Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jbScGqlIHVY81mHKz7pKMPHNOuw.roa
File:                     jbScGqlIHVY81mHKz7pKMPHNOuw.roa (raw, json)
Hash identifier:          i4u/wVmqxEUg4K9zRIxcTFpa7QtReXnq4eyz0QO4kkE=
Subject key identifier:   8D:B4:9C:1A:A9:48:1D:56:3C:D6:61:CA:CF:BA:4A:30:F1:CD:3A:EC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E4918BB9AAB7AF05EBC365B4A1104D252
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jbScGqlIHVY81mHKz7pKMPHNOuw.roa
Signing time:             Thu 21 May 2026 05:53:38 +0000
ROA not before:           Thu 21 May 2026 05:53:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     146996
IP address blocks:        31.58.53.0/24 maxlen: 24
                          31.58.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:18:bb:9a:ab:7a:f0:5e:bc:36:5b:4a:11:04:d2:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 21 05:53:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8db49c1aa9481d563cd661cacfba4a30f1cd3aec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:30:05:88:80:bb:9d:53:07:1e:41:57:31:fc:
                    6e:ba:c2:79:ed:2b:76:7b:01:75:aa:d9:1a:4a:0e:
                    59:1d:80:65:c1:b4:09:50:07:b3:83:78:f7:6b:45:
                    f6:4a:bc:df:04:30:3a:f6:19:0e:92:1d:b8:48:15:
                    17:3e:39:85:d1:68:76:7f:07:aa:bd:f9:45:af:83:
                    fb:3d:a2:d3:4a:50:ef:7e:3c:65:58:a6:33:71:a9:
                    d2:1e:06:0e:a6:33:c9:85:2e:56:47:ea:6c:60:60:
                    d6:f2:c4:31:50:a0:1b:03:8a:ee:45:87:c4:52:30:
                    e1:4c:9f:c3:89:90:6c:b1:a4:8e:72:24:31:1c:99:
                    04:d6:d4:49:f8:78:89:a6:30:9a:f4:5d:33:2e:e5:
                    5f:73:93:00:74:36:3e:a1:f8:01:90:29:01:80:e9:
                    c2:c8:f7:37:7e:75:7c:db:e9:82:d8:fe:b5:4e:ce:
                    0a:7d:01:b9:8f:4a:ca:24:8a:2b:a9:89:8f:c9:5f:
                    f6:51:49:0c:ce:e8:1e:c1:79:d0:b1:00:69:80:eb:
                    16:ef:e0:d7:0b:99:ed:31:00:9d:11:fb:16:73:46:
                    fd:dd:88:4d:72:66:bb:2a:54:a5:63:4b:b3:4e:ef:
                    d7:6f:1e:23:6d:1c:47:bb:a5:45:37:f1:45:e6:b4:
                    cf:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:B4:9C:1A:A9:48:1D:56:3C:D6:61:CA:CF:BA:4A:30:F1:CD:3A:EC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jbScGqlIHVY81mHKz7pKMPHNOuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.53.0/24
                  31.58.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:db:73:93:73:20:04:7f:bb:af:41:7c:ab:2b:e5:99:6e:87:
         bc:77:99:75:0e:27:de:67:a3:36:50:b0:1d:4a:bc:84:bf:67:
         70:c2:89:f4:00:28:dd:e5:61:f0:84:e2:cb:70:99:f6:20:85:
         ef:fb:6f:12:1f:41:f3:fe:58:85:c3:b3:c6:28:a5:e4:c9:e6:
         e7:fa:c9:41:c9:ac:57:40:13:85:b7:6d:41:39:1d:31:ed:e5:
         0f:b6:be:06:37:ca:a8:a2:7d:78:e7:ff:dd:cd:c7:7d:e8:05:
         fb:7c:d7:66:67:2d:a8:9c:fd:9f:1c:15:41:cb:ad:2c:06:ca:
         25:6c:04:72:2f:f8:ae:4b:a7:8a:88:7e:42:14:25:37:ef:f9:
         c6:71:ce:6e:c7:35:51:43:4d:b3:7d:11:24:b5:ea:1b:ee:9a:
         4e:dd:4c:f9:73:06:36:9d:27:73:47:e2:38:30:33:a9:43:86:
         d1:c9:89:cf:30:8f:0c:eb:c7:af:49:fb:50:96:73:0f:1e:c1:
         0e:fd:b6:1e:03:2b:41:3f:17:15:ae:ca:31:9e:2e:1c:3e:8f:
         1e:95:0e:96:4d:8f:9e:0d:9c:28:d3:1c:b2:da:b0:21:ea:e4:
         92:3b:ed:14:f5:e2:c6:8d:9e:b2:c3:b3:00:ba:dc:14:f0:ec:
         e1:8c:68:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5JGLuaq3rwXrw2W0oRBNJSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTIxMDU1MzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGI0OWMxYWE5NDgxZDU2M2NkNjYxY2FjZmJhNGEzMGYxY2QzYWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTAFiIC7nVMHHkFXMfxuusJ57St2
ewF1qtkaSg5ZHYBlwbQJUAezg3j3a0X2SrzfBDA69hkOkh24SBUXPjmF0Wh2fweq
vflFr4P7PaLTSlDvfjxlWKYzcanSHgYOpjPJhS5WR+psYGDW8sQxUKAbA4ruRYfE
UjDhTJ/DiZBssaSOciQxHJkE1tRJ+HiJpjCa9F0zLuVfc5MAdDY+ofgBkCkBgOnC
yPc3fnV82+mC2P61Ts4KfQG5j0rKJIorqYmPyV/2UUkMzugewXnQsQBpgOsW7+DX
C5ntMQCdEfsWc0b93YhNcma7KlSlY0uzTu/Xbx4jbRxHu6VFN/FF5rTPfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI20nBqpSB1WPNZhys+6SjDxzTrsMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvamJTY0dxbElIVlk4MW1IS3o3cEtNUEhOT3V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzo1AwQA
HzpjMA0GCSqGSIb3DQEBCwUAA4IBAQAD23OTcyAEf7uvQXyrK+WZboe8d5l1Dife
Z6M2ULAdSryEv2dwwon0ACjd5WHwhOLLcJn2IIXv+28SH0Hz/liFw7PGKKXkyebn
+slByaxXQBOFt21BOR0x7eUPtr4GN8qoon145//dzcd96AX7fNdmZy2onP2fHBVB
y60sBsolbARyL/iuS6eKiH5CFCU37/nGcc5uxzVRQ02zfREkteob7ppO3Uz5cwY2
nSdzR+I4MDOpQ4bRyYnPMI8M68evSftQlnMPHsEO/bYeAytBPxcVrsoxni4cPo8e
lQ6WTY+eDZwo0xyy2rAh6uSSO+0U9eLGjZ6yw7MAutwU8OzhjGi2
-----END CERTIFICATE-----