Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VaZ57xlU3HXvPgub9MPI5PjyuJI.roa
File:                     VaZ57xlU3HXvPgub9MPI5PjyuJI.roa (raw, json)
Hash identifier:          hL2MsRR7Vw2qfvXAFAOJE5iQBIeIpqYnMVTCNCFRQck=
Subject key identifier:   55:A6:79:EF:19:54:DC:75:EF:3E:0B:9B:F4:C3:C8:E4:F8:F2:B8:92
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E466CD6284F242DDAECE89B8BC4E1A628
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VaZ57xlU3HXvPgub9MPI5PjyuJI.roa
Signing time:             Wed 20 May 2026 17:26:38 +0000
ROA not before:           Wed 20 May 2026 17:26:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153568
IP address blocks:        31.59.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:6c:d6:28:4f:24:2d:da:ec:e8:9b:8b:c4:e1:a6:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 20 17:26:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55a679ef1954dc75ef3e0b9bf4c3c8e4f8f2b892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:91:cf:8d:bd:83:5b:50:33:6b:c6:a0:ed:6b:
                    e8:43:ef:eb:b8:ac:79:4e:6b:6d:c6:5d:9b:81:17:
                    6e:4f:fe:d1:3b:2b:36:4e:98:de:84:f1:02:83:e0:
                    c3:91:09:9a:3e:4e:3e:9c:3c:34:33:3e:36:fc:1d:
                    c6:f4:34:8e:89:2d:66:d1:08:40:2a:c6:43:25:21:
                    46:7b:42:f6:f1:8b:76:d9:cd:c3:55:4d:78:64:40:
                    b6:2c:3a:7d:2f:95:c3:64:72:39:f8:08:f5:1b:f4:
                    bf:6c:ed:27:4d:b3:88:66:60:14:5d:96:24:f1:ba:
                    bd:ed:fb:87:66:82:cb:68:9b:f1:aa:ef:35:aa:35:
                    0b:6f:73:b2:d2:13:f9:46:73:8c:59:4e:70:bb:27:
                    f5:ae:3e:d6:de:63:d7:fb:3e:2a:16:8f:a7:66:54:
                    a0:c1:70:20:24:4c:05:b9:80:ac:46:ed:13:e9:8c:
                    2e:31:65:26:b8:2e:80:50:0d:5c:e8:82:b7:2c:d2:
                    a2:95:53:0c:ad:8f:58:c0:50:ee:18:10:95:aa:c6:
                    c5:47:7f:d1:6e:9c:14:e4:92:e5:b2:28:a0:43:f9:
                    46:5d:3d:87:36:36:37:6a:b9:2d:89:e5:97:d2:29:
                    ee:61:7b:34:7a:68:2d:41:7b:e6:76:44:c2:6d:2b:
                    2b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A6:79:EF:19:54:DC:75:EF:3E:0B:9B:F4:C3:C8:E4:F8:F2:B8:92
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VaZ57xlU3HXvPgub9MPI5PjyuJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:cf:ff:01:76:96:07:91:bb:6c:48:a5:45:8f:f0:9d:65:da:
         c1:2c:e2:92:be:ee:8f:ef:3a:c9:1f:e2:9e:15:37:c0:83:87:
         91:f7:b1:f4:46:37:62:af:51:c6:ec:59:61:23:b5:99:89:d4:
         b6:6a:4e:ce:cc:c8:9a:af:67:1a:b2:d9:6e:40:da:7a:c0:dc:
         6d:6f:c8:21:0a:bb:f3:cc:19:41:46:49:58:5e:f9:ad:d7:74:
         d5:25:d0:03:9c:5c:63:79:8a:9d:f4:7b:d0:4e:f8:a1:57:2e:
         bd:ad:7c:e3:2c:ee:eb:69:e1:b2:72:5b:74:ca:5b:22:4e:6e:
         5a:1c:e5:f7:7e:35:14:93:14:79:ff:f0:9f:74:70:f6:31:cd:
         c6:1c:d6:c3:62:50:09:ac:fb:bb:36:23:aa:7f:e9:7b:4c:48:
         ae:98:e4:e7:9a:a8:11:3b:88:52:f8:8e:99:e2:c3:10:ee:25:
         ad:1b:9b:f4:d1:6e:77:40:95:c4:ab:fd:8a:62:7a:3f:40:53:
         85:28:ea:66:56:c1:a9:e1:05:15:d5:3d:b3:31:8b:c5:a1:dc:
         c6:d7:36:16:0f:d6:d2:a4:c5:e8:90:38:33:0b:8d:88:b6:f5:
         73:ee:09:1f:03:9b:a8:4a:a7:27:e4:d8:f5:3c:bf:ef:bd:d7:
         2e:22:65:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5GbNYoTyQt2uzom4vE4aYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTIwMTcyNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWE2NzllZjE5NTRkYzc1ZWYzZTBiOWJmNGMzYzhlNGY4ZjJiODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppHPjb2DW1Aza8ag7WvoQ+/ruKx5
Tmttxl2bgRduT/7ROys2TpjehPECg+DDkQmaPk4+nDw0Mz42/B3G9DSOiS1m0QhA
KsZDJSFGe0L28Yt22c3DVU14ZEC2LDp9L5XDZHI5+Aj1G/S/bO0nTbOIZmAUXZYk
8bq97fuHZoLLaJvxqu81qjULb3Oy0hP5RnOMWU5wuyf1rj7W3mPX+z4qFo+nZlSg
wXAgJEwFuYCsRu0T6YwuMWUmuC6AUA1c6IK3LNKilVMMrY9YwFDuGBCVqsbFR3/R
bpwU5JLlsiigQ/lGXT2HNjY3arktieWX0inuYXs0emgtQXvmdkTCbSsrqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWmee8ZVNx17z4Lm/TDyOT48riSMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVmFaNTd4bFUzSFh2UGd1YjlNUEk1UGp5dUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztuMA0G
CSqGSIb3DQEBCwUAA4IBAQCQz/8BdpYHkbtsSKVFj/CdZdrBLOKSvu6P7zrJH+Ke
FTfAg4eR97H0Rjdir1HG7FlhI7WZidS2ak7OzMiar2castluQNp6wNxtb8ghCrvz
zBlBRklYXvmt13TVJdADnFxjeYqd9HvQTvihVy69rXzjLO7raeGyclt0ylsiTm5a
HOX3fjUUkxR5//CfdHD2Mc3GHNbDYlAJrPu7NiOqf+l7TEiumOTnmqgRO4hS+I6Z
4sMQ7iWtG5v00W53QJXEq/2KYno/QFOFKOpmVsGp4QUV1T2zMYvFodzG1zYWD9bS
pMXokDgzC42ItvVz7gkfA5uoSqcn5Nj1PL/vvdcuImWX
-----END CERTIFICATE-----