Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5WRm8_DEg8lV0LBDXLvNXYkNjkw.roa
File:                     5WRm8_DEg8lV0LBDXLvNXYkNjkw.roa (raw, json)
Hash identifier:          HtVq3CPyDJWwaGuhu87OIfSDH0KGi3DviO8kmJM29a8=
Subject key identifier:   E5:64:66:F3:F0:C4:83:C9:55:D0:B0:43:5C:BB:CD:5D:89:0D:8E:4C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D0B5BADCC805597C4ED48286D0B0FD5C5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5WRm8_DEg8lV0LBDXLvNXYkNjkw.roa
Signing time:             Fri 20 Mar 2026 13:07:30 +0000
ROA not before:           Fri 20 Mar 2026 13:07:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207350
IP address blocks:        94.183.236.0/24 maxlen: 24
                          94.183.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:5b:ad:cc:80:55:97:c4:ed:48:28:6d:0b:0f:d5:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 20 13:07:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e56466f3f0c483c955d0b0435cbbcd5d890d8e4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a5:13:db:9d:cf:94:14:0a:a5:19:3b:e6:e2:
                    6b:34:7d:7d:3a:84:85:ff:de:8e:57:bc:17:82:da:
                    a0:e2:a6:4f:d7:af:d1:5e:13:0c:2c:17:cd:5f:b7:
                    c7:0c:41:8c:ac:3d:c7:9c:ef:6f:85:23:e1:ca:ba:
                    83:eb:ee:16:99:c8:06:dd:92:bb:bd:e1:f8:72:02:
                    a6:0f:37:28:b5:d4:9b:6b:bb:19:ba:f7:1a:72:22:
                    7e:e8:d8:56:09:ba:f8:bd:3f:bd:94:66:f5:65:b6:
                    77:97:fd:df:4c:78:e3:5a:2d:aa:ba:66:1c:f0:f1:
                    79:e8:30:55:e2:c5:fc:3f:0b:1d:c2:83:2d:a5:fd:
                    52:42:15:80:64:3d:c8:d6:e4:be:b8:59:df:4d:ad:
                    bf:13:ab:4e:1b:20:ec:e5:04:a1:ac:a4:79:03:7c:
                    6c:43:21:1c:64:cb:83:2f:21:c9:70:77:b7:33:97:
                    59:0d:41:65:e9:47:7e:47:01:a9:81:b4:f5:2b:32:
                    50:ad:6f:89:9f:98:74:90:d7:fb:3b:be:3b:f3:df:
                    b2:41:43:47:bf:30:02:23:f5:c2:e1:7b:5c:40:9d:
                    20:06:6b:97:2d:e7:0e:00:2e:ba:de:68:9b:7c:78:
                    73:45:b6:17:5d:be:90:36:e0:86:ee:df:a7:d2:3b:
                    0f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:64:66:F3:F0:C4:83:C9:55:D0:B0:43:5C:BB:CD:5D:89:0D:8E:4C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5WRm8_DEg8lV0LBDXLvNXYkNjkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.236.0/24
                  94.183.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:d7:d1:8d:1b:ed:5c:bd:22:80:8c:35:bb:ea:48:c2:d8:7a:
         1b:14:ab:f3:40:68:94:2d:18:e6:ab:4c:0b:6b:f0:e1:84:01:
         0c:a4:0d:0b:af:d4:1d:e8:9e:df:4b:fe:99:c6:d0:5c:9e:08:
         56:6b:9f:8f:cc:fe:61:99:ef:59:c3:9b:87:ba:62:da:1e:48:
         a3:d3:c8:dc:b2:f7:b7:95:cd:8b:cc:50:4a:52:95:b1:8d:9b:
         2d:2e:89:70:22:be:2d:22:b7:99:85:c9:72:1b:e3:97:e1:cc:
         ab:3d:f7:64:a8:1e:5b:9b:b9:91:36:c0:00:82:77:c5:1b:34:
         a3:37:de:5a:e8:58:c4:ca:50:8a:3e:39:e6:5f:c0:b5:ac:d8:
         09:97:4c:63:b9:86:6d:52:09:9c:3c:ca:28:cb:3c:2e:48:3b:
         5d:5e:71:62:c8:47:41:0e:69:bb:09:74:94:76:6b:a7:7a:b0:
         21:ef:30:68:6b:9d:00:22:8b:a3:45:09:30:22:c1:73:f3:5e:
         7f:ea:5a:74:64:93:44:af:f0:2c:bd:15:2f:d0:b2:bd:aa:9e:
         73:0a:4e:4d:e8:27:15:61:ef:85:46:1b:3d:f9:49:5d:26:5c:
         dc:07:cb:31:25:71:9b:6e:68:59:ee:d0:1d:08:96:db:6f:34:
         0f:74:c2:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0LW63MgFWXxO1IKG0LD9XFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzIwMTMwNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTY0NjZmM2YwYzQ4M2M5NTVkMGIwNDM1Y2JiY2Q1ZDg5MGQ4ZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KUT253PlBQKpRk75uJrNH19OoSF
/96OV7wXgtqg4qZP16/RXhMMLBfNX7fHDEGMrD3HnO9vhSPhyrqD6+4WmcgG3ZK7
veH4cgKmDzcotdSba7sZuvcaciJ+6NhWCbr4vT+9lGb1ZbZ3l/3fTHjjWi2qumYc
8PF56DBV4sX8PwsdwoMtpf1SQhWAZD3I1uS+uFnfTa2/E6tOGyDs5QShrKR5A3xs
QyEcZMuDLyHJcHe3M5dZDUFl6Ud+RwGpgbT1KzJQrW+Jn5h0kNf7O74789+yQUNH
vzACI/XC4XtcQJ0gBmuXLecOAC663mibfHhzRbYXXb6QNuCG7t+n0jsPGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOVkZvPwxIPJVdCwQ1y7zV2JDY5MMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNVdSbThfREVnOGxWMExCRFhMdk5YWWtOamt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrfsAwQA
XrfxMA0GCSqGSIb3DQEBCwUAA4IBAQCb19GNG+1cvSKAjDW76kjC2HobFKvzQGiU
LRjmq0wLa/DhhAEMpA0Lr9Qd6J7fS/6ZxtBcnghWa5+PzP5hme9Zw5uHumLaHkij
08jcsve3lc2LzFBKUpWxjZstLolwIr4tIreZhclyG+OX4cyrPfdkqB5bm7mRNsAA
gnfFGzSjN95a6FjEylCKPjnmX8C1rNgJl0xjuYZtUgmcPMooyzwuSDtdXnFiyEdB
Dmm7CXSUdmunerAh7zBoa50AIoujRQkwIsFz815/6lp0ZJNEr/AsvRUv0LK9qp5z
Ck5N6CcVYe+FRhs9+UldJlzcB8sxJXGbbmhZ7tAdCJbbbzQPdMJ0
-----END CERTIFICATE-----