42:cf:de:a8:1f:a6:f0:aa:a0:2d:d0:9c:
         5d:b7:86:95:0a:54:5c:f6:ce:3b:10:b4:9f:4a:c7:c5:2d:87:
         03:da:bf:ec:81:51:71:87:86:b4:05:9a:06:6b:a4:0e:2a:60:
         56:4c:d0:46:d1:ec:04:7c:96:de:7a:4b:e2:5c:02:cf:d2:70:
         37:1a:7e:69:f6:a0:e9:a1:3b:29:25:50:59:dc:d8:81:72:86:
         ea:85:bd:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7fI9q+yyta8xcvSfjI5FfvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjE5MDkwODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjY5OTkwZTliMWUzMzE1NDliOWI4Y2M5YzI3NmYwNjM4MTJlNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHO5a5YfFy/JUrDqf4JpuwrXDgMU
Y6g/UsPKSCYkg2GueqEpiDXVME6Cu6aqVtCV6j4zdEICbb5egvUMQNcwqLdWU8l6
rWnW/F2AIBHuJ6/7gmWVy5RIqUnZhvwRjLnSykdMj1nqKKaxnRlDcUmmw9VRaM32
LLnUv77Kftb23Q2sJQ2gAHbhzg1GKP4mq+tBUepLcD4EbT0Sjg84HaBOvsuoWPNr
of4iznZK1h/Cu7k+xRgycfmEXXA3TsMlwqWYcAJJ0Gm6Xxf/6LoNPd7VlxxZ78dk
Jy9Hz/v1n8N3hsdMKrQIVtQWrSkSpJppv4/QLk5d6k8kkw1vGV3H6M+FgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFJpmQ6bHjMVSbm4zJwnbwY4EuWBMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVW1tWkRwc2VNeFZKdWJqTW5DZHZCamdTNVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzuhAwQA
2TwbMA0GCSqGSIb3DQEBCwUAA4IBAQC37nEWNjaRqi0mwHVNXsqDSOYrT4eDM/DJ
ywUHyFP16sta39fr4rVci8Ra20KD4FiSgM5cAmPx6pO0xlvj+j2SSSuSMM6uf9fI
IQpE0yM2c6e2pQldDcDKZNoM0k8XNNbl6a1UC3GyVt+pSmyRSMudNJqaGz3r42hP
qXXzRlkvRaDnYtFMNE+jql+A92fznuJeGgi/e7Khh6b/ZNvXuA0DubHIEEmB8MtC
z96oH6bwqqAt0Jxdt4aVClRc9s47ELSfSsfFLYcD2r/sgVFxh4a0BZoGa6QOKmBW
TNBG0ewEfJbeekviXALP0nA3Gn5p9qDpoTspJVBZ3NiBcobqhb25
-----END CERTIFICATE-----