Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qd1r_hWaKcWr3bPhHwBODy9vdB4.roa
File:                     qd1r_hWaKcWr3bPhHwBODy9vdB4.roa (raw, json)
Hash identifier:          nOonY5Q/+UaL7Xq3JFzClvFcm5bdi8TdpsCRpYTrx6s=
Subject key identifier:   A9:DD:6B:FE:15:9A:29:C5:AB:DD:B3:E1:1F:00:4E:0F:2F:6F:74:1E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CD3B134E27E11FD3A793E3596C8DF2D8A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qd1r_hWaKcWr3bPhHwBODy9vdB4.roa
Signing time:             Mon 09 Mar 2026 17:42:11 +0000
ROA not before:           Mon 09 Mar 2026 17:42:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209372
IP address blocks:        31.58.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 18:49:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d3:b1:34:e2:7e:11:fd:3a:79:3e:35:96:c8:df:2d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  9 17:42:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9dd6bfe159a29c5abddb3e11f004e0f2f6f741e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2f:6e:86:b0:cb:30:5a:4e:e3:ec:92:39:b9:
                    87:b3:df:b2:cf:54:9c:31:4d:7b:78:91:6a:1d:bc:
                    62:b4:77:e4:5a:46:df:eb:46:73:91:a4:cd:e4:17:
                    96:1f:09:4e:86:af:04:38:76:4d:94:97:3e:c9:58:
                    0b:c9:67:52:24:1a:76:96:72:79:84:5a:cb:6d:85:
                    4b:a1:1b:46:a0:b4:fa:6f:33:6b:c1:3a:ee:67:61:
                    23:c7:53:5c:f6:7c:13:ec:0b:9c:76:64:85:fd:27:
                    53:79:38:ef:5b:b6:37:7f:a7:aa:9d:29:8a:2b:39:
                    58:40:54:83:c0:47:d6:29:97:81:b8:0b:93:43:42:
                    c8:cd:37:0a:3a:48:55:08:9b:de:a9:d9:a2:b1:ea:
                    01:65:3b:ce:68:38:33:e6:0b:b7:e5:f2:05:93:d7:
                    f7:c9:36:d2:88:4c:1a:36:19:14:b2:2b:89:06:7f:
                    57:76:77:06:9e:ed:b6:bc:7c:54:66:86:e5:aa:85:
                    f6:26:13:cf:be:88:30:d3:64:d7:c6:1a:da:fc:63:
                    14:9c:72:78:ac:e4:ed:bf:1f:02:cc:92:af:78:9c:
                    cc:2c:ab:c0:6a:14:be:96:9e:96:78:4c:eb:59:a2:
                    e2:8d:f0:55:c3:68:c3:70:44:fe:76:15:34:ba:c6:
                    c1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:DD:6B:FE:15:9A:29:C5:AB:DD:B3:E1:1F:00:4E:0F:2F:6F:74:1E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qd1r_hWaKcWr3bPhHwBODy9vdB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:20:8e:00:5e:0b:02:80:9e:10:ba:db:6e:28:8f:0e:70:3c:
         5f:c6:7c:7b:6d:66:79:15:e6:95:51:5b:27:30:5c:fe:01:73:
         f8:70:8b:bf:d2:6b:a3:12:15:1b:78:de:e7:44:84:c6:43:7c:
         09:73:77:85:2e:2e:d4:9d:f6:f5:c8:3d:57:a1:7b:e1:72:53:
         ab:54:c7:74:e1:07:79:25:6d:05:c9:d5:8c:fa:57:56:3c:0f:
         ef:74:00:d8:8b:ad:3d:5a:52:27:10:8d:2b:b4:cc:13:89:61:
         ab:5b:21:de:30:fe:53:25:f8:19:50:63:0a:f2:6e:46:ec:ce:
         42:fa:d7:d7:49:b8:01:53:d2:ca:b3:e9:0d:6d:6d:83:5b:00:
         64:db:6e:ef:de:f4:e7:6e:96:4a:f6:9c:97:03:f7:0c:2f:bf:
         7c:b0:31:ba:4e:08:13:2c:de:2a:94:e9:89:ff:c9:62:1c:cd:
         4c:0f:e6:75:2c:74:4c:d2:da:7b:a1:b6:4f:df:25:14:0b:95:
         68:fb:e4:ba:2f:a6:df:7e:35:55:b8:c7:8e:20:70:8d:94:7d:
         e6:75:86:ee:fd:cf:e1:77:e8:a9:07:db:5a:b1:78:72:9e:f4:
         c3:8c:cb:38:fc:01:21:53:ba:46:7e:c0:99:23:d4:25:ac:f4:
         7f:81:de:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzTsTTifhH9Onk+NZbI3y2KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzA5MTc0MjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWRkNmJmZTE1OWEyOWM1YWJkZGIzZTExZjAwNGUwZjJmNmY3NDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwi9uhrDLMFpO4+ySObmHs9+yz1Sc
MU17eJFqHbxitHfkWkbf60ZzkaTN5BeWHwlOhq8EOHZNlJc+yVgLyWdSJBp2lnJ5
hFrLbYVLoRtGoLT6bzNrwTruZ2Ejx1Nc9nwT7AucdmSF/SdTeTjvW7Y3f6eqnSmK
KzlYQFSDwEfWKZeBuAuTQ0LIzTcKOkhVCJveqdmiseoBZTvOaDgz5gu35fIFk9f3
yTbSiEwaNhkUsiuJBn9XdncGnu22vHxUZoblqoX2JhPPvogw02TXxhra/GMUnHJ4
rOTtvx8CzJKveJzMLKvAahS+lp6WeEzrWaLijfBVw2jDcET+dhU0usbBBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnda/4VminFq92z4R8ATg8vb3QeMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcWQxcl9oV2FLY1dyM2JQaEh3Qk9EeTl2ZEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzq0MA0G
CSqGSIb3DQEBCwUAA4IBAQBgII4AXgsCgJ4QuttuKI8OcDxfxnx7bWZ5FeaVUVsn
MFz+AXP4cIu/0mujEhUbeN7nRITGQ3wJc3eFLi7Unfb1yD1XoXvhclOrVMd04Qd5
JW0FydWM+ldWPA/vdADYi609WlInEI0rtMwTiWGrWyHeMP5TJfgZUGMK8m5G7M5C
+tfXSbgBU9LKs+kNbW2DWwBk227v3vTnbpZK9pyXA/cML798sDG6TggTLN4qlOmJ
/8liHM1MD+Z1LHRM0tp7obZP3yUUC5Vo++S6L6bffjVVuMeOIHCNlH3mdYbu/c/h
d+ipB9tasXhynvTDjMs4/AEhU7pGfsCZI9QlrPR/gd5n
-----END CERTIFICATE-----