Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5WQYQqd9uBTcrvO4jlwIBVQS7wM.roa
File:                     5WQYQqd9uBTcrvO4jlwIBVQS7wM.roa (raw, json)
Hash identifier:          PNMQdGX+DVzNAW8jgEkXjoOzG38+sJmbh5PhrNJBhzM=
Subject key identifier:   E5:64:18:42:A7:7D:B8:14:DC:AE:F3:B8:8E:5C:08:05:54:12:EF:03
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E03023A20C458211AE958B4FB5AB17D4F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5WQYQqd9uBTcrvO4jlwIBVQS7wM.roa
Signing time:             Thu 07 May 2026 15:15:38 +0000
ROA not before:           Thu 07 May 2026 15:15:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153717
IP address blocks:        31.58.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:03:02:3a:20:c4:58:21:1a:e9:58:b4:fb:5a:b1:7d:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  7 15:15:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5641842a77db814dcaef3b88e5c08055412ef03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:dd:70:05:b3:a5:57:ff:8b:47:5f:b0:06:a7:
                    15:84:e2:57:c1:47:c0:9f:b3:33:c1:41:b4:f5:9f:
                    b8:d5:7c:78:0d:d5:9a:08:5a:e1:f4:2d:57:63:68:
                    b4:0e:3f:cd:69:ea:2e:49:d4:de:ac:9c:9d:95:ea:
                    16:7b:de:7d:90:75:b7:91:64:3f:75:74:8f:e0:66:
                    ad:c0:5f:c1:fe:00:fa:28:24:65:21:0f:3f:9a:34:
                    4a:96:73:0e:c6:61:b0:04:48:3d:70:21:ce:e0:d0:
                    03:39:d5:a0:60:93:14:20:e0:44:ad:ed:6c:0c:91:
                    94:86:a7:d0:29:36:42:46:be:da:af:5c:d6:38:b6:
                    b3:7a:64:b1:a0:3a:9d:ec:28:31:48:63:40:5f:84:
                    96:b1:81:f3:2a:d1:b5:4a:00:24:4d:62:01:11:14:
                    ee:22:c1:e6:b0:bf:2d:52:06:53:b0:e9:cb:a5:ff:
                    f6:ea:fa:92:25:f1:7e:97:e1:ee:37:a6:a1:63:a3:
                    d6:65:b0:18:5d:a1:1e:6a:45:b1:97:1a:d5:36:69:
                    a9:0c:ab:68:ef:f8:35:ae:0a:e5:b2:c3:f6:19:b7:
                    b0:78:82:5b:11:68:11:1b:68:c6:b6:e8:5a:2d:21:
                    6c:9d:87:49:32:1b:7a:18:6f:b0:80:e3:b1:fa:54:
                    27:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:64:18:42:A7:7D:B8:14:DC:AE:F3:B8:8E:5C:08:05:54:12:EF:03
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5WQYQqd9uBTcrvO4jlwIBVQS7wM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:ba:2f:4f:97:28:1d:65:94:0d:ca:03:50:d0:fe:9d:47:2d:
         ae:3e:b0:70:f4:f6:ce:4b:db:c5:b0:0e:62:f9:ef:c1:1d:a9:
         c8:d2:93:36:3f:74:8a:26:3a:7c:d1:cd:0b:c1:2b:dd:30:f8:
         5e:0e:98:6c:f8:db:43:49:87:09:a8:a3:74:23:d0:a3:f4:54:
         03:8b:31:5b:62:70:d2:cb:05:f2:98:16:4d:aa:d3:97:2c:e0:
         5d:a1:b2:f7:2d:fb:d7:e4:0e:67:db:1a:c0:d0:03:83:c2:b2:
         68:61:19:e8:84:71:2f:db:55:74:32:2c:e9:2a:45:32:7d:ec:
         7f:6e:b3:66:77:4c:a9:d0:12:bc:39:b6:88:d3:fe:36:66:6f:
         50:8a:18:ae:d9:50:2e:c9:55:7a:28:4a:ef:42:a0:12:f9:45:
         8d:43:c1:14:a5:57:a4:21:aa:cd:6a:bf:76:71:fa:0f:09:b8:
         21:f2:2a:0c:12:45:23:aa:6b:89:3a:41:37:02:76:86:97:76:
         21:d4:49:9f:e9:23:d2:8a:27:81:1d:a0:77:60:57:f3:90:bb:
         54:ed:22:0d:78:e9:ff:74:7d:56:0b:8d:c1:05:63:25:da:3d:
         fa:17:d2:be:42:c6:fd:cd:a2:ce:4c:98:0f:66:a7:d9:01:56:
         41:0e:63:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4DAjogxFghGulYtPtasX1PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTA3MTUxNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTY0MTg0MmE3N2RiODE0ZGNhZWYzYjg4ZTVjMDgwNTU0MTJlZjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx91wBbOlV/+LR1+wBqcVhOJXwUfA
n7MzwUG09Z+41Xx4DdWaCFrh9C1XY2i0Dj/NaeouSdTerJydleoWe959kHW3kWQ/
dXSP4GatwF/B/gD6KCRlIQ8/mjRKlnMOxmGwBEg9cCHO4NADOdWgYJMUIOBEre1s
DJGUhqfQKTZCRr7ar1zWOLazemSxoDqd7CgxSGNAX4SWsYHzKtG1SgAkTWIBERTu
IsHmsL8tUgZTsOnLpf/26vqSJfF+l+HuN6ahY6PWZbAYXaEeakWxlxrVNmmpDKto
7/g1rgrlssP2GbeweIJbEWgRG2jGtuhaLSFsnYdJMht6GG+wgOOx+lQnZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVkGEKnfbgU3K7zuI5cCAVUEu8DMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNVdRWVFxZDl1QlRjcnZPNGpsd0lCVlFTN3dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzo7MA0G
CSqGSIb3DQEBCwUAA4IBAQBaui9PlygdZZQNygNQ0P6dRy2uPrBw9PbOS9vFsA5i
+e/BHanI0pM2P3SKJjp80c0LwSvdMPheDphs+NtDSYcJqKN0I9Cj9FQDizFbYnDS
ywXymBZNqtOXLOBdobL3LfvX5A5n2xrA0AODwrJoYRnohHEv21V0MizpKkUyfex/
brNmd0yp0BK8ObaI0/42Zm9Qihiu2VAuyVV6KErvQqAS+UWNQ8EUpVekIarNar92
cfoPCbgh8ioMEkUjqmuJOkE3AnaGl3Yh1Emf6SPSiieBHaB3YFfzkLtU7SINeOn/
dH1WC43BBWMl2j36F9K+Qsb9zaLOTJgPZqfZAVZBDmNk
-----END CERTIFICATE-----