Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FgI5ZGOnXWo22SfeugDJKGtSerI.roa
File:                     FgI5ZGOnXWo22SfeugDJKGtSerI.roa (raw, json)
Hash identifier:          5hJmMFi3IqAFVnU2XZy/GGCxrBOmYq+us5GkHHGevnE=
Subject key identifier:   16:02:39:64:63:A7:5D:6A:36:D9:27:DE:BA:00:C9:28:6B:52:7A:B2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CD3CA37D0A55A3894723879032356E690
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FgI5ZGOnXWo22SfeugDJKGtSerI.roa
Signing time:             Mon 09 Mar 2026 18:09:30 +0000
ROA not before:           Mon 09 Mar 2026 18:09:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47585
IP address blocks:        31.58.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d3:ca:37:d0:a5:5a:38:94:72:38:79:03:23:56:e6:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  9 18:09:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1602396463a75d6a36d927deba00c9286b527ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b7:3d:f9:8d:3b:d6:6a:f8:66:ef:af:ce:aa:
                    7f:92:e0:b1:af:e3:40:e7:1c:14:6f:1b:3a:cf:b1:
                    35:90:98:be:65:9b:d4:53:dc:91:dd:0f:27:e8:d6:
                    fb:56:8a:41:70:ff:e1:99:b6:f4:f7:20:eb:bb:66:
                    db:aa:17:5c:d1:2a:67:a0:4e:2c:52:4b:d7:29:ed:
                    3a:7a:cc:2e:db:c8:48:23:e2:d2:07:99:02:86:6f:
                    51:c5:c0:7f:0e:c2:2a:a4:82:78:6a:d9:eb:f5:55:
                    47:1f:2a:bf:31:3a:88:72:a2:e7:53:32:47:83:8e:
                    dc:96:6b:cb:5a:f2:bd:ae:23:2f:6d:6f:a7:07:6a:
                    f6:d5:a9:de:ea:c7:6e:b5:a7:70:b9:21:79:50:58:
                    e3:4f:88:dd:19:51:55:52:90:40:9e:ec:aa:74:b5:
                    6b:35:03:8d:7b:91:fe:32:36:1a:3a:85:89:54:b1:
                    59:ba:3b:a7:9f:c4:35:54:c1:dc:ef:db:22:6f:47:
                    f8:9c:6d:47:92:68:77:17:d1:c9:b5:1a:83:2d:74:
                    70:5b:13:24:2d:65:7a:dc:39:39:3c:c4:98:e2:b4:
                    72:0d:3e:0d:95:4c:64:fc:48:6f:fe:07:00:d0:96:
                    25:2a:64:6c:cd:eb:99:29:11:2e:ca:04:f1:f9:43:
                    d2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:02:39:64:63:A7:5D:6A:36:D9:27:DE:BA:00:C9:28:6B:52:7A:B2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FgI5ZGOnXWo22SfeugDJKGtSerI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:6c:bb:6a:45:61:ce:02:cc:f7:21:05:2e:44:71:8e:2b:84:
         b4:21:96:75:c1:cb:b0:6e:3a:7b:64:2e:10:e6:f8:74:84:f1:
         25:4f:32:8d:cb:61:54:4b:43:17:78:34:66:b3:58:8e:79:69:
         08:a6:80:74:11:4b:a0:53:dd:ef:ae:9f:24:f4:86:a4:3a:e0:
         1b:5c:80:3c:d9:2f:5d:49:01:e7:31:40:28:9c:ce:4a:db:d2:
         c4:04:ba:48:d6:3c:f2:e2:5d:1d:bc:c4:27:1b:e7:b7:7a:f1:
         62:05:14:82:6c:25:3b:56:fa:4b:0e:56:cc:01:8b:51:ee:cf:
         00:01:2a:25:b2:00:d9:56:15:f5:c3:fc:c5:45:aa:34:53:03:
         83:b8:2d:e9:68:98:85:6a:f5:98:5e:ac:f3:3b:83:44:d8:c0:
         9e:e3:88:75:61:c3:b2:77:f9:6b:26:76:d2:f9:cc:7e:00:9b:
         92:bb:3a:2d:c2:05:44:cd:0a:90:69:55:a9:1f:65:61:14:d3:
         3c:5d:dd:7b:8a:89:e1:ec:6e:60:c0:1c:71:dd:5b:1d:5e:cc:
         5e:7c:58:9a:0b:27:0c:20:fb:b0:75:d0:f2:2f:d2:e9:71:b4:
         5c:4d:6b:31:06:7d:af:9f:c6:12:78:c4:c4:ef:17:f5:5e:fb:
         dc:6d:fc:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzTyjfQpVo4lHI4eQMjVuaQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzA5MTgwOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjAyMzk2NDYzYTc1ZDZhMzZkOTI3ZGViYTAwYzkyODZiNTI3YWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7c9+Y071mr4Zu+vzqp/kuCxr+NA
5xwUbxs6z7E1kJi+ZZvUU9yR3Q8n6Nb7VopBcP/hmbb09yDru2bbqhdc0SpnoE4s
UkvXKe06eswu28hII+LSB5kChm9RxcB/DsIqpIJ4atnr9VVHHyq/MTqIcqLnUzJH
g47clmvLWvK9riMvbW+nB2r21ane6sdutadwuSF5UFjjT4jdGVFVUpBAnuyqdLVr
NQONe5H+MjYaOoWJVLFZujunn8Q1VMHc79sib0f4nG1Hkmh3F9HJtRqDLXRwWxMk
LWV63Dk5PMSY4rRyDT4NlUxk/Ehv/gcA0JYlKmRszeuZKREuygTx+UPSfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYCOWRjp11qNtkn3roAyShrUnqyMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRmdJNVpHT25YV28yMlNmZXVnREpLR3RTZXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzr5MA0G
CSqGSIb3DQEBCwUAA4IBAQA8bLtqRWHOAsz3IQUuRHGOK4S0IZZ1wcuwbjp7ZC4Q
5vh0hPElTzKNy2FUS0MXeDRms1iOeWkIpoB0EUugU93vrp8k9IakOuAbXIA82S9d
SQHnMUAonM5K29LEBLpI1jzy4l0dvMQnG+e3evFiBRSCbCU7VvpLDlbMAYtR7s8A
ASolsgDZVhX1w/zFRao0UwODuC3paJiFavWYXqzzO4NE2MCe44h1YcOyd/lrJnbS
+cx+AJuSuzotwgVEzQqQaVWpH2VhFNM8Xd17ionh7G5gwBxx3VsdXsxefFiaCycM
IPuwddDyL9LpcbRcTWsxBn2vn8YSeMTE7xf1XvvcbfyC
-----END CERTIFICATE-----