Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vbi8ZA4GDIAQ4Df0SJVjNlKULVw.roa
File:                     vbi8ZA4GDIAQ4Df0SJVjNlKULVw.roa (raw, json)
Hash identifier:          +pmOD0aOrB/QiGjSAN6ma7MjaFL70b+OMNapVpBpsgc=
Subject key identifier:   BD:B8:BC:64:0E:06:0C:80:10:E0:37:F4:48:95:63:36:52:94:2D:5C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E682CAC50B07E89575E8F49BFD2A53CE1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vbi8ZA4GDIAQ4Df0SJVjNlKULVw.roa
Signing time:             Wed 27 May 2026 06:43:38 +0000
ROA not before:           Wed 27 May 2026 06:43:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        31.58.103.0/24 maxlen: 24
                          31.59.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:2c:ac:50:b0:7e:89:57:5e:8f:49:bf:d2:a5:3c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 27 06:43:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdb8bc640e060c8010e037f44895633652942d5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ec:53:a3:4c:66:bb:77:5f:da:9e:e3:d0:17:
                    0d:aa:14:5f:f7:d0:6d:8a:93:29:a5:bb:2b:9d:1c:
                    ea:81:46:b3:42:8b:a3:40:f6:d0:09:52:bb:ea:10:
                    26:05:88:eb:68:ce:b2:93:b5:33:27:c6:50:a1:ac:
                    dd:cf:55:75:7d:10:3a:97:6f:bd:63:34:77:b7:9a:
                    8f:5f:3d:f9:af:b0:0e:64:3a:b0:32:43:b3:aa:8f:
                    30:6f:47:94:82:b0:df:85:a6:56:59:b5:73:9c:95:
                    cd:41:2f:96:a1:35:80:e6:2c:a4:d0:3e:e0:40:f6:
                    72:a2:85:39:f5:03:05:2a:cb:37:bf:b8:b3:db:ec:
                    1f:c5:d7:42:7a:00:90:7f:70:12:1d:d4:e4:04:c2:
                    c2:66:e3:b4:c7:70:25:b3:04:3b:24:b1:e4:ae:ef:
                    71:87:77:48:89:51:48:ed:5d:6c:cb:a1:b8:57:f6:
                    92:72:e7:c5:9f:d4:5a:97:78:81:45:b1:b9:65:ca:
                    6b:57:c5:94:15:4a:75:16:f5:6f:3f:a2:ad:ad:b7:
                    fe:57:ff:f9:02:5e:0a:db:ff:78:6a:32:07:5b:7a:
                    83:25:ac:83:94:f1:6a:66:d6:4e:bc:49:9d:24:5b:
                    47:11:fe:a5:7a:98:09:e9:d6:2a:1c:c7:ad:5f:bd:
                    79:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:B8:BC:64:0E:06:0C:80:10:E0:37:F4:48:95:63:36:52:94:2D:5C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vbi8ZA4GDIAQ4Df0SJVjNlKULVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.103.0/24
                  31.59.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:d5:7d:1d:28:a3:e4:61:ef:7c:de:92:b2:3b:5f:80:eb:29:
         f3:9f:e1:cd:c1:a3:ea:9a:88:8a:6e:19:0b:46:93:ca:6e:87:
         eb:2b:45:95:f1:7b:c5:35:1c:47:5c:62:84:cc:ec:f8:ea:ab:
         dd:ff:42:e2:3e:e9:69:f8:24:65:2d:f4:b5:05:45:7e:53:a4:
         b6:bc:e4:01:64:04:ee:75:de:23:6c:8c:28:dd:25:7d:39:a9:
         8c:ce:8d:f2:bd:b9:3b:f1:d4:96:fa:c9:50:1e:a0:8d:cc:ef:
         27:a9:5f:aa:71:fb:6a:aa:81:8b:09:71:ea:fe:d2:7b:ea:cb:
         11:6f:78:42:38:3a:0b:8b:f2:77:28:4e:fb:f0:96:ea:5e:b7:
         4b:40:a8:01:9d:10:07:67:02:fe:35:4f:e2:9d:08:4b:94:19:
         43:2e:56:a1:0a:dc:d4:fe:5d:f5:d3:59:24:de:ce:27:17:ab:
         5e:d6:be:dd:35:23:b8:7e:e1:44:15:e1:8c:b9:d2:4c:a2:b2:
         f3:eb:05:68:da:e9:45:67:b6:c8:85:92:37:e5:06:7d:d7:e6:
         df:e0:42:2a:c8:47:6e:18:f3:3b:7e:d8:20:3b:76:ec:dc:01:
         72:9e:b9:d3:b4:20:4b:5b:2b:ea:4c:24:ab:02:1d:ea:fd:25:
         09:53:90:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5oLKxQsH6JV16PSb/SpTzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTI3MDY0MzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGI4YmM2NDBlMDYwYzgwMTBlMDM3ZjQ0ODk1NjMzNjUyOTQyZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqexTo0xmu3df2p7j0BcNqhRf99Bt
ipMppbsrnRzqgUazQoujQPbQCVK76hAmBYjraM6yk7UzJ8ZQoazdz1V1fRA6l2+9
YzR3t5qPXz35r7AOZDqwMkOzqo8wb0eUgrDfhaZWWbVznJXNQS+WoTWA5iyk0D7g
QPZyooU59QMFKss3v7iz2+wfxddCegCQf3ASHdTkBMLCZuO0x3AlswQ7JLHkru9x
h3dIiVFI7V1sy6G4V/aScufFn9Ral3iBRbG5ZcprV8WUFUp1FvVvP6Ktrbf+V//5
Al4K2/94ajIHW3qDJayDlPFqZtZOvEmdJFtHEf6lepgJ6dYqHMetX7154QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL24vGQOBgyAEOA39EiVYzZSlC1cMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdmJpOFpBNEdESUFRNERmMFNKVmpObEtVTFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzpnAwQA
HztuMA0GCSqGSIb3DQEBCwUAA4IBAQAc1X0dKKPkYe983pKyO1+A6ynzn+HNwaPq
moiKbhkLRpPKbofrK0WV8XvFNRxHXGKEzOz46qvd/0LiPulp+CRlLfS1BUV+U6S2
vOQBZATudd4jbIwo3SV9OamMzo3yvbk78dSW+slQHqCNzO8nqV+qcftqqoGLCXHq
/tJ76ssRb3hCODoLi/J3KE778JbqXrdLQKgBnRAHZwL+NU/inQhLlBlDLlahCtzU
/l3101kk3s4nF6te1r7dNSO4fuFEFeGMudJMorLz6wVo2ulFZ7bIhZI35QZ91+bf
4EIqyEduGPM7ftggO3bs3AFynrnTtCBLWyvqTCSrAh3q/SUJU5Bg
-----END CERTIFICATE-----