Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nyLizNlPaowamWDEEhgFHIPbbSY.roa
File:                     nyLizNlPaowamWDEEhgFHIPbbSY.roa (raw, json)
Hash identifier:          5MhjU1D+DJRfe6PWGZ5QRgoTY1rNuE3Q1rEs9ab4ps0=
Subject key identifier:   9F:22:E2:CC:D9:4F:6A:8C:1A:99:60:C4:12:18:05:1C:83:DB:6D:26
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E06BD21AA61CCA449FF6F8191758A4806
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nyLizNlPaowamWDEEhgFHIPbbSY.roa
Signing time:             Fri 08 May 2026 08:38:38 +0000
ROA not before:           Fri 08 May 2026 08:38:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151389
IP address blocks:        31.58.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:bd:21:aa:61:cc:a4:49:ff:6f:81:91:75:8a:48:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  8 08:38:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f22e2ccd94f6a8c1a9960c41218051c83db6d26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:86:bd:7c:ee:b0:68:93:f1:c1:9f:2b:bc:d5:
                    44:88:52:9e:24:f5:be:6c:eb:37:b6:eb:ff:cb:6d:
                    d8:08:40:1d:99:7d:5f:11:76:33:1e:11:b6:e9:73:
                    e0:bc:f0:47:84:64:fc:54:a4:cf:15:ae:74:0b:12:
                    05:96:34:a8:d2:35:23:6e:40:f4:b3:d7:db:dc:0f:
                    90:e5:e9:58:71:e2:35:15:37:72:f0:35:5f:4f:69:
                    02:2d:a3:3d:ae:53:9f:45:57:46:5d:48:69:01:5d:
                    e8:bb:1e:8f:c1:8c:6e:e1:8a:a0:26:40:51:5c:b3:
                    45:b0:42:50:1a:ca:50:99:a8:0f:68:d9:e8:cf:fa:
                    99:79:f9:df:28:d0:5c:9b:60:4e:66:16:75:ca:c3:
                    b4:32:01:32:11:db:13:c1:f9:1e:33:3c:16:92:5e:
                    15:a4:ad:d2:c9:d7:6e:02:29:14:60:53:2c:c1:03:
                    be:47:7b:08:7f:cc:86:20:d8:0b:ef:57:a5:b5:b4:
                    2c:8e:0b:bd:17:f2:72:51:ad:fa:ef:b7:e6:0c:d0:
                    29:92:71:23:52:5c:df:4d:80:e9:f7:81:20:29:e8:
                    95:16:aa:5a:6f:8f:8a:ae:a9:38:fe:b5:ec:e6:7c:
                    38:20:ff:b9:ec:18:ff:fe:18:ea:9d:a2:9d:51:1a:
                    c7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:22:E2:CC:D9:4F:6A:8C:1A:99:60:C4:12:18:05:1C:83:DB:6D:26
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nyLizNlPaowamWDEEhgFHIPbbSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:fb:de:0d:b5:c7:51:6d:69:28:8d:50:5d:71:92:f8:08:17:
         23:70:98:83:ba:9e:bc:f2:08:9d:8c:7a:c6:a9:25:a9:74:ce:
         94:ea:cc:3c:74:69:4a:2d:63:90:8f:15:bb:83:45:56:e0:e6:
         ad:1a:95:89:de:cb:4b:a9:11:51:ab:8b:62:86:8e:65:b2:ea:
         8c:0e:1a:83:d6:53:ec:4f:62:35:4d:ba:4b:a6:e2:ac:71:00:
         9b:c3:ca:89:1f:60:03:6a:0f:4d:57:e9:40:ca:ce:84:23:a0:
         f7:12:8e:44:ea:e4:5e:df:c0:a6:fa:a1:36:20:a8:16:02:45:
         57:7e:33:b7:2f:c4:7f:c5:32:5d:50:12:17:80:03:95:32:ae:
         cf:ba:8d:b4:36:ba:aa:a4:50:0f:04:f1:fc:28:45:a3:62:e4:
         79:a1:2d:c7:9d:53:fc:0f:b0:a8:bd:65:85:ff:87:52:c2:43:
         96:bb:49:d7:55:c0:54:f9:2d:8e:c8:44:38:c9:73:e7:db:26:
         11:a7:e6:fd:8c:b9:92:38:02:69:77:87:c5:46:54:00:71:7b:
         93:b6:91:8c:71:4e:08:04:67:16:e7:ba:1a:de:0c:14:81:84:
         2c:3b:9c:5f:33:8e:86:bb:ae:48:5a:b2:c3:4d:72:24:e4:f1:
         25:a6:95:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4GvSGqYcykSf9vgZF1ikgGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTA4MDgzODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjIyZTJjY2Q5NGY2YThjMWE5OTYwYzQxMjE4MDUxYzgzZGI2ZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ya9fO6waJPxwZ8rvNVEiFKeJPW+
bOs3tuv/y23YCEAdmX1fEXYzHhG26XPgvPBHhGT8VKTPFa50CxIFljSo0jUjbkD0
s9fb3A+Q5elYceI1FTdy8DVfT2kCLaM9rlOfRVdGXUhpAV3oux6PwYxu4YqgJkBR
XLNFsEJQGspQmagPaNnoz/qZefnfKNBcm2BOZhZ1ysO0MgEyEdsTwfkeMzwWkl4V
pK3SydduAikUYFMswQO+R3sIf8yGINgL71eltbQsjgu9F/JyUa3677fmDNApknEj
UlzfTYDp94EgKeiVFqpab4+Krqk4/rXs5nw4IP+57Bj//hjqnaKdURrHFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8i4szZT2qMGplgxBIYBRyD220mMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbnlMaXpObFBhb3dhbVdERUVoZ0ZISVBiYlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqSMA0G
CSqGSIb3DQEBCwUAA4IBAQCt+94NtcdRbWkojVBdcZL4CBcjcJiDup688gidjHrG
qSWpdM6U6sw8dGlKLWOQjxW7g0VW4OatGpWJ3stLqRFRq4tiho5lsuqMDhqD1lPs
T2I1TbpLpuKscQCbw8qJH2ADag9NV+lAys6EI6D3Eo5E6uRe38Cm+qE2IKgWAkVX
fjO3L8R/xTJdUBIXgAOVMq7Puo20NrqqpFAPBPH8KEWjYuR5oS3HnVP8D7CovWWF
/4dSwkOWu0nXVcBU+S2OyEQ4yXPn2yYRp+b9jLmSOAJpd4fFRlQAcXuTtpGMcU4I
BGcW57oa3gwUgYQsO5xfM46Gu65IWrLDTXIk5PElppXq
-----END CERTIFICATE-----