Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/o89XiukQhvWvHFFPDLgcq58GsWA.roa
File:                     o89XiukQhvWvHFFPDLgcq58GsWA.roa (raw, json)
Hash identifier:          cPCdys2VIcQa2veVMICRzgoIsSyUgZ39Agwm0PR2Nrw=
Subject key identifier:   A3:CF:57:8A:E9:10:86:F5:AF:1C:51:4F:0C:B8:1C:AB:9F:06:B1:60
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EDAC9A9C7BAFFE07B9E2749F9FFCACD3B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/o89XiukQhvWvHFFPDLgcq58GsWA.roa
Signing time:             Thu 18 Jun 2026 12:51:49 +0000
ROA not before:           Thu 18 Jun 2026 12:51:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        31.58.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Jun 2026 19:58:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:c9:a9:c7:ba:ff:e0:7b:9e:27:49:f9:ff:ca:cd:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 18 12:51:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3cf578ae91086f5af1c514f0cb81cab9f06b160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f1:e2:b8:8b:df:10:72:78:9c:7c:0f:be:88:
                    04:5e:2e:e8:eb:45:88:a3:d8:08:46:d3:4e:24:5c:
                    67:31:9d:d0:9e:1f:8c:c8:3d:2e:99:68:f8:fe:35:
                    30:65:98:08:4b:e9:7e:d7:07:e8:70:69:9b:a2:71:
                    a6:e4:41:86:51:c0:42:38:4d:ce:62:6d:a6:2a:73:
                    b6:27:6d:8e:8a:69:b6:0e:e0:0e:6a:08:68:3d:11:
                    99:ce:cb:5a:40:9a:cc:27:af:d2:d5:07:31:9e:86:
                    4a:a7:9b:90:a9:c2:83:7c:d9:6b:fd:8a:69:db:e5:
                    3e:61:75:c7:8e:be:2a:1c:87:ab:a3:8d:df:25:aa:
                    82:2a:59:1f:6e:ed:56:85:5b:43:ce:ff:bd:f2:49:
                    c4:04:cf:c4:5d:7f:21:94:93:bd:45:9d:0b:18:76:
                    19:81:78:1f:b4:66:c6:f6:ee:b1:bf:d6:c6:e0:40:
                    83:4d:57:59:13:b5:fa:07:3a:ad:c2:41:1d:8a:72:
                    5d:7a:63:ee:9c:02:52:79:d6:1d:3a:3e:67:9a:c0:
                    ac:6b:62:ed:ee:2e:ac:2a:be:89:57:c9:6d:eb:59:
                    63:42:35:6c:b2:dc:7a:3a:7c:1f:b9:14:ed:c7:68:
                    97:da:de:46:98:62:fa:35:12:9a:ce:7d:14:8d:50:
                    0e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CF:57:8A:E9:10:86:F5:AF:1C:51:4F:0C:B8:1C:AB:9F:06:B1:60
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/o89XiukQhvWvHFFPDLgcq58GsWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:7a:1b:f4:1b:86:d4:36:db:4a:3a:df:b4:17:58:a0:13:7e:
         2b:6b:3c:c1:0e:40:5c:12:b9:e7:82:11:2f:b7:f1:97:4f:5f:
         d1:9e:91:a5:5a:a4:2a:fc:7e:98:87:10:1f:c3:08:cc:df:a6:
         64:db:44:76:bb:3d:6e:69:96:58:ed:c2:96:ca:5e:df:33:f1:
         5c:41:d3:cf:41:ac:91:0b:28:8e:69:7f:22:af:9b:df:09:58:
         f8:c7:a1:be:63:92:b3:b2:f1:d6:0b:73:c8:07:ad:7d:37:48:
         e7:c0:46:59:73:6c:ac:ff:19:0b:6d:de:e4:74:6a:2e:33:2e:
         20:0a:c1:38:74:56:5c:0d:17:ef:e8:48:5c:c7:1a:69:06:75:
         98:7c:f1:e1:0e:f7:d2:4a:9b:d8:1f:eb:95:ab:b0:61:44:d1:
         8b:1f:40:d4:de:5f:82:f4:10:97:92:89:b5:12:e7:7e:f9:35:
         3a:a9:1b:f5:d4:04:7e:a8:42:d4:dd:ea:47:94:9d:a2:b3:71:
         7b:ce:16:73:e4:00:ce:67:1a:e0:e5:98:7e:32:eb:ac:ab:68:
         da:dc:e4:9f:02:4a:e2:7e:15:be:1f:a9:1e:04:dc:35:49:b2:
         c5:1f:4f:17:f7:e7:b1:25:61:f9:c9:c6:06:15:e8:71:42:d1:
         0e:b1:db:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7ayanHuv/ge54nSfn/ys07MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjE4MTI1MTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NmNTc4YWU5MTA4NmY1YWYxYzUxNGYwY2I4MWNhYjlmMDZiMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/HiuIvfEHJ4nHwPvogEXi7o60WI
o9gIRtNOJFxnMZ3Qnh+MyD0umWj4/jUwZZgIS+l+1wfocGmbonGm5EGGUcBCOE3O
Ym2mKnO2J22Oimm2DuAOaghoPRGZzstaQJrMJ6/S1QcxnoZKp5uQqcKDfNlr/Ypp
2+U+YXXHjr4qHIero43fJaqCKlkfbu1WhVtDzv+98knEBM/EXX8hlJO9RZ0LGHYZ
gXgftGbG9u6xv9bG4ECDTVdZE7X6BzqtwkEdinJdemPunAJSedYdOj5nmsCsa2Lt
7i6sKr6JV8lt61ljQjVsstx6OnwfuRTtx2iX2t5GmGL6NRKazn0UjVAO1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPPV4rpEIb1rxxRTwy4HKufBrFgMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbzg5WGl1a1Fodld2SEZGUERMZ2NxNThHc1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzpgMA0G
CSqGSIb3DQEBCwUAA4IBAQCZehv0G4bUNttKOt+0F1igE34razzBDkBcErnnghEv
t/GXT1/RnpGlWqQq/H6YhxAfwwjM36Zk20R2uz1uaZZY7cKWyl7fM/FcQdPPQayR
CyiOaX8ir5vfCVj4x6G+Y5KzsvHWC3PIB619N0jnwEZZc2ys/xkLbd7kdGouMy4g
CsE4dFZcDRfv6EhcxxppBnWYfPHhDvfSSpvYH+uVq7BhRNGLH0DU3l+C9BCXkom1
Eud++TU6qRv11AR+qELU3epHlJ2is3F7zhZz5ADOZxrg5Zh+Muusq2ja3OSfAkri
fhW+H6keBNw1SbLFH08X9+exJWH5ycYGFehxQtEOsdsr
-----END CERTIFICATE-----