Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zNU_dA-Qo6cxFrrcZ98NsL5K8uo.roa
File:                     zNU_dA-Qo6cxFrrcZ98NsL5K8uo.roa (raw, json)
Hash identifier:          X1HCxhlfYRSY+HGpLowDBKk2PBLDNHvk4tKRnTj+UZ4=
Subject key identifier:   CC:D5:3F:74:0F:90:A3:A7:31:16:BA:DC:67:DF:0D:B0:BE:4A:F2:EA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199C2A3CF9CDCC237AEDE7596A0FD973EC7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zNU_dA-Qo6cxFrrcZ98NsL5K8uo.roa
Signing time:             Wed 08 Oct 2025 07:05:39 +0000
ROA not before:           Wed 08 Oct 2025 07:05:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        217.60.236.0/24 maxlen: 24
                          217.60.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 12:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c2:a3:cf:9c:dc:c2:37:ae:de:75:96:a0:fd:97:3e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  8 07:05:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccd53f740f90a3a73116badc67df0db0be4af2ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e0:5d:9e:7e:55:e7:c7:2b:d7:f0:a2:e0:54:
                    17:2c:89:6b:21:0a:58:68:b9:1a:94:fc:99:c5:f3:
                    7a:37:7d:d6:e6:8e:23:58:11:f2:ee:9c:73:c3:56:
                    84:c7:35:88:f7:9e:7f:6b:9b:aa:7c:18:0e:e4:eb:
                    6b:d1:37:a3:31:9c:6d:9e:96:f2:96:51:a6:ab:cc:
                    88:14:e1:f8:bb:33:9b:cf:d8:06:f8:fb:92:4e:55:
                    b6:35:9d:4b:50:20:54:a9:59:8b:59:d3:a9:d9:01:
                    f9:98:f2:3e:e5:42:61:b0:b5:a9:7b:6e:be:e2:dd:
                    aa:72:f3:9d:ef:6e:59:a3:13:17:1a:dd:dd:54:a9:
                    98:b2:47:70:c4:d5:dd:26:bc:d8:4a:63:90:f7:03:
                    89:41:0b:88:59:5a:a9:34:c1:84:66:2b:13:ed:9d:
                    4e:84:6b:c5:af:31:c4:e1:6f:c6:41:a2:42:b8:a6:
                    17:2d:38:15:cc:af:fa:a9:b0:b5:99:e9:b3:a2:60:
                    13:50:3d:89:4f:06:0e:df:4d:a9:93:8a:eb:63:8b:
                    54:8b:ab:31:61:e8:76:07:3f:4b:37:ac:c1:fc:ae:
                    5b:3c:f7:64:73:79:6f:31:ef:e2:c4:25:65:8e:eb:
                    8c:52:c2:ce:4c:29:9a:eb:bd:56:58:96:21:ff:b0:
                    eb:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:D5:3F:74:0F:90:A3:A7:31:16:BA:DC:67:DF:0D:B0:BE:4A:F2:EA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zNU_dA-Qo6cxFrrcZ98NsL5K8uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:e1:bd:dc:df:4e:1b:7b:f6:eb:40:3b:b1:b3:58:49:4a:cf:
         d0:72:68:2b:bb:48:c0:d5:25:b1:a9:11:72:9e:8a:ab:9f:55:
         20:78:c7:5d:63:f6:ab:70:5c:c1:56:07:e8:03:11:c3:70:8b:
         c2:ed:7d:aa:c1:e5:ec:a1:e7:9b:f8:02:40:42:de:6b:b7:80:
         60:3f:f3:db:2a:c9:8d:50:d1:3a:40:79:ed:c1:d8:9c:5b:0b:
         b4:2f:25:24:6b:54:39:a6:aa:43:56:b7:5d:8d:da:fc:03:c5:
         f6:7d:38:07:fd:d3:e5:74:e4:36:ec:b9:f9:eb:2c:59:e2:81:
         c6:cb:e5:43:7a:73:d7:7a:bb:63:52:34:4f:83:9b:21:a1:12:
         44:32:8c:62:c0:0d:9f:84:5a:b1:3e:6c:06:43:f6:a5:f1:e0:
         0a:33:6d:df:9f:f0:72:97:6d:04:55:24:b2:fe:3a:ce:c0:1a:
         ee:19:42:20:fe:89:23:df:ff:89:6b:0b:b7:24:87:0e:22:77:
         b4:ab:e2:d1:28:b0:8f:1f:3d:31:d0:5c:ed:2a:a5:3b:07:04:
         c3:ba:e5:ee:25:bc:29:65:b7:2f:ca:2c:88:33:a7:a0:a7:fb:
         2b:8b:12:5d:45:3f:d7:79:84:b6:dd:94:af:1c:8b:66:cc:19:
         bc:85:96:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnCo8+c3MI3rt51lqD9lz7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDA4MDcwNTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Q1M2Y3NDBmOTBhM2E3MzExNmJhZGM2N2RmMGRiMGJlNGFmMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOBdnn5V58cr1/Ci4FQXLIlrIQpY
aLkalPyZxfN6N33W5o4jWBHy7pxzw1aExzWI955/a5uqfBgO5Otr0TejMZxtnpby
llGmq8yIFOH4uzObz9gG+PuSTlW2NZ1LUCBUqVmLWdOp2QH5mPI+5UJhsLWpe26+
4t2qcvOd725ZoxMXGt3dVKmYskdwxNXdJrzYSmOQ9wOJQQuIWVqpNMGEZisT7Z1O
hGvFrzHE4W/GQaJCuKYXLTgVzK/6qbC1memzomATUD2JTwYO302pk4rrY4tUi6sx
Yeh2Bz9LN6zB/K5bPPdkc3lvMe/ixCVljuuMUsLOTCma671WWJYh/7DrzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzVP3QPkKOnMRa63GffDbC+SvLqMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvek5VX2RBLVFvNmN4RnJyY1o5OE5zTDVLOHVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2TzsMA0G
CSqGSIb3DQEBCwUAA4IBAQBs4b3c304be/brQDuxs1hJSs/Qcmgru0jA1SWxqRFy
noqrn1UgeMddY/arcFzBVgfoAxHDcIvC7X2qweXsoeeb+AJAQt5rt4BgP/PbKsmN
UNE6QHntwdicWwu0LyUka1Q5pqpDVrddjdr8A8X2fTgH/dPldOQ27Ln56yxZ4oHG
y+VDenPXertjUjRPg5shoRJEMoxiwA2fhFqxPmwGQ/al8eAKM23fn/Byl20EVSSy
/jrOwBruGUIg/okj3/+Jawu3JIcOIne0q+LRKLCPHz0x0FztKqU7BwTDuuXuJbwp
ZbcvyiyIM6egp/srixJdRT/XeYS23ZSvHItmzBm8hZZ5
-----END CERTIFICATE-----