Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AemOUmN4IQVAeuaMA39wdb9x1uQ.roa
File:                     AemOUmN4IQVAeuaMA39wdb9x1uQ.roa (raw, json)
Hash identifier:          vv99IKTZbYUTomuYvm7DobmeW6dSsXlxm7Wfebq5HPU=
Subject key identifier:   01:E9:8E:52:63:78:21:05:40:7A:E6:8C:03:7F:70:75:BF:71:D6:E4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E0D6B5405CCF9DCF9FC5EF0C5FC8494F6
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AemOUmN4IQVAeuaMA39wdb9x1uQ.roa
Signing time:             Sat 09 May 2026 15:46:38 +0000
ROA not before:           Sat 09 May 2026 15:46:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        31.58.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0d:6b:54:05:cc:f9:dc:f9:fc:5e:f0:c5:fc:84:94:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  9 15:46:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01e98e5263782105407ae68c037f7075bf71d6e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c9:4b:d5:1c:3f:96:4f:48:71:ff:92:e6:65:
                    ea:32:d5:ae:a6:21:5d:c5:76:37:63:e3:f7:ff:e0:
                    a3:2c:85:89:ac:fc:9e:f2:b8:d6:58:da:45:bb:b0:
                    bd:da:11:a3:b7:b8:7e:42:d6:82:16:bf:63:b0:03:
                    58:03:1d:60:0e:6f:d0:0a:d2:62:e8:81:b2:85:c6:
                    fc:c0:f4:0e:d1:55:22:a8:b8:b8:80:7c:6a:bc:e0:
                    a9:8e:0a:44:98:85:f9:e3:ac:66:2a:72:e2:2f:86:
                    28:51:ca:14:5d:59:d6:7c:da:23:00:65:7b:a0:00:
                    47:d0:79:89:39:1c:df:22:72:be:94:b4:35:55:ca:
                    db:32:8c:43:cd:4f:f2:7c:e8:e0:ce:3f:50:8e:42:
                    f8:47:a4:f9:6f:be:e1:f4:46:1a:38:17:39:40:72:
                    39:b2:80:b1:03:c5:7c:6a:93:47:53:8a:3a:7b:ea:
                    4c:ef:6f:b6:0c:03:97:11:19:91:57:af:5a:3b:ed:
                    42:82:61:c2:3e:58:ae:05:98:53:50:44:eb:54:dd:
                    a3:3b:02:c6:39:da:7f:b3:de:ef:62:79:ba:de:4b:
                    38:d8:78:b6:04:14:1e:d4:1c:b1:10:ae:b9:99:67:
                    46:0d:d4:c0:2e:43:bb:af:c9:9a:ef:d1:14:db:33:
                    7c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:E9:8E:52:63:78:21:05:40:7A:E6:8C:03:7F:70:75:BF:71:D6:E4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AemOUmN4IQVAeuaMA39wdb9x1uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:59:7e:c3:1f:98:c9:c8:4c:f5:50:5d:38:e1:1a:eb:49:b8:
         ab:74:97:f6:f3:eb:15:a8:46:0c:75:3d:14:08:b4:7e:08:c2:
         7c:c5:ee:7e:4a:54:29:6c:fa:ea:bf:bf:10:92:5b:78:e3:ba:
         f4:e8:0e:3f:ba:d3:2d:c3:89:55:92:de:c6:ce:48:ef:9d:d4:
         c4:84:ac:56:fa:29:b8:35:1d:89:fb:3c:1f:95:fc:eb:0d:65:
         05:0d:74:d1:82:6e:e0:7d:be:17:58:88:ff:07:4e:ae:ba:b7:
         f0:73:f3:dd:de:7a:6f:d4:95:b5:e0:d8:e1:15:d6:7d:bd:78:
         4a:47:53:85:70:e6:d2:02:76:6b:74:c7:23:42:6e:72:71:b8:
         af:52:29:06:8b:1c:11:7a:12:b0:50:48:02:4a:1c:62:47:58:
         8d:aa:f6:99:7b:8d:b5:73:8c:1f:39:f2:17:c5:34:be:6e:d9:
         a6:2f:5b:b7:d7:4f:7c:e7:30:ea:ab:72:74:ea:e6:ea:e7:f4:
         76:e5:7f:54:0a:a0:c7:7c:b1:b0:16:cb:78:fe:77:fb:18:5e:
         41:c2:f3:f2:e5:9e:0a:8c:13:61:91:af:44:c1:f7:f4:e0:d8:
         31:e5:a5:70:4f:52:49:67:84:be:16:19:6f:c5:fd:ea:d0:d4:
         e3:15:76:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Na1QFzPnc+fxe8MX8hJT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTA5MTU0NjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWU5OGU1MjYzNzgyMTA1NDA3YWU2OGMwMzdmNzA3NWJmNzFkNmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMlL1Rw/lk9Icf+S5mXqMtWupiFd
xXY3Y+P3/+CjLIWJrPye8rjWWNpFu7C92hGjt7h+QtaCFr9jsANYAx1gDm/QCtJi
6IGyhcb8wPQO0VUiqLi4gHxqvOCpjgpEmIX546xmKnLiL4YoUcoUXVnWfNojAGV7
oABH0HmJORzfInK+lLQ1VcrbMoxDzU/yfOjgzj9QjkL4R6T5b77h9EYaOBc5QHI5
soCxA8V8apNHU4o6e+pM72+2DAOXERmRV69aO+1CgmHCPliuBZhTUETrVN2jOwLG
Odp/s97vYnm63ks42Hi2BBQe1ByxEK65mWdGDdTALkO7r8ma79EU2zN8BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHpjlJjeCEFQHrmjAN/cHW/cdbkMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQWVtT1VtTjRJUVZBZXVhTUEzOXdkYjl4MXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzpgMA0G
CSqGSIb3DQEBCwUAA4IBAQAfWX7DH5jJyEz1UF044RrrSbirdJf28+sVqEYMdT0U
CLR+CMJ8xe5+SlQpbPrqv78Qklt447r06A4/utMtw4lVkt7GzkjvndTEhKxW+im4
NR2J+zwflfzrDWUFDXTRgm7gfb4XWIj/B06uurfwc/Pd3npv1JW14NjhFdZ9vXhK
R1OFcObSAnZrdMcjQm5ycbivUikGixwRehKwUEgCShxiR1iNqvaZe421c4wfOfIX
xTS+btmmL1u310985zDqq3J06ubq5/R25X9UCqDHfLGwFst4/nf7GF5BwvPy5Z4K
jBNhka9Ewff04Ngx5aVwT1JJZ4S+Fhlvxf3q0NTjFXZP
-----END CERTIFICATE-----