Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pLOARFzYLx8GKH9yOtD6pELy4PU.roa
File:                     pLOARFzYLx8GKH9yOtD6pELy4PU.roa (raw, json)
Hash identifier:          49iAuKVGL0ugsBmA1BJefDG3636eHw0TDRDkOFrJQ20=
Subject key identifier:   A4:B3:80:44:5C:D8:2F:1F:06:28:7F:72:3A:D0:FA:A4:42:F2:E0:F5
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019875B3BD342106FFA01386212AD85D1A6C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pLOARFzYLx8GKH9yOtD6pELy4PU.roa
Signing time:             Mon 04 Aug 2025 15:29:30 +0000
ROA not before:           Mon 04 Aug 2025 15:29:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52053
IP address blocks:        217.60.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:32:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:b3:bd:34:21:06:ff:a0:13:86:21:2a:d8:5d:1a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug  4 15:29:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4b380445cd82f1f06287f723ad0faa442f2e0f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c5:eb:15:ae:d5:81:53:83:6a:51:cb:08:32:
                    c4:33:51:d8:17:01:b9:38:49:f3:40:44:07:4c:53:
                    e1:e1:3e:0d:92:58:64:45:d2:44:88:14:e1:0a:be:
                    27:c4:9e:b3:eb:b4:8f:2b:c7:cb:d2:33:d9:76:0c:
                    46:0a:73:b3:32:2a:ef:59:d7:ce:f8:a4:93:c6:39:
                    cc:9a:61:8f:7a:c8:9a:7e:0d:d6:a4:eb:aa:e8:bf:
                    97:5e:31:a5:ca:82:fc:cd:33:ab:c4:89:74:42:f5:
                    58:d7:dd:f5:c5:21:06:be:bb:01:89:86:32:ca:ac:
                    00:4e:ff:28:0c:29:30:54:7a:30:32:55:08:80:e9:
                    a6:63:f6:f3:8d:f8:5e:07:1e:e1:a1:90:96:d6:1e:
                    c3:94:43:cc:8b:86:01:7b:e2:2b:8c:13:af:4a:cc:
                    87:e4:bf:05:f7:71:43:4d:b9:82:9c:8f:c0:cc:2c:
                    b3:c3:20:00:d2:bd:01:86:f9:cd:4d:a6:b9:37:4c:
                    67:2a:b4:e8:07:14:05:f5:40:dd:e3:07:72:24:84:
                    db:60:1a:34:39:0e:bb:2f:be:47:79:e0:38:af:05:
                    fa:9e:c5:b6:6b:67:2f:d9:e7:ed:0c:8d:96:03:40:
                    93:84:c8:1c:63:ef:dc:34:e7:6a:90:8e:a8:b9:57:
                    51:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:B3:80:44:5C:D8:2F:1F:06:28:7F:72:3A:D0:FA:A4:42:F2:E0:F5
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pLOARFzYLx8GKH9yOtD6pELy4PU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:28:c6:c1:5f:b3:33:9c:58:02:9a:fa:a6:74:2e:80:82:db:
         7e:a6:df:7b:25:84:85:f0:e4:90:9c:e5:c3:8a:8f:f1:81:44:
         bb:b9:9d:a6:b2:d9:bd:fe:c9:d4:9f:35:b8:64:5b:33:ac:9d:
         1b:63:c6:33:a7:42:a1:75:76:dc:15:80:a8:80:97:00:36:47:
         e3:a4:2e:01:13:53:3b:7f:e4:86:23:a1:f7:92:de:ec:3b:22:
         1d:9c:79:6d:5b:b8:5c:6b:13:ee:b2:e6:39:36:c3:5d:5d:d5:
         2d:5e:7b:87:d8:27:32:9d:dd:6d:96:f5:76:c2:cb:43:fd:10:
         90:0d:2c:97:4e:a1:07:f5:5a:66:70:e3:d5:2a:30:0c:fc:c8:
         69:a1:83:b5:0d:a9:16:80:d6:12:1d:41:1f:da:14:d2:b5:5d:
         c9:ce:05:7e:e0:98:24:1a:a5:cb:aa:fb:41:ad:f4:40:b5:45:
         8b:36:30:9e:da:0f:06:84:f4:4c:4a:93:ac:d9:8a:b9:17:fd:
         de:11:16:9f:91:3a:3c:ed:01:66:f9:df:d6:2e:c1:95:13:44:
         d4:81:8d:74:8a:a7:fb:5f:3b:9b:99:1c:8b:f6:51:d9:22:ec:
         94:80:82:92:8a:9b:10:ea:1f:20:95:96:b7:33:d3:83:54:b3:
         7c:8d:ac:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh1s700IQb/oBOGISrYXRpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODA0MTUyOTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGIzODA0NDVjZDgyZjFmMDYyODdmNzIzYWQwZmFhNDQyZjJlMGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8XrFa7VgVODalHLCDLEM1HYFwG5
OEnzQEQHTFPh4T4NklhkRdJEiBThCr4nxJ6z67SPK8fL0jPZdgxGCnOzMirvWdfO
+KSTxjnMmmGPesiafg3WpOuq6L+XXjGlyoL8zTOrxIl0QvVY1931xSEGvrsBiYYy
yqwATv8oDCkwVHowMlUIgOmmY/bzjfheBx7hoZCW1h7DlEPMi4YBe+IrjBOvSsyH
5L8F93FDTbmCnI/AzCyzwyAA0r0BhvnNTaa5N0xnKrToBxQF9UDd4wdyJITbYBo0
OQ67L75HeeA4rwX6nsW2a2cv2eftDI2WA0CThMgcY+/cNOdqkI6ouVdR7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSzgERc2C8fBih/cjrQ+qRC8uD1MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcExPQVJGellMeDhHS0g5eU90RDZwRUx5NFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2TzAMA0G
CSqGSIb3DQEBCwUAA4IBAQCOKMbBX7MznFgCmvqmdC6Agtt+pt97JYSF8OSQnOXD
io/xgUS7uZ2mstm9/snUnzW4ZFszrJ0bY8Yzp0KhdXbcFYCogJcANkfjpC4BE1M7
f+SGI6H3kt7sOyIdnHltW7hcaxPusuY5NsNdXdUtXnuH2Ccynd1tlvV2wstD/RCQ
DSyXTqEH9VpmcOPVKjAM/MhpoYO1DakWgNYSHUEf2hTStV3JzgV+4JgkGqXLqvtB
rfRAtUWLNjCe2g8GhPRMSpOs2Yq5F/3eERafkTo87QFm+d/WLsGVE0TUgY10iqf7
XzubmRyL9lHZIuyUgIKSipsQ6h8glZa3M9ODVLN8jawL
-----END CERTIFICATE-----