Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rRZgodbGr336ReJLAXvt3uvdqIs.roa
File:                     rRZgodbGr336ReJLAXvt3uvdqIs.roa (raw, json)
Hash identifier:          SVGgGqD/YBd1crVj7rY9N+X7gs9hVaIOo+lmAW04j0s=
Subject key identifier:   AD:16:60:A1:D6:C6:AF:7D:FA:45:E2:4B:01:7B:ED:DE:EB:DD:A8:8B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DB5A90D07112BD035B5A46D851A80E7EB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rRZgodbGr336ReJLAXvt3uvdqIs.roa
Signing time:             Wed 22 Apr 2026 14:47:28 +0000
ROA not before:           Wed 22 Apr 2026 14:47:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153671
IP address blocks:        31.58.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 05:39:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:a9:0d:07:11:2b:d0:35:b5:a4:6d:85:1a:80:e7:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 22 14:47:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad1660a1d6c6af7dfa45e24b017beddeebdda88b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e1:b0:23:af:65:7b:e1:b7:f2:35:99:bd:6b:
                    5e:cc:37:b6:88:c9:6b:96:72:b1:e7:6c:4e:55:d7:
                    7f:92:09:22:6e:0b:88:36:8e:31:f1:da:94:5b:48:
                    77:bc:74:9a:2b:c4:06:87:7a:c9:9c:01:e7:fc:67:
                    80:8d:7c:cd:23:53:f3:69:09:b9:fa:df:a9:7b:f7:
                    7a:de:38:55:4f:5a:11:cf:09:ce:fb:53:a8:ef:cb:
                    84:70:bc:bb:e5:64:63:8c:e0:80:65:28:50:ba:45:
                    4e:c2:85:f4:64:e3:f2:21:59:d8:51:62:7d:30:0c:
                    e5:08:12:a1:68:58:35:fb:6f:21:d9:c8:da:e8:a8:
                    c4:63:eb:41:91:51:b4:78:bc:96:04:e7:8e:12:18:
                    60:3c:a4:80:fb:a8:24:d1:8d:2e:9b:ab:2b:7c:06:
                    13:68:89:e1:86:4a:ca:f1:65:c0:b5:55:bb:15:22:
                    43:d6:28:65:94:7e:f1:6d:6c:df:c6:8b:38:25:c0:
                    8b:b0:11:ad:43:cf:2f:69:66:67:55:de:9e:4b:d0:
                    0d:b0:3a:05:87:66:9e:71:19:a3:26:e1:ef:61:ec:
                    d8:e7:71:70:8d:f8:09:60:2d:8c:a9:de:61:44:38:
                    43:38:8a:94:be:5e:1f:bb:38:23:69:de:5a:82:87:
                    04:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:16:60:A1:D6:C6:AF:7D:FA:45:E2:4B:01:7B:ED:DE:EB:DD:A8:8B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rRZgodbGr336ReJLAXvt3uvdqIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:40:b9:29:89:8a:ac:0c:5d:a6:54:60:ff:f7:79:a9:ad:54:
         af:df:ed:65:88:16:9d:56:10:04:eb:16:c1:12:56:58:c1:8a:
         10:64:6c:76:27:89:65:a3:22:b5:4c:80:49:97:1d:49:43:29:
         78:6a:c9:86:d5:a8:e3:26:26:55:ae:f6:d3:3b:dd:de:d6:61:
         10:04:7a:08:05:da:fa:f5:f1:85:b9:65:38:5b:cb:6f:32:f2:
         3f:fa:96:e9:46:d2:c2:e4:b6:e9:e4:78:47:c3:34:5b:eb:12:
         f2:5e:d6:ef:b1:8f:90:27:86:17:51:47:e1:b7:4d:80:34:a5:
         54:67:76:d1:fd:60:7a:fd:a2:17:0e:06:3d:54:19:71:fd:1a:
         f5:8d:6b:a1:3f:c5:37:fb:d0:fa:96:b6:23:ce:e8:6c:aa:17:
         b0:32:f1:09:d9:23:e6:10:64:c8:89:6f:77:02:e4:1e:d1:e8:
         1e:10:47:1f:bd:77:e4:99:0d:ec:9c:03:fb:32:c5:b5:96:cf:
         59:5e:ad:3c:cf:0b:a1:b9:bd:46:b0:36:81:e5:6d:a1:d1:67:
         8d:69:c2:c3:f9:fa:40:d2:aa:97:ae:ef:82:fa:e3:2c:49:c3:
         c5:9b:19:81:00:3f:ae:40:55:15:cf:8a:d0:f5:3c:4d:65:2a:
         7f:d6:c5:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ21qQ0HESvQNbWkbYUagOfrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDIyMTQ0NzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDE2NjBhMWQ2YzZhZjdkZmE0NWUyNGIwMTdiZWRkZWViZGRhODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOGwI69le+G38jWZvWtezDe2iMlr
lnKx52xOVdd/kgkibguINo4x8dqUW0h3vHSaK8QGh3rJnAHn/GeAjXzNI1PzaQm5
+t+pe/d63jhVT1oRzwnO+1Oo78uEcLy75WRjjOCAZShQukVOwoX0ZOPyIVnYUWJ9
MAzlCBKhaFg1+28h2cja6KjEY+tBkVG0eLyWBOeOEhhgPKSA+6gk0Y0um6srfAYT
aInhhkrK8WXAtVW7FSJD1ihllH7xbWzfxos4JcCLsBGtQ88vaWZnVd6eS9ANsDoF
h2aecRmjJuHvYezY53FwjfgJYC2Mqd5hRDhDOIqUvl4fuzgjad5agocEUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0WYKHWxq99+kXiSwF77d7r3aiLMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvclJaZ29kYkdyMzM2UmVKTEFYdnQzdXZkcUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzolMA0G
CSqGSIb3DQEBCwUAA4IBAQCSQLkpiYqsDF2mVGD/93mprVSv3+1liBadVhAE6xbB
ElZYwYoQZGx2J4lloyK1TIBJlx1JQyl4asmG1ajjJiZVrvbTO93e1mEQBHoIBdr6
9fGFuWU4W8tvMvI/+pbpRtLC5Lbp5HhHwzRb6xLyXtbvsY+QJ4YXUUfht02ANKVU
Z3bR/WB6/aIXDgY9VBlx/Rr1jWuhP8U3+9D6lrYjzuhsqhewMvEJ2SPmEGTIiW93
AuQe0egeEEcfvXfkmQ3snAP7MsW1ls9ZXq08zwuhub1GsDaB5W2h0WeNacLD+fpA
0qqXru+C+uMsScPFmxmBAD+uQFUVz4rQ9TxNZSp/1sV6
-----END CERTIFICATE-----