Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WmTSZ2vvfKQJQX33vOdVNihdrHo.roa
File:                     WmTSZ2vvfKQJQX33vOdVNihdrHo.roa (raw, json)
Hash identifier:          /kPp9y8uy7ihi4RR/PlzPPzuoLM5mCzDCUUSQYdABhY=
Subject key identifier:   5A:64:D2:67:6B:EF:7C:A4:09:41:7D:F7:BC:E7:55:36:28:5D:AC:7A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E090E63DDA7C56B6CB294A577BA1CBDEA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WmTSZ2vvfKQJQX33vOdVNihdrHo.roa
Signing time:             Fri 08 May 2026 19:26:38 +0000
ROA not before:           Fri 08 May 2026 19:26:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25369
IP address blocks:        31.58.39.0/24 maxlen: 24
                          31.58.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:09:0e:63:dd:a7:c5:6b:6c:b2:94:a5:77:ba:1c:bd:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  8 19:26:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a64d2676bef7ca409417df7bce75536285dac7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7d:cd:c5:b6:1f:06:3e:99:a3:96:c3:5e:24:
                    ce:ec:d7:76:f6:8f:8f:fb:ff:3e:06:a9:3a:d6:4e:
                    b2:04:c7:de:e1:e3:7e:ed:14:a1:32:5b:82:30:09:
                    48:81:f0:08:ec:d8:4a:11:68:df:11:41:f2:29:68:
                    37:41:b2:12:72:8c:4f:a5:ac:e9:84:67:b3:07:b7:
                    91:e0:5c:cc:b7:d1:9b:91:c3:6c:dc:5e:07:69:d4:
                    6a:09:91:0d:ec:e2:08:9a:1f:f5:ed:73:43:22:a7:
                    99:49:d8:74:4a:fa:05:d2:b8:a2:00:c6:f5:87:c7:
                    b7:f4:dc:a0:41:4c:26:25:66:bb:ae:39:d2:b0:57:
                    ac:31:dc:35:f9:8a:89:7c:26:3e:10:75:bb:f6:51:
                    3f:34:83:dc:40:2d:2f:a2:24:3b:b4:20:d4:29:aa:
                    bb:eb:30:58:1e:f1:c7:eb:83:f2:09:57:80:af:aa:
                    1d:c6:da:8d:4f:46:3b:4a:2c:38:09:bb:98:ef:4d:
                    86:b8:3f:f4:66:03:60:7d:84:3d:14:9b:56:96:c6:
                    e8:df:b8:07:ae:19:15:54:94:de:57:c7:48:9d:39:
                    81:36:0a:02:c9:31:21:9f:85:d6:f7:e5:e9:1a:86:
                    83:cc:b1:99:1b:e3:f4:fe:e9:c6:a8:7b:88:b6:ae:
                    d6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:64:D2:67:6B:EF:7C:A4:09:41:7D:F7:BC:E7:55:36:28:5D:AC:7A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WmTSZ2vvfKQJQX33vOdVNihdrHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.39.0/24
                  31.58.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:fd:c1:3a:74:e0:6b:18:bf:e1:a2:ba:e7:14:9b:70:67:c3:
         3c:54:19:af:d2:36:63:57:91:d6:80:49:06:86:ee:ba:25:dd:
         27:af:c6:ba:0e:ef:b7:ed:3c:a4:d6:1c:82:28:9e:39:2b:3b:
         91:5e:8e:d9:61:73:01:27:bb:e6:04:73:3e:a3:21:ba:76:74:
         bb:89:67:ec:2d:86:43:82:ec:84:e0:17:88:73:f0:54:fb:fe:
         06:25:f8:6e:6c:f4:ac:49:cc:8f:06:cd:7c:56:1e:92:11:50:
         e7:7d:90:5b:36:43:19:48:8c:15:7a:3e:90:c9:9e:70:a3:68:
         5c:6e:97:47:03:17:15:0c:6e:94:c2:8c:3b:71:a9:09:0b:9b:
         75:cd:cf:52:a0:62:2f:4e:b2:07:e7:9e:dd:17:1b:40:96:89:
         86:29:f2:62:3e:df:84:cd:12:16:45:b2:47:28:cb:4e:ca:ce:
         35:48:f9:30:61:d0:29:cf:1e:02:54:7f:32:0c:ed:f8:20:93:
         da:ef:8d:89:bd:14:09:59:a7:11:ab:00:6b:2f:e1:23:b6:7e:
         f9:fb:86:06:dc:53:02:49:75:10:f8:90:73:98:75:00:44:94:
         9c:95:7e:fb:11:90:d1:e0:41:4b:f2:22:1d:12:95:4f:a5:46:
         69:bf:e1:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4JDmPdp8VrbLKUpXe6HL3qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTA4MTkyNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTY0ZDI2NzZiZWY3Y2E0MDk0MTdkZjdiY2U3NTUzNjI4NWRhYzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyn3NxbYfBj6Zo5bDXiTO7Nd29o+P
+/8+Bqk61k6yBMfe4eN+7RShMluCMAlIgfAI7NhKEWjfEUHyKWg3QbIScoxPpazp
hGezB7eR4FzMt9GbkcNs3F4HadRqCZEN7OIImh/17XNDIqeZSdh0SvoF0riiAMb1
h8e39NygQUwmJWa7rjnSsFesMdw1+YqJfCY+EHW79lE/NIPcQC0voiQ7tCDUKaq7
6zBYHvHH64PyCVeAr6odxtqNT0Y7Siw4CbuY702GuD/0ZgNgfYQ9FJtWlsbo37gH
rhkVVJTeV8dInTmBNgoCyTEhn4XW9+XpGoaDzLGZG+P0/unGqHuItq7WXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFpk0mdr73ykCUF997znVTYoXax6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvV21UU1oydnZmS1FKUVgzM3ZPZFZOaWhkckhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzonAwQC
Hzo8MA0GCSqGSIb3DQEBCwUAA4IBAQBj/cE6dOBrGL/horrnFJtwZ8M8VBmv0jZj
V5HWgEkGhu66Jd0nr8a6Du+37Tyk1hyCKJ45KzuRXo7ZYXMBJ7vmBHM+oyG6dnS7
iWfsLYZDguyE4BeIc/BU+/4GJfhubPSsScyPBs18Vh6SEVDnfZBbNkMZSIwVej6Q
yZ5wo2hcbpdHAxcVDG6Uwow7cakJC5t1zc9SoGIvTrIH557dFxtAlomGKfJiPt+E
zRIWRbJHKMtOys41SPkwYdApzx4CVH8yDO34IJPa742JvRQJWacRqwBrL+Ejtn75
+4YG3FMCSXUQ+JBzmHUARJSclX77EZDR4EFL8iIdEpVPpUZpv+Gg
-----END CERTIFICATE-----