Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0EL7WLBykWtvfDIjp3hL3wgYOKw.roa
File:                     0EL7WLBykWtvfDIjp3hL3wgYOKw.roa (raw, json)
Hash identifier:          6Uc1/b/CdsTftW+XDYFColUa8bdOa2eXATCvnxXpuzo=
Subject key identifier:   D0:42:FB:58:B0:72:91:6B:6F:7C:32:23:A7:78:4B:DF:08:18:38:AC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E9707808CED180555CA7D29FD293A8AC5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0EL7WLBykWtvfDIjp3hL3wgYOKw.roa
Signing time:             Fri 05 Jun 2026 09:05:11 +0000
ROA not before:           Fri 05 Jun 2026 09:05:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402276
IP address blocks:        31.59.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:07:80:8c:ed:18:05:55:ca:7d:29:fd:29:3a:8a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  5 09:05:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d042fb58b072916b6f7c3223a7784bdf081838ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e2:c3:7f:44:a0:2c:15:f5:84:89:ed:38:81:
                    7e:14:dc:17:b9:75:3c:14:d7:03:46:45:7e:b5:3d:
                    20:7e:fc:3e:f0:5d:c2:91:fa:65:6d:17:96:a2:5e:
                    98:3a:ab:5e:f6:7a:b4:0d:65:20:65:01:ae:f9:0e:
                    0e:b5:e5:f4:ac:46:f4:36:93:2e:13:44:4c:93:96:
                    c5:60:49:6e:0c:5e:37:e1:5b:db:dc:98:9d:c3:05:
                    31:ed:1b:2f:9f:e9:88:11:58:d7:5e:04:48:30:68:
                    ff:c7:00:ea:25:a2:7d:83:42:20:1d:0a:af:89:ae:
                    19:ef:a3:6d:e7:ce:20:ef:d6:60:e6:15:a1:01:66:
                    86:55:3c:0c:ed:e1:be:46:35:c1:29:b8:c5:fe:cf:
                    62:1c:45:ae:51:23:7b:33:c9:11:73:20:c4:19:ba:
                    cc:6d:89:1b:e3:e3:d2:d8:af:e2:ea:02:b1:1d:1e:
                    63:a3:41:38:20:39:6b:1f:2d:0d:ab:35:3a:24:cd:
                    be:70:f0:b1:40:25:3a:a4:e4:18:79:d2:00:c5:9a:
                    18:9e:db:ad:71:c5:1c:09:6c:8f:52:67:0d:3e:8c:
                    6d:1c:c3:ce:2b:59:7c:fa:e4:f9:38:32:38:1f:14:
                    f8:cd:10:0c:38:73:5b:28:40:01:fa:90:82:6f:f7:
                    07:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:42:FB:58:B0:72:91:6B:6F:7C:32:23:A7:78:4B:DF:08:18:38:AC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0EL7WLBykWtvfDIjp3hL3wgYOKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:22:77:42:da:64:63:93:55:34:0e:f6:be:d7:41:83:71:5d:
         f7:61:d4:05:40:94:b6:b6:b0:33:f6:21:1a:71:3a:4e:c0:28:
         07:bd:c1:89:a5:dd:ad:74:60:2f:9f:52:22:25:59:8d:e1:dd:
         e6:1a:c5:e7:db:4b:6a:f7:5b:9d:a2:6f:2a:7f:13:35:af:71:
         f5:da:96:f9:e7:fd:10:c5:93:2c:62:cd:56:7b:8a:55:65:b0:
         59:08:94:26:e7:54:7f:1c:20:ba:7e:2c:af:96:cf:69:ff:ca:
         00:41:54:84:df:b1:71:ff:11:f3:9f:d9:cb:5c:60:16:59:31:
         bd:f2:df:2c:70:d5:4e:4e:f9:1f:ed:99:a2:f2:ff:be:1e:a3:
         07:ef:53:10:de:5c:cd:64:2e:e3:71:ed:80:3b:87:84:7c:4c:
         ab:82:5c:b1:4d:4b:53:fa:78:f2:8d:68:7f:60:0c:65:bb:5b:
         bd:73:30:ff:20:a8:35:03:d6:02:42:72:cd:40:76:26:65:fe:
         3d:01:3c:0a:b7:1c:85:29:71:44:9e:44:06:c9:d5:be:8d:eb:
         aa:90:32:49:3f:25:1e:fc:07:5b:16:e2:46:94:d7:bb:50:cf:
         17:ba:cf:12:65:69:a9:d8:1c:cf:82:c4:7e:89:e4:2c:cb:e2:
         90:6b:5c:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6XB4CM7RgFVcp9Kf0pOorFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA1MDkwNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQyZmI1OGIwNzI5MTZiNmY3YzMyMjNhNzc4NGJkZjA4MTgzOGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+LDf0SgLBX1hIntOIF+FNwXuXU8
FNcDRkV+tT0gfvw+8F3CkfplbReWol6YOqte9nq0DWUgZQGu+Q4OteX0rEb0NpMu
E0RMk5bFYEluDF434Vvb3JidwwUx7Rsvn+mIEVjXXgRIMGj/xwDqJaJ9g0IgHQqv
ia4Z76Nt584g79Zg5hWhAWaGVTwM7eG+RjXBKbjF/s9iHEWuUSN7M8kRcyDEGbrM
bYkb4+PS2K/i6gKxHR5jo0E4IDlrHy0NqzU6JM2+cPCxQCU6pOQYedIAxZoYntut
ccUcCWyPUmcNPoxtHMPOK1l8+uT5ODI4HxT4zRAMOHNbKEAB+pCCb/cHoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBC+1iwcpFrb3wyI6d4S98IGDisMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMEVMN1dMQnlrV3R2ZkRJanAzaEwzd2dZT0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztJMA0G
CSqGSIb3DQEBCwUAA4IBAQAJIndC2mRjk1U0Dva+10GDcV33YdQFQJS2trAz9iEa
cTpOwCgHvcGJpd2tdGAvn1IiJVmN4d3mGsXn20tq91udom8qfxM1r3H12pb55/0Q
xZMsYs1We4pVZbBZCJQm51R/HCC6fiyvls9p/8oAQVSE37Fx/xHzn9nLXGAWWTG9
8t8scNVOTvkf7Zmi8v++HqMH71MQ3lzNZC7jce2AO4eEfEyrglyxTUtT+njyjWh/
YAxlu1u9czD/IKg1A9YCQnLNQHYmZf49ATwKtxyFKXFEnkQGydW+jeuqkDJJPyUe
/AdbFuJGlNe7UM8Xus8SZWmp2BzPgsR+ieQsy+KQa1zb
-----END CERTIFICATE-----