Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AiO2f54fLp9ZZodKPdAfEQsRIDM.roa
File:                     AiO2f54fLp9ZZodKPdAfEQsRIDM.roa (raw, json)
Hash identifier:          m99MA+SC6FgXUTpaB3AVTQpo0up37npsQ2GM/NqepOk=
Subject key identifier:   02:23:B6:7F:9E:1F:2E:9F:59:66:87:4A:3D:D0:1F:11:0B:11:20:33
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E1B786F25DAAD5CBEEFEDAD03F26D5A31
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AiO2f54fLp9ZZodKPdAfEQsRIDM.roa
Signing time:             Tue 12 May 2026 09:15:38 +0000
ROA not before:           Tue 12 May 2026 09:15:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213915
IP address blocks:        94.183.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1b:78:6f:25:da:ad:5c:be:ef:ed:ad:03:f2:6d:5a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 12 09:15:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0223b67f9e1f2e9f5966874a3dd01f110b112033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:15:d1:b1:82:91:12:89:7b:5a:d2:2f:a2:eb:
                    39:ca:18:74:64:86:f4:ea:d0:6e:be:fc:1a:4a:1a:
                    81:89:85:8c:c4:9d:e8:67:82:43:d0:3d:93:cf:1c:
                    54:6b:63:4c:62:49:87:3d:34:96:4a:b0:05:97:94:
                    39:25:30:36:3f:e0:10:66:ba:27:a6:c3:23:17:d7:
                    1e:2a:4f:ce:4f:c6:fc:a7:62:64:57:fe:78:cd:85:
                    98:0c:78:8b:f7:b0:45:99:33:c3:d9:86:09:5d:af:
                    73:c9:d4:15:9f:4b:a4:8b:df:c8:f8:27:a5:e1:ae:
                    4f:e1:5b:ac:dd:99:6b:93:fb:8b:25:3f:09:0b:ab:
                    4f:da:eb:90:3b:7d:8f:62:54:51:64:a6:3a:7a:d6:
                    25:31:37:38:5b:ea:77:c8:c3:0c:5d:e4:82:df:09:
                    89:52:da:49:61:df:cd:0f:f1:dc:23:b3:27:03:80:
                    ab:b6:85:91:a9:53:59:c7:89:01:6e:a2:fc:05:e9:
                    97:26:5c:ad:b4:02:c8:37:6a:e5:3c:60:f9:85:13:
                    3a:23:d5:c5:66:31:80:e7:d9:4b:79:3e:55:f4:90:
                    e5:f8:a4:a4:c1:42:6e:7a:39:7b:b4:db:fe:62:c9:
                    12:92:f2:49:16:70:53:5b:77:b2:c7:6b:72:c2:88:
                    49:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:23:B6:7F:9E:1F:2E:9F:59:66:87:4A:3D:D0:1F:11:0B:11:20:33
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AiO2f54fLp9ZZodKPdAfEQsRIDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:5d:11:3e:e5:fc:0c:46:3e:14:2e:e9:47:ab:71:33:cf:19:
         2b:51:b7:5a:f6:a1:25:b0:c0:18:f2:a8:e5:81:4e:6f:87:a7:
         7d:64:83:d2:69:43:ac:20:e5:20:28:8b:8a:73:9c:c4:1e:14:
         87:7f:58:d6:05:1b:89:1c:7a:ef:2b:e8:9c:00:59:11:e4:89:
         14:30:c7:fc:0e:1b:11:71:49:4d:6c:75:73:96:ea:67:74:47:
         04:7c:a6:41:87:e2:4e:6c:c8:5d:be:a8:74:a7:9c:be:b0:34:
         ef:4b:86:36:69:55:d8:36:cb:94:41:1f:5a:1a:ad:90:5a:97:
         fb:ab:01:bc:11:69:5e:26:70:68:25:ee:c6:93:dc:91:76:71:
         d1:c4:fe:f6:5b:1a:c0:29:96:40:2f:7b:80:91:f8:56:fa:28:
         7d:49:90:0b:21:14:8b:ab:d8:a1:7b:0d:e1:13:32:1e:a4:f5:
         19:f5:0e:55:ed:37:4a:06:02:e0:b4:d5:f7:87:06:0b:b4:d9:
         bb:0f:df:44:c0:ab:49:a4:0c:91:7d:3b:e0:bc:39:8f:87:da:
         bc:61:2a:9d:3c:cd:73:23:9c:80:64:dc:56:02:f4:c7:f6:5b:
         c6:8a:03:04:94:22:10:3d:51:a0:86:8b:15:03:31:21:d0:87:
         d7:b9:21:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4beG8l2q1cvu/trQPybVoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTEyMDkxNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjIzYjY3ZjllMWYyZTlmNTk2Njg3NGEzZGQwMWYxMTBiMTEyMDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhXRsYKREol7WtIvous5yhh0ZIb0
6tBuvvwaShqBiYWMxJ3oZ4JD0D2TzxxUa2NMYkmHPTSWSrAFl5Q5JTA2P+AQZron
psMjF9ceKk/OT8b8p2JkV/54zYWYDHiL97BFmTPD2YYJXa9zydQVn0uki9/I+Cel
4a5P4Vus3Zlrk/uLJT8JC6tP2uuQO32PYlRRZKY6etYlMTc4W+p3yMMMXeSC3wmJ
UtpJYd/ND/HcI7MnA4CrtoWRqVNZx4kBbqL8BemXJlyttALIN2rlPGD5hRM6I9XF
ZjGA59lLeT5V9JDl+KSkwUJuejl7tNv+YskSkvJJFnBTW3eyx2tywohJ9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIjtn+eHy6fWWaHSj3QHxELESAzMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQWlPMmY1NGZMcDlaWm9kS1BkQWZFUXNSSURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrflMA0G
CSqGSIb3DQEBCwUAA4IBAQCtXRE+5fwMRj4ULulHq3EzzxkrUbda9qElsMAY8qjl
gU5vh6d9ZIPSaUOsIOUgKIuKc5zEHhSHf1jWBRuJHHrvK+icAFkR5IkUMMf8DhsR
cUlNbHVzlupndEcEfKZBh+JObMhdvqh0p5y+sDTvS4Y2aVXYNsuUQR9aGq2QWpf7
qwG8EWleJnBoJe7Gk9yRdnHRxP72WxrAKZZAL3uAkfhW+ih9SZALIRSLq9ihew3h
EzIepPUZ9Q5V7TdKBgLgtNX3hwYLtNm7D99EwKtJpAyRfTvgvDmPh9q8YSqdPM1z
I5yAZNxWAvTH9lvGigMElCIQPVGghosVAzEh0IfXuSG7
-----END CERTIFICATE-----