Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iDX6a3qmdwjTfsPSYPrFkeG7D9E.roa
File:                     iDX6a3qmdwjTfsPSYPrFkeG7D9E.roa (raw, json)
Hash identifier:          27whRppW/mcA+oSnwaii0g2OlIC0QEHzCr5EVuDGxH4=
Subject key identifier:   88:35:FA:6B:7A:A6:77:08:D3:7E:C3:D2:60:FA:C5:91:E1:BB:0F:D1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E96B46A6D85B1939B264E0F3E4A1B75D0
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iDX6a3qmdwjTfsPSYPrFkeG7D9E.roa
Signing time:             Fri 05 Jun 2026 07:34:26 +0000
ROA not before:           Fri 05 Jun 2026 07:34:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56913
IP address blocks:        31.58.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:b4:6a:6d:85:b1:93:9b:26:4e:0f:3e:4a:1b:75:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  5 07:34:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8835fa6b7aa67708d37ec3d260fac591e1bb0fd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:27:50:cf:7b:0a:70:56:b5:c6:aa:0f:9b:19:
                    f0:fd:b1:5e:4a:49:ca:b9:d9:ae:3c:ab:1b:d8:e5:
                    15:de:cd:60:42:50:62:f4:74:6b:9d:1d:1b:d6:26:
                    cb:0e:f1:e5:9b:21:f0:57:27:e5:ed:ef:21:ef:f5:
                    d5:d3:bd:ea:3d:f0:1f:34:74:4e:e1:2b:e3:64:af:
                    7c:61:85:71:72:26:18:e3:b6:ba:a9:9d:c3:7a:39:
                    1c:c1:3b:50:b1:c4:b2:b7:96:4f:34:3c:d0:1c:d8:
                    28:ac:d6:0a:c0:76:e1:05:e6:d6:b1:9c:b6:21:69:
                    ea:b2:2b:b6:6f:de:b8:89:27:1a:de:f5:3d:00:9e:
                    cb:82:2b:08:a3:f6:71:65:af:e5:e6:e4:ad:05:0d:
                    87:cd:cb:c7:0b:c4:fb:5d:03:cd:2e:9d:bb:e9:69:
                    04:b0:8d:e2:54:db:34:99:44:54:ed:7a:a5:4f:ff:
                    38:df:16:35:a9:93:ad:00:85:83:66:9a:6f:31:fb:
                    78:ce:b7:28:1a:86:78:1d:18:9c:71:1f:16:11:9a:
                    f1:e8:43:67:ce:0c:83:a2:aa:97:2f:b8:fd:4e:33:
                    eb:1f:88:49:d4:fd:55:a4:4d:b4:7c:36:d3:22:ed:
                    ad:c1:48:e1:f5:0a:95:50:b6:05:f3:22:56:60:08:
                    31:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:35:FA:6B:7A:A6:77:08:D3:7E:C3:D2:60:FA:C5:91:E1:BB:0F:D1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iDX6a3qmdwjTfsPSYPrFkeG7D9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:e8:c6:27:d9:56:60:66:48:ca:5a:28:78:23:dd:fd:46:ee:
         e8:56:33:b1:8a:ac:58:75:e4:5d:2f:30:1f:3a:0d:55:1d:23:
         05:9c:af:5c:9a:da:9f:f4:d8:12:1b:3a:f1:9c:a0:33:9f:b3:
         2a:3e:f7:0a:98:ce:ce:b9:4e:17:7f:c3:39:aa:d3:40:d8:2c:
         7b:2d:b8:91:0a:34:25:33:42:37:ef:1a:df:b3:19:64:1a:74:
         8b:64:08:6b:10:8d:59:55:d7:40:60:62:ac:86:ed:70:56:c9:
         f9:ba:63:06:38:af:f8:7d:46:30:4d:57:78:0e:19:95:7b:75:
         7a:c5:ca:96:f6:f6:74:28:3a:d8:1b:8e:12:2c:06:f3:6a:e6:
         49:89:b7:08:85:ce:be:52:b7:f9:df:9b:49:39:ec:ff:c0:b9:
         4c:0b:ef:5a:7b:82:af:14:89:09:77:fa:9a:6a:eb:78:63:25:
         e4:48:9e:a9:20:9f:20:23:f5:06:b1:c2:d6:b6:60:4c:9f:81:
         eb:a6:73:22:d7:47:78:ac:be:18:ac:cf:2d:e2:09:85:cb:cb:
         8f:e8:79:ef:6d:c4:30:ec:a6:40:f5:68:4d:cf:04:1e:8f:94:
         16:5c:82:8c:52:12:60:83:aa:df:2d:43:d0:aa:45:85:17:1e:
         4b:af:07:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6WtGpthbGTmyZODz5KG3XQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA1MDczNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODM1ZmE2YjdhYTY3NzA4ZDM3ZWMzZDI2MGZhYzU5MWUxYmIwZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCdQz3sKcFa1xqoPmxnw/bFeSknK
udmuPKsb2OUV3s1gQlBi9HRrnR0b1ibLDvHlmyHwVyfl7e8h7/XV073qPfAfNHRO
4SvjZK98YYVxciYY47a6qZ3DejkcwTtQscSyt5ZPNDzQHNgorNYKwHbhBebWsZy2
IWnqsiu2b964iSca3vU9AJ7LgisIo/ZxZa/l5uStBQ2HzcvHC8T7XQPNLp276WkE
sI3iVNs0mURU7XqlT/843xY1qZOtAIWDZppvMft4zrcoGoZ4HRiccR8WEZrx6ENn
zgyDoqqXL7j9TjPrH4hJ1P1VpE20fDbTIu2twUjh9QqVULYF8yJWYAgxZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIg1+mt6pncI037D0mD6xZHhuw/RMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaURYNmEzcW1kd2pUZnNQU1lQckZrZUc3RDlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqCMA0G
CSqGSIb3DQEBCwUAA4IBAQAW6MYn2VZgZkjKWih4I939Ru7oVjOxiqxYdeRdLzAf
Og1VHSMFnK9cmtqf9NgSGzrxnKAzn7MqPvcKmM7OuU4Xf8M5qtNA2Cx7LbiRCjQl
M0I37xrfsxlkGnSLZAhrEI1ZVddAYGKshu1wVsn5umMGOK/4fUYwTVd4DhmVe3V6
xcqW9vZ0KDrYG44SLAbzauZJibcIhc6+Urf535tJOez/wLlMC+9ae4KvFIkJd/qa
aut4YyXkSJ6pIJ8gI/UGscLWtmBMn4HrpnMi10d4rL4YrM8t4gmFy8uP6HnvbcQw
7KZA9WhNzwQej5QWXIKMUhJgg6rfLUPQqkWFFx5LrwcQ
-----END CERTIFICATE-----