Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cdYOTIsunD_AIdIllKHM-G3OZJE.roa
File:                     cdYOTIsunD_AIdIllKHM-G3OZJE.roa (raw, json)
Hash identifier:          QiFj2yfHGjMVkYDQdtvvGaLXiH/aW3AvWtGmoRptsCU=
Subject key identifier:   71:D6:0E:4C:8B:2E:9C:3F:C0:21:D2:25:94:A1:CC:F8:6D:CE:64:91
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DF40AEEE531E1AD879087C86C1642C496
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cdYOTIsunD_AIdIllKHM-G3OZJE.roa
Signing time:             Mon 04 May 2026 17:30:50 +0000
ROA not before:           Mon 04 May 2026 17:30:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48014
IP address blocks:        94.183.253.0/24 maxlen: 24
                          217.60.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f4:0a:ee:e5:31:e1:ad:87:90:87:c8:6c:16:42:c4:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  4 17:30:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71d60e4c8b2e9c3fc021d22594a1ccf86dce6491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:18:92:32:82:30:45:ce:16:c6:88:ea:e9:81:
                    32:43:3b:e6:b8:79:e3:3c:be:5c:46:35:9c:e4:7a:
                    6f:d6:3b:65:38:a9:f9:1e:ae:6b:96:1c:0e:b3:a5:
                    ca:f5:05:ac:2d:dd:2e:ab:45:7e:bf:f4:b8:02:04:
                    26:36:22:ca:eb:e3:11:f8:1b:cb:72:fe:d5:8a:3f:
                    c7:57:09:57:aa:50:5f:2b:ed:85:4e:a2:b2:f7:be:
                    60:a3:e1:dc:f7:ae:17:e5:b0:9f:7e:24:5b:01:ea:
                    2c:e1:34:b6:b8:e9:1e:cc:0b:1b:d1:73:08:7d:a6:
                    16:dc:51:29:50:ca:1b:3f:7a:47:63:1f:c8:7b:b1:
                    9b:93:62:79:45:5c:41:05:c6:27:97:f7:0e:9e:aa:
                    b1:06:fa:f4:37:cb:f6:3e:84:af:2f:73:94:0c:4a:
                    b1:5b:a5:c5:57:fb:ec:47:39:93:d5:d2:03:8d:81:
                    a1:a3:4a:2f:c2:d0:58:02:c8:79:62:0a:d2:f5:0e:
                    1b:64:ba:66:a5:61:70:44:ee:c5:8c:83:4e:d3:cf:
                    1e:ef:cf:15:6a:49:70:57:3a:06:45:47:d6:62:95:
                    cf:34:3d:48:07:f2:5f:88:28:c1:28:be:d7:6f:c2:
                    03:49:67:b4:a1:40:56:29:39:51:23:5c:4f:d3:96:
                    d2:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D6:0E:4C:8B:2E:9C:3F:C0:21:D2:25:94:A1:CC:F8:6D:CE:64:91
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cdYOTIsunD_AIdIllKHM-G3OZJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.253.0/24
                  217.60.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:c2:2d:c1:2d:07:e5:0e:cc:b7:1c:c0:b6:9e:97:87:4e:da:
         d1:4c:77:94:63:e2:0a:df:48:cd:cd:96:a6:8a:af:0a:a3:d2:
         84:19:25:68:ab:41:c5:06:a6:4e:e7:ec:b0:12:0d:50:1d:52:
         1a:d7:0b:d0:63:32:af:94:31:86:05:a2:bc:63:06:98:38:fa:
         7f:b2:64:02:f9:fa:12:ef:df:15:9b:45:30:f7:39:1e:49:28:
         e7:db:46:ee:a6:37:7b:d8:b8:03:7c:bc:89:a3:92:73:82:b1:
         a1:9c:cc:90:45:d7:4b:6a:7b:a9:6e:15:38:42:ab:20:f3:ed:
         d8:39:0e:75:69:64:e9:e2:ad:c2:29:ad:5f:59:80:e7:e7:09:
         b3:f2:f5:3f:a8:ce:ff:53:1d:d9:eb:d8:a8:28:73:9e:9e:e1:
         43:5f:79:7d:df:8c:4d:aa:18:f5:81:00:62:0c:bc:cc:32:f1:
         61:7d:58:00:8d:92:95:50:fa:74:b9:ed:b8:55:4e:09:3a:b1:
         e3:4a:30:cd:98:87:a4:20:9c:39:89:3a:03:87:76:3e:e6:87:
         b2:59:05:72:57:58:3a:4f:b6:78:15:2c:9c:8e:61:6b:63:08:
         a6:6b:1c:1e:65:4c:b6:81:33:fc:c7:52:9a:40:2d:97:d7:08:
         d3:a0:81:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ30Cu7lMeGth5CHyGwWQsSWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTA0MTczMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQ2MGU0YzhiMmU5YzNmYzAyMWQyMjU5NGExY2NmODZkY2U2NDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxiSMoIwRc4Wxojq6YEyQzvmuHnj
PL5cRjWc5Hpv1jtlOKn5Hq5rlhwOs6XK9QWsLd0uq0V+v/S4AgQmNiLK6+MR+BvL
cv7Vij/HVwlXqlBfK+2FTqKy975go+Hc964X5bCffiRbAeos4TS2uOkezAsb0XMI
faYW3FEpUMobP3pHYx/Ie7Gbk2J5RVxBBcYnl/cOnqqxBvr0N8v2PoSvL3OUDEqx
W6XFV/vsRzmT1dIDjYGho0ovwtBYAsh5YgrS9Q4bZLpmpWFwRO7FjINO088e788V
aklwVzoGRUfWYpXPND1IB/JfiCjBKL7Xb8IDSWe0oUBWKTlRI1xP05bS+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHHWDkyLLpw/wCHSJZShzPhtzmSRMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY2RZT1RJc3VuRF9BSWRJbGxLSE0tRzNPWkpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrf9AwQA
2TwOMA0GCSqGSIb3DQEBCwUAA4IBAQAgwi3BLQflDsy3HMC2npeHTtrRTHeUY+IK
30jNzZamiq8Ko9KEGSVoq0HFBqZO5+ywEg1QHVIa1wvQYzKvlDGGBaK8YwaYOPp/
smQC+foS798Vm0Uw9zkeSSjn20bupjd72LgDfLyJo5JzgrGhnMyQRddLanupbhU4
Qqsg8+3YOQ51aWTp4q3CKa1fWYDn5wmz8vU/qM7/Ux3Z69ioKHOenuFDX3l934xN
qhj1gQBiDLzMMvFhfVgAjZKVUPp0ue24VU4JOrHjSjDNmIekIJw5iToDh3Y+5oey
WQVyV1g6T7Z4FSycjmFrYwimaxweZUy2gTP8x1KaQC2X1wjToIGX
-----END CERTIFICATE-----