Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3k7khoYNHaoYQnUqVbHUk6IDoPM.roa
File:                     3k7khoYNHaoYQnUqVbHUk6IDoPM.roa (raw, json)
Hash identifier:          rjfEw79AvQEHfNbRNCaKLYK9BoZZI0HEvMa9GCP1Mfc=
Subject key identifier:   DE:4E:E4:86:86:0D:1D:AA:18:42:75:2A:55:B1:D4:93:A2:03:A0:F3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DAB1BC23C8C024A9CEBCAE2FB138C3C53
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3k7khoYNHaoYQnUqVbHUk6IDoPM.roa
Signing time:             Mon 20 Apr 2026 13:36:56 +0000
ROA not before:           Mon 20 Apr 2026 13:36:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214078
IP address blocks:        217.60.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:1b:c2:3c:8c:02:4a:9c:eb:ca:e2:fb:13:8c:3c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 20 13:36:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de4ee486860d1daa1842752a55b1d493a203a0f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:74:71:91:f1:1e:7e:4d:56:08:be:c6:b7:13:
                    d2:b1:8d:99:0a:76:a3:5f:cd:24:d0:82:cf:2a:d7:
                    a4:3a:04:a5:32:12:4d:a1:99:59:b7:14:39:31:4b:
                    e9:73:ad:82:2d:64:e6:eb:05:c8:a9:05:09:e0:e0:
                    98:9a:b5:6c:71:f0:98:cf:17:56:c7:71:dc:f0:16:
                    54:00:e4:07:61:6d:2b:af:dc:22:08:82:7d:47:df:
                    4b:09:06:c1:72:d4:f8:38:95:a6:c6:61:e9:2d:95:
                    a9:e0:d0:ae:b5:c5:4b:ff:74:20:84:ff:6b:6b:95:
                    5c:74:0c:8f:34:c3:be:a1:50:e3:5e:95:27:d0:76:
                    ee:28:52:80:d8:a1:2b:b9:96:fc:98:9b:be:35:b8:
                    f8:e9:95:87:69:91:c2:96:48:12:e7:3d:10:d7:64:
                    25:dd:18:21:68:97:2d:67:c5:18:a0:6f:37:b3:f0:
                    98:b5:b7:b1:f8:a1:5a:7b:8a:97:89:ca:0c:d9:0c:
                    3e:76:59:de:6c:67:4b:83:70:07:69:a0:b8:e2:dd:
                    19:43:09:be:d5:30:ca:d1:a9:99:9b:45:8f:4d:ea:
                    a4:61:df:a7:52:10:cd:84:a1:91:1f:a2:17:67:e2:
                    fd:d0:59:de:aa:91:b7:3f:da:75:ea:82:70:83:a3:
                    53:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4E:E4:86:86:0D:1D:AA:18:42:75:2A:55:B1:D4:93:A2:03:A0:F3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3k7khoYNHaoYQnUqVbHUk6IDoPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:47:07:6c:d2:86:10:52:6b:58:f5:64:03:84:c4:0d:4a:eb:
         d6:ed:7e:0c:4e:84:6f:09:92:2c:97:e9:f1:67:5b:f2:e8:f5:
         80:ed:dd:4b:a5:e6:6b:4c:e8:63:2d:02:cf:2c:0b:e8:17:22:
         4f:ce:7c:e3:f1:91:9a:5c:b2:a3:20:7a:56:d3:42:b6:b1:ae:
         10:3f:3b:03:67:c1:41:36:73:3c:1a:41:27:9f:36:a1:34:4c:
         28:74:ac:61:79:03:08:e7:cb:06:c8:96:bb:27:8e:7f:c2:30:
         de:1f:48:7b:3b:21:9a:c4:53:37:f0:27:37:de:46:b2:65:6b:
         aa:16:3e:91:64:18:0d:2f:bd:f7:66:99:82:77:51:26:fb:b8:
         14:99:30:f1:9c:8b:a9:9e:b7:09:c2:04:84:86:83:e6:7b:01:
         51:76:5b:1d:b3:62:49:14:d4:2d:ee:71:92:f7:5a:8c:2f:bf:
         40:77:25:b4:a3:00:b6:65:2d:27:ca:e3:e4:65:bb:6e:65:a1:
         bc:ca:d9:13:69:03:8c:9f:e5:81:01:90:d3:1d:da:47:1f:eb:
         67:90:8f:b2:1a:26:50:0c:0f:c8:7b:da:0c:59:98:f6:c5:fa:
         59:3c:59:d6:b2:54:99:cc:f9:2d:ec:3b:1e:bc:cf:0c:bd:85:
         67:78:5d:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2rG8I8jAJKnOvK4vsTjDxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDIwMTMzNjU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTRlZTQ4Njg2MGQxZGFhMTg0Mjc1MmE1NWIxZDQ5M2EyMDNhMGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHRxkfEefk1WCL7GtxPSsY2ZCnaj
X80k0ILPKtekOgSlMhJNoZlZtxQ5MUvpc62CLWTm6wXIqQUJ4OCYmrVscfCYzxdW
x3Hc8BZUAOQHYW0rr9wiCIJ9R99LCQbBctT4OJWmxmHpLZWp4NCutcVL/3QghP9r
a5VcdAyPNMO+oVDjXpUn0HbuKFKA2KEruZb8mJu+Nbj46ZWHaZHClkgS5z0Q12Ql
3RghaJctZ8UYoG83s/CYtbex+KFae4qXicoM2Qw+dlnebGdLg3AHaaC44t0ZQwm+
1TDK0amZm0WPTeqkYd+nUhDNhKGRH6IXZ+L90FneqpG3P9p16oJwg6NTMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5O5IaGDR2qGEJ1KlWx1JOiA6DzMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvM2s3a2hvWU5IYW9ZUW5VcVZiSFVrNklEb1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Tz3MA0G
CSqGSIb3DQEBCwUAA4IBAQAgRwds0oYQUmtY9WQDhMQNSuvW7X4MToRvCZIsl+nx
Z1vy6PWA7d1LpeZrTOhjLQLPLAvoFyJPznzj8ZGaXLKjIHpW00K2sa4QPzsDZ8FB
NnM8GkEnnzahNEwodKxheQMI58sGyJa7J45/wjDeH0h7OyGaxFM38Cc33kayZWuq
Fj6RZBgNL733ZpmCd1Em+7gUmTDxnIupnrcJwgSEhoPmewFRdlsds2JJFNQt7nGS
91qML79AdyW0owC2ZS0nyuPkZbtuZaG8ytkTaQOMn+WBAZDTHdpHH+tnkI+yGiZQ
DA/Ie9oMWZj2xfpZPFnWslSZzPkt7DsevM8MvYVneF1b
-----END CERTIFICATE-----