Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AkAStWYi7TkgdNWXd1n6brw2cZ8.roa
File:                     AkAStWYi7TkgdNWXd1n6brw2cZ8.roa (raw, json)
Hash identifier:          t/h2FbXu+ligdTKWS5ZZFVGQ28wPWngawBw1JWPGxnY=
Subject key identifier:   02:40:12:B5:66:22:ED:39:20:74:D5:97:77:59:FA:6E:BC:36:71:9F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01999AEB6A5FDEF6B478CAA2EF98C98CD5BD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AkAStWYi7TkgdNWXd1n6brw2cZ8.roa
Signing time:             Tue 30 Sep 2025 13:59:03 +0000
ROA not before:           Tue 30 Sep 2025 13:59:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216169
IP address blocks:        217.60.199.0/24 maxlen: 24
                          217.60.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 06:14:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:eb:6a:5f:de:f6:b4:78:ca:a2:ef:98:c9:8c:d5:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 30 13:59:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=024012b56622ed392074d5977759fa6ebc36719f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e2:36:7e:8f:01:21:f6:4c:47:c7:0b:3e:f0:
                    87:bb:f5:8e:ad:12:f4:8d:98:ac:8c:10:e3:e1:ae:
                    26:f0:b3:40:95:22:66:d7:98:52:55:d9:3a:69:6b:
                    65:99:04:94:67:ae:34:c7:a8:59:8d:96:b9:73:16:
                    d8:cc:27:03:5d:b1:b8:a0:d0:6e:62:66:74:3b:54:
                    40:32:05:9d:00:42:76:c6:6f:87:0b:08:b1:e8:39:
                    e2:27:00:4b:a3:9b:e6:9b:9a:df:6a:c0:05:25:76:
                    9d:a8:c7:29:49:5f:9d:3b:ad:8c:b7:97:b5:c5:f7:
                    b3:ee:09:46:8e:d1:c6:9c:6a:f7:e9:c7:01:bc:85:
                    31:a8:24:1a:70:8c:cf:fa:a1:05:3a:90:76:94:6d:
                    ae:fc:c9:94:f3:71:6f:97:fb:bb:ff:e4:41:a2:af:
                    e6:80:31:26:c0:b9:fe:51:42:99:01:b2:12:6d:f6:
                    c5:ce:b6:95:cf:86:a5:ae:57:be:38:1e:52:49:82:
                    7f:38:d2:80:a0:a1:d4:44:fc:1a:a8:30:70:38:84:
                    9e:0f:21:f9:a7:14:81:c6:91:8a:11:4c:e7:8d:cd:
                    e0:c0:85:3e:30:e8:1c:d9:11:d7:a0:74:f5:b3:ea:
                    78:70:a0:0d:89:1c:dc:78:06:fb:44:ba:f1:2e:c0:
                    ef:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:40:12:B5:66:22:ED:39:20:74:D5:97:77:59:FA:6E:BC:36:71:9F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AkAStWYi7TkgdNWXd1n6brw2cZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.199.0/24
                  217.60.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:55:7c:17:38:92:cd:0f:da:11:08:bb:7a:36:59:75:4f:d1:
         4a:11:62:86:4a:1a:0c:de:00:a0:c5:a3:7f:ad:54:cd:51:19:
         5f:b1:1c:98:a6:98:d3:4f:88:38:fb:53:0a:70:cb:0e:db:bb:
         1e:d7:6e:ba:07:b6:2e:cb:83:27:d9:c7:ac:d0:67:9e:e6:aa:
         57:92:37:81:ab:c8:5e:92:2f:16:f9:06:8b:b2:a9:6f:da:03:
         2d:b9:36:6b:93:6a:cb:67:e7:2c:f7:af:71:32:b7:94:1d:3d:
         cf:3d:78:e4:dd:40:8e:f5:7f:07:8d:2e:ba:c0:de:9c:72:49:
         f9:b0:11:6f:ef:00:18:b3:97:1e:10:c5:a2:02:5d:3b:be:48:
         99:90:4e:e2:e7:7f:1a:21:1e:f8:16:28:8a:8d:23:22:78:48:
         a4:00:dc:a0:63:e0:39:9c:6f:fb:3e:94:4a:80:72:eb:11:d2:
         f1:ae:d0:90:b4:46:fd:c9:98:c8:b6:a4:8c:3e:af:b8:10:d0:
         a9:c9:43:50:6c:bf:89:18:51:63:11:ca:3c:6c:c5:94:91:3f:
         43:d0:34:89:cc:4e:32:bd:6a:6e:c4:6f:57:f0:53:63:96:1d:
         78:7c:d7:23:55:8a:81:75:05:fe:76:7c:97:9d:96:dd:55:0a:
         ce:e6:5b:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZma62pf3va0eMqi75jJjNW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTMwMTM1OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjQwMTJiNTY2MjJlZDM5MjA3NGQ1OTc3NzU5ZmE2ZWJjMzY3MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruI2fo8BIfZMR8cLPvCHu/WOrRL0
jZisjBDj4a4m8LNAlSJm15hSVdk6aWtlmQSUZ640x6hZjZa5cxbYzCcDXbG4oNBu
YmZ0O1RAMgWdAEJ2xm+HCwix6DniJwBLo5vmm5rfasAFJXadqMcpSV+dO62Mt5e1
xfez7glGjtHGnGr36ccBvIUxqCQacIzP+qEFOpB2lG2u/MmU83Fvl/u7/+RBoq/m
gDEmwLn+UUKZAbISbfbFzraVz4alrle+OB5SSYJ/ONKAoKHURPwaqDBwOISeDyH5
pxSBxpGKEUznjc3gwIU+MOgc2RHXoHT1s+p4cKANiRzceAb7RLrxLsDv8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAJAErVmIu05IHTVl3dZ+m68NnGfMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQWtBU3RXWWk3VGtnZE5XWGQxbjZicncyY1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2TzHAwQA
2TzzMA0GCSqGSIb3DQEBCwUAA4IBAQBYVXwXOJLND9oRCLt6Nll1T9FKEWKGShoM
3gCgxaN/rVTNURlfsRyYppjTT4g4+1MKcMsO27se1266B7Yuy4Mn2ces0Gee5qpX
kjeBq8heki8W+QaLsqlv2gMtuTZrk2rLZ+cs969xMreUHT3PPXjk3UCO9X8HjS66
wN6cckn5sBFv7wAYs5ceEMWiAl07vkiZkE7i538aIR74FiiKjSMieEikANygY+A5
nG/7PpRKgHLrEdLxrtCQtEb9yZjItqSMPq+4ENCpyUNQbL+JGFFjEco8bMWUkT9D
0DSJzE4yvWpuxG9X8FNjlh14fNcjVYqBdQX+dnyXnZbdVQrO5lvF
-----END CERTIFICATE-----