Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OC6iEBWUl8jQ4NXSjPQYr6my0uI.roa
File:                     OC6iEBWUl8jQ4NXSjPQYr6my0uI.roa (raw, json)
Hash identifier:          VZlyBa6wlio4CpylzqWSabVYOfWDd7Pb0vLncEpLADM=
Subject key identifier:   38:2E:A2:10:15:94:97:C8:D0:E0:D5:D2:8C:F4:18:AF:A9:B2:D2:E2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EA5D5CA4E3AF70AFB22DE00631C1F8781
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OC6iEBWUl8jQ4NXSjPQYr6my0uI.roa
Signing time:             Mon 08 Jun 2026 06:05:11 +0000
ROA not before:           Mon 08 Jun 2026 06:05:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50049
IP address blocks:        31.59.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:d5:ca:4e:3a:f7:0a:fb:22:de:00:63:1c:1f:87:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  8 06:05:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=382ea210159497c8d0e0d5d28cf418afa9b2d2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:08:89:ce:27:12:0d:23:c4:e8:98:e1:e9:f2:
                    4d:4a:8e:00:36:4b:19:05:9b:48:ab:ef:a2:df:04:
                    18:d7:2d:30:59:e3:91:72:ca:09:bd:15:42:b2:dd:
                    ce:e1:2e:33:25:2d:72:e0:79:e0:26:f7:07:57:f2:
                    74:51:ff:37:50:bf:c0:bc:ea:28:54:df:ba:b6:b2:
                    12:b1:1d:b8:20:6d:0a:f7:07:39:46:47:0f:60:2a:
                    42:d2:8f:58:06:f8:35:36:c2:fa:a7:3a:fa:40:a5:
                    6f:ff:74:5b:ba:5a:98:cd:8f:d3:a4:c2:93:89:0b:
                    f2:ab:36:b3:55:87:82:fe:76:b2:03:53:69:c3:ba:
                    44:c3:03:40:18:b8:1f:e2:76:47:0d:f6:0d:79:d3:
                    35:4d:a6:74:dd:3f:c4:4a:ab:22:da:31:eb:43:13:
                    89:37:61:5c:bb:2c:94:29:69:4b:27:45:a9:7c:15:
                    4d:31:1b:35:49:d5:33:af:bf:43:8d:7f:3a:87:54:
                    57:8a:89:9d:7c:fa:cc:c3:be:db:b1:09:56:57:b2:
                    16:fa:9d:95:3d:af:23:f8:90:07:42:66:ff:e2:b7:
                    40:f5:0f:6e:f3:9c:93:fd:b2:e9:8c:d1:c3:5f:32:
                    bf:0b:32:d8:df:bd:4b:e9:e3:16:be:16:62:50:76:
                    f4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:2E:A2:10:15:94:97:C8:D0:E0:D5:D2:8C:F4:18:AF:A9:B2:D2:E2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OC6iEBWUl8jQ4NXSjPQYr6my0uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:0f:92:98:92:d0:ba:18:23:6d:f4:80:14:bd:39:fa:e9:29:
         91:89:6e:ad:fc:b7:2b:00:5e:70:d0:9f:15:42:8a:ac:8c:f9:
         f5:5e:11:03:71:c6:6e:97:43:8c:a6:ca:df:0f:14:e0:69:6b:
         16:5c:5c:af:68:d9:74:f0:f7:fa:3c:b9:09:26:17:91:2b:17:
         38:b8:f1:73:75:47:52:9f:0e:af:f9:f6:b4:35:70:7c:dd:27:
         f2:03:47:f0:b1:8a:d7:1b:d0:fd:2c:9d:f1:2b:56:3a:5d:51:
         a8:0a:f5:3f:ec:75:58:b8:9e:0c:19:3f:26:5d:db:bb:c2:c2:
         0a:7d:e2:62:d6:97:67:6f:ea:94:90:9d:da:90:76:5d:bd:d3:
         70:db:36:c1:ff:ce:05:ca:cf:6e:27:10:cb:77:bf:71:16:2b:
         fd:5e:2b:07:8c:0b:ba:b2:c9:16:27:17:ba:ff:7d:3f:42:97:
         b6:3b:86:05:37:9d:c8:36:e7:59:bc:95:db:5a:a4:e1:2f:a4:
         75:cd:36:c7:dc:c2:5d:eb:34:c6:34:03:1e:8d:f4:d0:8d:62:
         8e:93:51:c5:b8:8c:59:44:57:89:aa:27:12:a8:da:c4:c6:f6:
         43:41:23:93:2f:aa:8d:ac:74:bf:71:f0:ef:a2:94:f8:66:5e:
         2a:c9:8e:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6l1cpOOvcK+yLeAGMcH4eBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA4MDYwNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODJlYTIxMDE1OTQ5N2M4ZDBlMGQ1ZDI4Y2Y0MThhZmE5YjJkMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowiJzicSDSPE6Jjh6fJNSo4ANksZ
BZtIq++i3wQY1y0wWeORcsoJvRVCst3O4S4zJS1y4HngJvcHV/J0Uf83UL/AvOoo
VN+6trISsR24IG0K9wc5RkcPYCpC0o9YBvg1NsL6pzr6QKVv/3RbulqYzY/TpMKT
iQvyqzazVYeC/nayA1Npw7pEwwNAGLgf4nZHDfYNedM1TaZ03T/ESqsi2jHrQxOJ
N2FcuyyUKWlLJ0WpfBVNMRs1SdUzr79DjX86h1RXiomdfPrMw77bsQlWV7IW+p2V
Pa8j+JAHQmb/4rdA9Q9u85yT/bLpjNHDXzK/CzLY371L6eMWvhZiUHb03QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDguohAVlJfI0ODV0oz0GK+pstLiMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvT0M2aUVCV1VsOGpRNE5YU2pQUVlyNm15MHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzs1MA0G
CSqGSIb3DQEBCwUAA4IBAQALD5KYktC6GCNt9IAUvTn66SmRiW6t/LcrAF5w0J8V
QoqsjPn1XhEDccZul0OMpsrfDxTgaWsWXFyvaNl08Pf6PLkJJheRKxc4uPFzdUdS
nw6v+fa0NXB83SfyA0fwsYrXG9D9LJ3xK1Y6XVGoCvU/7HVYuJ4MGT8mXdu7wsIK
feJi1pdnb+qUkJ3akHZdvdNw2zbB/84Fys9uJxDLd79xFiv9XisHjAu6sskWJxe6
/30/Qpe2O4YFN53INudZvJXbWqThL6R1zTbH3MJd6zTGNAMejfTQjWKOk1HFuIxZ
RFeJqicSqNrExvZDQSOTL6qNrHS/cfDvopT4Zl4qyY7A
-----END CERTIFICATE-----