Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lTrgh_K09yYjEqg9Gc8-rn4htHk.roa
File:                     lTrgh_K09yYjEqg9Gc8-rn4htHk.roa (raw, json)
Hash identifier:          ihrxgzweTgYW5q0u9NcX915yd0AxdPGr8JoWAZo7+1g=
Subject key identifier:   95:3A:E0:87:F2:B4:F7:26:23:12:A8:3D:19:CF:3E:AE:7E:21:B4:79
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A34185E520479CDE16CCD8530127FD58E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lTrgh_K09yYjEqg9Gc8-rn4htHk.roa
Signing time:             Thu 30 Oct 2025 07:50:03 +0000
ROA not before:           Thu 30 Oct 2025 07:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        31.58.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:34:18:5e:52:04:79:cd:e1:6c:cd:85:30:12:7f:d5:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 30 07:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=953ae087f2b4f7262312a83d19cf3eae7e21b479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cb:35:1a:49:ff:a8:b1:f8:0c:0e:ca:08:72:
                    40:ec:22:76:47:86:69:f6:09:6a:3f:0e:2c:6b:29:
                    f6:31:b5:34:07:31:8c:33:fb:90:8b:d3:ff:f3:c3:
                    8d:eb:ad:82:40:47:98:c7:93:65:6d:88:23:41:f9:
                    f5:fa:0c:24:63:2f:c0:1a:82:b3:44:3d:85:60:af:
                    7b:3d:5c:6d:93:34:e6:ba:c3:f5:b7:b8:37:b6:7f:
                    03:8d:3c:cb:e2:44:aa:1a:fd:74:9b:ec:f5:4c:ff:
                    c4:fc:20:ff:1c:7f:5c:3c:fc:5c:eb:47:f1:fb:dc:
                    d3:4b:db:00:90:00:be:16:a8:fe:ae:36:92:39:42:
                    80:d9:f5:36:13:0a:14:bb:88:39:40:6d:63:56:85:
                    e4:5b:92:d7:5b:14:bd:aa:58:0e:18:c3:55:09:8f:
                    03:77:0a:48:35:3b:b6:15:b7:34:5d:1e:5c:de:99:
                    9b:aa:53:77:89:36:3f:95:3c:fe:c9:de:75:c2:88:
                    e1:9c:e1:10:21:73:f5:b4:c1:f9:40:47:16:0d:25:
                    b2:f3:11:9d:e6:b8:38:d6:cd:c6:bb:ab:b2:94:aa:
                    d2:86:10:0f:34:18:46:c6:f0:b0:3a:a6:d5:99:b5:
                    8f:f4:87:8a:c6:6e:e1:f4:47:f7:3d:a7:f4:b5:2f:
                    d9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:3A:E0:87:F2:B4:F7:26:23:12:A8:3D:19:CF:3E:AE:7E:21:B4:79
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lTrgh_K09yYjEqg9Gc8-rn4htHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:31:9a:24:f1:2b:8f:94:60:6e:1e:f3:db:38:14:c1:6c:dd:
         1d:aa:b4:c9:0a:e5:e6:77:4f:ef:fe:5e:a8:f4:d7:2e:2e:8c:
         8d:a7:96:de:d7:fa:ce:20:c7:de:e3:ae:47:b6:ef:d0:c9:7b:
         4e:7e:3e:a0:97:58:3a:15:a5:43:75:84:c3:b8:55:f5:dd:5b:
         0c:e7:4c:6f:30:a3:a8:76:a9:d0:55:ba:d2:29:4f:56:36:b5:
         c3:79:5a:e9:92:9b:56:62:c6:f0:52:cd:c9:64:e6:3d:43:37:
         e8:48:34:fe:80:7c:ed:7a:fb:10:10:87:83:82:99:43:04:0c:
         82:c7:4d:60:9c:4a:65:89:bd:66:b2:b4:fb:9b:a0:7c:8e:f6:
         dc:0c:da:e7:24:67:62:bf:79:a8:be:a2:a5:fb:96:c0:67:f1:
         41:c9:6f:4d:1d:93:43:1d:fd:5e:2a:56:fa:39:37:4b:04:4c:
         78:70:db:b0:ce:7b:13:5b:b5:63:f7:43:38:4a:72:f7:a0:b3:
         f2:30:f5:ed:bb:8a:df:20:61:93:de:5f:23:5a:4e:88:1f:1b:
         c8:fd:a1:11:48:5a:82:73:fc:cd:a1:58:c6:ea:5b:59:f2:f8:
         1f:c2:86:e4:f3:04:87:14:4c:54:58:ba:db:d1:ef:80:8c:b7:
         54:00:71:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo0GF5SBHnN4WzNhTASf9WOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDMwMDc1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTNhZTA4N2YyYjRmNzI2MjMxMmE4M2QxOWNmM2VhZTdlMjFiNDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8s1Gkn/qLH4DA7KCHJA7CJ2R4Zp
9glqPw4sayn2MbU0BzGMM/uQi9P/88ON662CQEeYx5NlbYgjQfn1+gwkYy/AGoKz
RD2FYK97PVxtkzTmusP1t7g3tn8DjTzL4kSqGv10m+z1TP/E/CD/HH9cPPxc60fx
+9zTS9sAkAC+Fqj+rjaSOUKA2fU2EwoUu4g5QG1jVoXkW5LXWxS9qlgOGMNVCY8D
dwpINTu2Fbc0XR5c3pmbqlN3iTY/lTz+yd51wojhnOEQIXP1tMH5QEcWDSWy8xGd
5rg41s3Gu6uylKrShhAPNBhGxvCwOqbVmbWP9IeKxm7h9Ef3Paf0tS/Z5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJU64IfytPcmIxKoPRnPPq5+IbR5MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbFRyZ2hfSzA5eVlqRXFnOUdjOC1ybjRodEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzo7MA0G
CSqGSIb3DQEBCwUAA4IBAQBKMZok8SuPlGBuHvPbOBTBbN0dqrTJCuXmd0/v/l6o
9NcuLoyNp5be1/rOIMfe465Htu/QyXtOfj6gl1g6FaVDdYTDuFX13VsM50xvMKOo
dqnQVbrSKU9WNrXDeVrpkptWYsbwUs3JZOY9QzfoSDT+gHztevsQEIeDgplDBAyC
x01gnEplib1msrT7m6B8jvbcDNrnJGdiv3movqKl+5bAZ/FByW9NHZNDHf1eKlb6
OTdLBEx4cNuwznsTW7Vj90M4SnL3oLPyMPXtu4rfIGGT3l8jWk6IHxvI/aERSFqC
c/zNoVjG6ltZ8vgfwobk8wSHFExUWLrb0e+AjLdUAHFL
-----END CERTIFICATE-----