Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4Hte4iGPi7Jl_J6NoEXyOzk0r5Q.roa
File:                     4Hte4iGPi7Jl_J6NoEXyOzk0r5Q.roa (raw, json)
Hash identifier:          BE8yPAycoJ7dfNqQf0gTiArOAjI/vA544gcKLLyC+GM=
Subject key identifier:   E0:7B:5E:E2:21:8F:8B:B2:65:FC:9E:8D:A0:45:F2:3B:39:34:AF:94
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E08D1F6ED7F877B4D0E5012B681BD5898
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4Hte4iGPi7Jl_J6NoEXyOzk0r5Q.roa
Signing time:             Fri 08 May 2026 18:20:38 +0000
ROA not before:           Fri 08 May 2026 18:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153671
IP address blocks:        31.58.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:08:d1:f6:ed:7f:87:7b:4d:0e:50:12:b6:81:bd:58:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  8 18:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e07b5ee2218f8bb265fc9e8da045f23b3934af94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:35:90:c4:74:bd:fb:6f:24:ac:f0:5d:4c:96:
                    37:bf:8a:20:1a:14:57:f9:d6:cf:eb:2a:af:53:ca:
                    21:e2:8a:e8:e2:d0:c3:33:f9:c8:ba:b6:46:86:10:
                    47:00:44:b1:e2:12:39:c4:b3:f9:76:46:2b:06:a0:
                    2e:85:92:25:83:b2:d8:ab:16:96:c0:50:8a:61:39:
                    48:08:e8:f9:c4:5d:6b:cd:39:6e:22:30:12:e2:3d:
                    68:ee:54:d0:90:13:cb:49:6b:dc:dd:1c:a0:8e:e7:
                    06:3d:80:f9:b7:02:af:27:09:7b:e6:7b:65:04:bd:
                    f8:1e:a0:9f:61:9d:82:41:d9:5e:c5:26:58:39:b1:
                    2c:5a:05:7c:8e:ee:2d:7a:8b:41:b8:36:70:88:ad:
                    93:b1:bd:9b:a6:d0:51:41:b9:30:69:14:b0:9e:7e:
                    54:3d:c7:a8:f8:27:18:f7:3c:46:00:c3:10:99:9a:
                    97:84:96:7a:f0:58:df:c5:79:a9:8b:34:a3:fd:54:
                    dc:f0:22:23:cf:95:5e:40:70:49:56:1d:df:46:04:
                    21:ae:57:cd:04:b3:15:92:49:54:96:8b:1c:09:c6:
                    16:8f:b9:5c:6c:2c:4c:03:97:46:67:50:c1:af:83:
                    31:22:5b:a7:33:36:75:94:e3:7d:a8:34:f0:4d:0c:
                    23:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:7B:5E:E2:21:8F:8B:B2:65:FC:9E:8D:A0:45:F2:3B:39:34:AF:94
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4Hte4iGPi7Jl_J6NoEXyOzk0r5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:80:53:32:ab:e0:e7:46:d3:36:52:e0:3c:e8:56:6d:d9:45:
         d6:a7:66:c1:46:ec:3e:13:d2:18:a3:83:a3:a6:26:65:19:3d:
         b3:e8:30:43:42:2f:3d:d9:de:e9:d2:c9:d2:44:41:71:30:c6:
         3d:84:51:d7:ae:03:99:64:a2:8d:af:4b:91:b1:5e:fd:34:5a:
         02:35:8b:c7:52:2a:ea:e4:b1:cc:09:ff:27:8b:c2:26:ed:be:
         6a:12:6f:fe:ff:43:5b:45:fe:86:82:62:0e:b9:ae:bb:ea:35:
         0e:67:71:75:d5:c9:06:dc:46:36:86:23:bd:5e:48:d1:95:48:
         61:3e:a6:5f:47:de:40:f1:ae:6d:ed:32:22:81:6a:fe:47:da:
         c8:87:8a:32:bd:39:a8:78:73:0b:3a:16:67:87:ff:72:b7:13:
         d4:84:bd:eb:56:6b:b4:24:d2:e2:3c:c6:31:41:5b:87:08:50:
         e9:aa:66:d9:45:f2:ad:02:cc:a2:a5:3e:a9:c2:0c:49:6c:3b:
         a2:b4:3c:70:86:c8:8e:d2:3e:f0:43:46:8a:84:fb:00:af:3a:
         82:a3:e3:da:bc:a7:d3:76:4b:c0:12:5e:a8:55:f2:7a:e5:51:
         e9:63:bb:1f:27:4d:af:1c:39:97:d3:2c:6f:8b:94:d5:c8:2a:
         fc:09:e7:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4I0fbtf4d7TQ5QEraBvViYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTA4MTgyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDdiNWVlMjIxOGY4YmIyNjVmYzllOGRhMDQ1ZjIzYjM5MzRhZjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzWQxHS9+28krPBdTJY3v4ogGhRX
+dbP6yqvU8oh4oro4tDDM/nIurZGhhBHAESx4hI5xLP5dkYrBqAuhZIlg7LYqxaW
wFCKYTlICOj5xF1rzTluIjAS4j1o7lTQkBPLSWvc3RygjucGPYD5twKvJwl75ntl
BL34HqCfYZ2CQdlexSZYObEsWgV8ju4teotBuDZwiK2Tsb2bptBRQbkwaRSwnn5U
Pceo+CcY9zxGAMMQmZqXhJZ68FjfxXmpizSj/VTc8CIjz5VeQHBJVh3fRgQhrlfN
BLMVkklUloscCcYWj7lcbCxMA5dGZ1DBr4MxIlunMzZ1lON9qDTwTQwjIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOB7XuIhj4uyZfyejaBF8js5NK+UMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNEh0ZTRpR1BpN0psX0o2Tm9FWHlPemswcjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzolMA0G
CSqGSIb3DQEBCwUAA4IBAQARgFMyq+DnRtM2UuA86FZt2UXWp2bBRuw+E9IYo4Oj
piZlGT2z6DBDQi892d7p0snSREFxMMY9hFHXrgOZZKKNr0uRsV79NFoCNYvHUirq
5LHMCf8ni8Im7b5qEm/+/0NbRf6GgmIOua676jUOZ3F11ckG3EY2hiO9XkjRlUhh
PqZfR95A8a5t7TIigWr+R9rIh4oyvTmoeHMLOhZnh/9ytxPUhL3rVmu0JNLiPMYx
QVuHCFDpqmbZRfKtAsyipT6pwgxJbDuitDxwhsiO0j7wQ0aKhPsArzqCo+PavKfT
dkvAEl6oVfJ65VHpY7sfJ02vHDmX0yxvi5TVyCr8Cecf
-----END CERTIFICATE-----