Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cIBhU8wj3LxA4luaq3WQ6jjzfDg.roa
File:                     cIBhU8wj3LxA4luaq3WQ6jjzfDg.roa (raw, json)
Hash identifier:          jGuCiI77QHHbZB3GuT+MzaGvCtZtJxK9ItRs9dUjaV8=
Subject key identifier:   70:80:61:53:CC:23:DC:BC:40:E2:5B:9A:AB:75:90:EA:38:F3:7C:38
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D11C70D1192EFA7B1C66FE818CB649890
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cIBhU8wj3LxA4luaq3WQ6jjzfDg.roa
Signing time:             Sat 21 Mar 2026 19:02:30 +0000
ROA not before:           Sat 21 Mar 2026 19:02:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24940
IP address blocks:        31.58.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:11:c7:0d:11:92:ef:a7:b1:c6:6f:e8:18:cb:64:98:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 21 19:02:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70806153cc23dcbc40e25b9aab7590ea38f37c38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:8e:8a:65:e6:34:ee:f3:ea:6b:26:8a:dc:a9:
                    65:ce:52:50:5a:09:ce:04:97:63:1a:9f:e9:f1:d9:
                    d4:e8:95:19:42:83:9a:ba:97:21:0c:b7:51:38:11:
                    26:3a:8c:6d:89:63:2e:c3:34:d0:d3:21:24:0a:e8:
                    35:87:f8:73:cf:49:50:f9:c7:1e:1e:0a:c5:b2:43:
                    29:66:f2:e2:a0:6d:fd:bf:b9:35:7d:ab:94:bd:69:
                    cd:b4:be:bc:71:47:73:53:33:b1:70:f6:1f:44:4e:
                    30:dd:ab:7b:62:b2:76:87:18:bb:b4:e3:a3:61:28:
                    58:5f:6b:b6:44:0f:50:51:64:55:d0:4c:b0:d6:8d:
                    75:9e:97:8e:3f:3b:8a:f5:8f:95:11:5f:94:71:5c:
                    a0:b5:7f:e3:55:a6:da:03:61:30:89:00:74:24:50:
                    ae:ff:fd:e1:6e:81:7f:69:ec:73:80:41:2a:4d:80:
                    eb:13:05:21:59:17:c9:a4:cb:1e:ae:f0:20:22:f8:
                    d5:49:51:e0:e7:ca:cb:d5:ec:70:3a:8b:62:42:bf:
                    30:aa:e7:f0:31:c6:af:67:45:28:a5:02:d2:b2:ba:
                    e9:7a:a1:80:26:d5:57:8e:67:28:9f:da:91:ec:a2:
                    6b:57:a8:cd:36:c3:bb:0c:fb:25:78:d6:ed:9a:17:
                    52:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:80:61:53:CC:23:DC:BC:40:E2:5B:9A:AB:75:90:EA:38:F3:7C:38
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cIBhU8wj3LxA4luaq3WQ6jjzfDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:56:d2:aa:f4:95:48:7a:07:c1:aa:b1:a2:e4:8e:0d:e1:3a:
         81:96:01:c6:4b:6a:b5:58:94:b5:bc:dc:79:84:5e:51:a0:0a:
         89:3d:64:2b:4d:f9:e8:31:ee:a9:4f:b4:16:a6:fb:ac:7d:82:
         eb:d1:be:80:46:b7:2a:fb:19:80:08:1c:73:2a:ce:94:8e:ab:
         98:14:65:f4:fa:c9:fe:dd:71:d4:39:22:af:a7:d1:1e:ee:20:
         62:55:95:78:88:85:f7:04:d1:9b:8b:95:28:8d:2f:67:73:fc:
         be:53:25:36:3a:5e:6b:ee:34:39:4c:8d:c3:eb:83:fe:49:3a:
         84:68:26:6d:c8:d3:d1:d6:a4:5a:0e:d2:b9:17:22:10:2f:ec:
         17:e7:d9:c8:25:ae:67:53:56:03:46:5e:72:df:f3:75:39:e2:
         07:13:72:fa:6f:e7:4a:7b:b9:41:1e:70:99:c1:62:7f:5f:32:
         8d:ea:1a:b6:e8:2e:1e:fe:c3:0d:0c:73:c2:41:0d:17:86:b1:
         d8:a4:18:e3:4f:71:c0:b0:d3:86:d7:e7:47:58:7a:a6:a2:3f:
         bc:e0:78:3c:5a:a0:f7:25:6f:60:93:e5:3a:1b:65:7f:22:ba:
         46:0f:06:bd:c0:f0:53:0b:d6:bc:c0:63:ef:d8:fc:ac:55:13:
         92:d7:ab:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Rxw0Rku+nscZv6BjLZJiQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzIxMTkwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDgwNjE1M2NjMjNkY2JjNDBlMjViOWFhYjc1OTBlYTM4ZjM3YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA546KZeY07vPqayaK3KllzlJQWgnO
BJdjGp/p8dnU6JUZQoOaupchDLdROBEmOoxtiWMuwzTQ0yEkCug1h/hzz0lQ+cce
HgrFskMpZvLioG39v7k1fauUvWnNtL68cUdzUzOxcPYfRE4w3at7YrJ2hxi7tOOj
YShYX2u2RA9QUWRV0Eyw1o11npeOPzuK9Y+VEV+UcVygtX/jVabaA2EwiQB0JFCu
//3hboF/aexzgEEqTYDrEwUhWRfJpMservAgIvjVSVHg58rL1exwOotiQr8wqufw
McavZ0UopQLSsrrpeqGAJtVXjmcon9qR7KJrV6jNNsO7DPsleNbtmhdSxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCAYVPMI9y8QOJbmqt1kOo483w4MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY0lCaFU4d2ozTHhBNGx1YXEzV1E2amp6ZkRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzpYMA0G
CSqGSIb3DQEBCwUAA4IBAQARVtKq9JVIegfBqrGi5I4N4TqBlgHGS2q1WJS1vNx5
hF5RoAqJPWQrTfnoMe6pT7QWpvusfYLr0b6ARrcq+xmACBxzKs6UjquYFGX0+sn+
3XHUOSKvp9Ee7iBiVZV4iIX3BNGbi5UojS9nc/y+UyU2Ol5r7jQ5TI3D64P+STqE
aCZtyNPR1qRaDtK5FyIQL+wX59nIJa5nU1YDRl5y3/N1OeIHE3L6b+dKe7lBHnCZ
wWJ/XzKN6hq26C4e/sMNDHPCQQ0XhrHYpBjjT3HAsNOG1+dHWHqmoj+84Hg8WqD3
JW9gk+U6G2V/IrpGDwa9wPBTC9a8wGPv2PysVROS16sx
-----END CERTIFICATE-----