Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/DIkA4okKEIIM7Q19ua3fMoJ-eV8.roa
File:                     DIkA4okKEIIM7Q19ua3fMoJ-eV8.roa (raw, json)
Hash identifier:          Gyn1+hxSAokGVvUcyhh/PaIVK3CTLw274SDDqk5g6a4=
Subject key identifier:   0C:89:00:E2:89:0A:10:82:0C:ED:0D:7D:B9:AD:DF:32:82:7E:79:5F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D254CABF967AC83E67F93F119FA185733
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/DIkA4okKEIIM7Q19ua3fMoJ-eV8.roa
Signing time:             Wed 25 Mar 2026 14:01:14 +0000
ROA not before:           Wed 25 Mar 2026 14:01:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199770
IP address blocks:        31.59.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:4c:ab:f9:67:ac:83:e6:7f:93:f1:19:fa:18:57:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 25 14:01:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c8900e2890a10820ced0d7db9addf32827e795f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7b:b3:fd:c9:19:52:2a:c0:53:11:2e:d2:84:
                    2d:4a:f0:14:c1:36:18:19:0b:f9:da:06:90:44:07:
                    1b:8c:f6:bf:3c:82:7c:f2:ad:df:3d:fd:f1:ac:42:
                    95:fa:d9:2d:ff:13:16:be:99:53:7f:f9:2d:0a:b5:
                    30:4c:d1:4e:0e:36:41:4a:0d:e1:a0:b7:1e:ea:53:
                    a1:7b:40:4a:f1:d7:a9:d5:1d:9c:5a:a0:8f:ea:6e:
                    93:e7:a9:e6:35:a2:07:0c:3e:02:d5:cc:6b:1f:66:
                    5c:49:01:e6:8b:e6:ad:de:f8:05:25:34:da:16:e4:
                    b1:63:aa:c9:81:70:94:c3:12:af:66:e4:6e:5b:71:
                    c5:51:39:74:7f:0b:10:51:86:91:60:f0:ea:2d:90:
                    4b:27:a5:bf:42:f8:92:3f:e2:72:30:36:fe:b4:ca:
                    7d:ee:bb:56:aa:2c:6e:2c:ea:8f:87:9b:75:a1:5d:
                    cc:cd:ac:31:d6:fd:7b:f5:35:71:4c:bc:4f:87:7f:
                    5d:f7:c6:c4:7d:54:25:22:b0:f9:2c:2e:5d:6d:ce:
                    80:bb:23:72:5d:af:df:c2:eb:3b:b8:18:05:05:ba:
                    54:9a:ba:f6:e6:9d:6a:ec:a8:df:75:98:ff:42:fa:
                    a3:d6:69:25:37:52:44:f8:94:1e:a3:f8:63:91:59:
                    d4:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:89:00:E2:89:0A:10:82:0C:ED:0D:7D:B9:AD:DF:32:82:7E:79:5F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/DIkA4okKEIIM7Q19ua3fMoJ-eV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:bd:85:8f:cd:43:df:cd:2d:dd:2c:5c:58:d2:5d:f5:6b:4f:
         3c:4b:ba:19:00:53:a3:1f:44:f0:43:c8:55:94:17:49:17:68:
         7c:ba:48:b3:7e:99:02:2e:a4:73:5b:ca:5c:65:e9:49:19:33:
         6d:92:fc:69:fa:d7:ea:66:48:3b:13:e6:3f:d3:3c:72:c4:8d:
         cc:40:86:8b:59:89:8b:60:5f:cf:75:1e:80:4a:57:a5:5e:58:
         75:59:51:20:fc:bf:30:4b:fb:37:4f:20:db:c2:23:02:47:8d:
         bb:d1:02:03:42:18:ce:19:29:fb:5d:a4:11:a8:71:41:e4:a5:
         5b:c5:82:ee:90:10:95:20:93:b7:c7:27:82:58:76:4a:c9:f9:
         32:3d:2c:27:3d:97:18:d0:ca:00:41:e5:0e:ca:64:b0:36:a4:
         37:db:33:a3:fd:74:8c:72:45:d7:26:52:14:d9:55:04:9f:9d:
         71:fb:50:4b:9d:96:fe:cb:cd:0a:7d:66:f5:48:42:92:62:bc:
         7b:ca:f8:5b:f5:04:63:bd:65:6d:b7:69:53:90:e1:4b:c6:44:
         50:48:5b:5d:32:f0:d5:7d:0d:06:c4:55:0a:9d:8c:67:4f:f1:
         87:a2:63:33:52:6e:54:dc:6d:bc:f9:ff:b3:42:66:c6:b4:f8:
         2e:7c:9d:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0lTKv5Z6yD5n+T8Rn6GFczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzI1MTQwMTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzg5MDBlMjg5MGExMDgyMGNlZDBkN2RiOWFkZGYzMjgyN2U3OTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3uz/ckZUirAUxEu0oQtSvAUwTYY
GQv52gaQRAcbjPa/PIJ88q3fPf3xrEKV+tkt/xMWvplTf/ktCrUwTNFODjZBSg3h
oLce6lOhe0BK8dep1R2cWqCP6m6T56nmNaIHDD4C1cxrH2ZcSQHmi+at3vgFJTTa
FuSxY6rJgXCUwxKvZuRuW3HFUTl0fwsQUYaRYPDqLZBLJ6W/QviSP+JyMDb+tMp9
7rtWqixuLOqPh5t1oV3Mzawx1v179TVxTLxPh39d98bEfVQlIrD5LC5dbc6AuyNy
Xa/fwus7uBgFBbpUmrr25p1q7KjfdZj/Qvqj1mklN1JE+JQeo/hjkVnUcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyJAOKJChCCDO0Nfbmt3zKCfnlfMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRElrQTRva0tFSUlNN1ExOXVhM2ZNb0otZVY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztlMA0G
CSqGSIb3DQEBCwUAA4IBAQC3vYWPzUPfzS3dLFxY0l31a088S7oZAFOjH0TwQ8hV
lBdJF2h8ukizfpkCLqRzW8pcZelJGTNtkvxp+tfqZkg7E+Y/0zxyxI3MQIaLWYmL
YF/PdR6ASlelXlh1WVEg/L8wS/s3TyDbwiMCR4270QIDQhjOGSn7XaQRqHFB5KVb
xYLukBCVIJO3xyeCWHZKyfkyPSwnPZcY0MoAQeUOymSwNqQ32zOj/XSMckXXJlIU
2VUEn51x+1BLnZb+y80KfWb1SEKSYrx7yvhb9QRjvWVtt2lTkOFLxkRQSFtdMvDV
fQ0GxFUKnYxnT/GHomMzUm5U3G28+f+zQmbGtPgufJ1V
-----END CERTIFICATE-----