Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aqfz8QNVYCMwIeMV7hUvHWphc68.roa
File:                     aqfz8QNVYCMwIeMV7hUvHWphc68.roa (raw, json)
Hash identifier:          YXz6ef1TLQ3U2zi1Pui53eRh8omd0CzLxJXa1uWWvX8=
Subject key identifier:   6A:A7:F3:F1:03:55:60:23:30:21:E3:15:EE:15:2F:1D:6A:61:73:AF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E418A39F479F6090D733435510018F498
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aqfz8QNVYCMwIeMV7hUvHWphc68.roa
Signing time:             Tue 19 May 2026 18:40:38 +0000
ROA not before:           Tue 19 May 2026 18:40:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199750
IP address blocks:        31.59.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:41:8a:39:f4:79:f6:09:0d:73:34:35:51:00:18:f4:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 19 18:40:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6aa7f3f1035560233021e315ee152f1d6a6173af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:4e:a2:51:1b:32:3b:f3:db:9a:5c:c4:d6:46:
                    e1:f5:0c:a5:c9:f5:c1:51:35:f9:f5:b7:22:d9:92:
                    63:59:2a:6d:92:93:24:1a:b8:d4:c6:b6:dd:f1:10:
                    cc:7f:10:c3:ff:34:cb:99:f3:54:b8:56:8c:29:ad:
                    60:a7:71:d0:aa:9f:0c:a1:5c:8f:52:8b:c6:88:24:
                    a8:3d:71:79:0e:06:b4:33:ee:f3:69:14:68:60:85:
                    2b:5a:e0:42:ce:51:21:59:57:08:66:7d:08:25:c9:
                    cb:ed:08:89:6c:f9:18:6b:2f:e4:b2:41:27:eb:90:
                    d7:66:3c:38:ff:21:48:ad:81:ab:77:70:ad:b6:de:
                    0e:2c:e0:77:87:f3:16:84:7b:a0:f4:57:b0:3f:38:
                    8a:f5:dc:f5:ed:19:b0:5a:00:f9:54:a2:c3:ba:09:
                    8d:ca:d4:26:a7:d2:71:8b:c2:8e:fb:c7:db:f7:0c:
                    7f:87:f8:e8:c5:b4:62:9b:b6:59:94:ba:1a:c9:48:
                    36:e2:09:99:0b:98:bc:16:55:3a:8a:c0:a1:83:b9:
                    32:54:ff:98:ae:27:b4:db:14:bf:b0:19:9b:35:49:
                    b1:86:db:36:ed:a4:5b:72:40:38:4e:83:9c:22:79:
                    89:94:41:14:00:19:c4:94:4f:fa:f6:03:ea:9a:72:
                    b2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A7:F3:F1:03:55:60:23:30:21:E3:15:EE:15:2F:1D:6A:61:73:AF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aqfz8QNVYCMwIeMV7hUvHWphc68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:22:ee:17:4f:6c:09:4a:43:34:f8:e7:a1:9a:03:f5:41:e8:
         4c:e4:ec:b9:6a:f2:26:44:be:52:ec:a3:b3:7f:63:e2:0a:fb:
         99:f1:bd:8b:0f:c2:46:61:29:a7:71:e2:be:ee:5c:54:90:92:
         fc:52:d4:78:98:73:11:60:37:bc:25:f8:8d:55:38:92:89:a1:
         df:3a:6d:51:cb:b2:44:90:49:ab:26:14:4d:f5:56:4a:04:8b:
         ec:8c:5b:42:f2:67:24:f8:8e:c7:90:b2:6a:b1:42:84:3f:58:
         9d:f4:80:ba:0e:02:4d:63:0b:e6:01:78:e4:de:15:2b:fb:fd:
         7d:62:31:fb:2d:a9:ba:a4:29:af:90:e3:86:7a:8d:91:83:83:
         24:6a:c1:48:98:82:b7:30:6e:e9:22:2a:ec:cd:28:c3:7e:be:
         13:c1:21:ac:42:6b:49:6a:32:81:9c:5a:56:ee:03:2f:ad:c2:
         1c:0a:75:79:51:97:c5:3a:56:62:11:65:43:e5:80:2c:b1:18:
         9e:ae:7d:96:40:c5:13:47:25:93:99:43:5e:e4:8f:95:d6:6b:
         1a:ce:92:9d:1b:a8:64:c6:8d:ef:31:02:dc:e3:89:98:80:20:
         c8:20:14:c5:58:9c:e7:bf:c7:e7:ba:ba:62:bb:a1:5f:88:b0:
         cb:fb:21:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Bijn0efYJDXM0NVEAGPSYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTE5MTg0MDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE3ZjNmMTAzNTU2MDIzMzAyMWUzMTVlZTE1MmYxZDZhNjE3M2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhk6iURsyO/PbmlzE1kbh9QylyfXB
UTX59bci2ZJjWSptkpMkGrjUxrbd8RDMfxDD/zTLmfNUuFaMKa1gp3HQqp8MoVyP
UovGiCSoPXF5Dga0M+7zaRRoYIUrWuBCzlEhWVcIZn0IJcnL7QiJbPkYay/kskEn
65DXZjw4/yFIrYGrd3Cttt4OLOB3h/MWhHug9FewPziK9dz17RmwWgD5VKLDugmN
ytQmp9Jxi8KO+8fb9wx/h/joxbRim7ZZlLoayUg24gmZC5i8FlU6isChg7kyVP+Y
rie02xS/sBmbNUmxhts27aRbckA4ToOcInmJlEEUABnElE/69gPqmnKy6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqn8/EDVWAjMCHjFe4VLx1qYXOvMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYXFmejhRTlZZQ013SWVNVjdoVXZIV3BoYzY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzttMA0G
CSqGSIb3DQEBCwUAA4IBAQAPIu4XT2wJSkM0+OehmgP1QehM5Oy5avImRL5S7KOz
f2PiCvuZ8b2LD8JGYSmnceK+7lxUkJL8UtR4mHMRYDe8JfiNVTiSiaHfOm1Ry7JE
kEmrJhRN9VZKBIvsjFtC8mck+I7HkLJqsUKEP1id9IC6DgJNYwvmAXjk3hUr+/19
YjH7Lam6pCmvkOOGeo2Rg4MkasFImIK3MG7pIirszSjDfr4TwSGsQmtJajKBnFpW
7gMvrcIcCnV5UZfFOlZiEWVD5YAssRiern2WQMUTRyWTmUNe5I+V1msazpKdG6hk
xo3vMQLc44mYgCDIIBTFWJznv8fnurpiu6FfiLDL+yHr
-----END CERTIFICATE-----