Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zwxaWClLJ9gcYAdYaEswd2ohCqE.roa
File:                     zwxaWClLJ9gcYAdYaEswd2ohCqE.roa (raw, json)
Hash identifier:          OVtYwvsCvKD0UEuIg/40OWyewMjTDBbXzoE1w6gtQHQ=
Subject key identifier:   CF:0C:5A:58:29:4B:27:D8:1C:60:07:58:68:4B:30:77:6A:21:0A:A1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E0682A4823F24923520BB788550CCB117
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zwxaWClLJ9gcYAdYaEswd2ohCqE.roa
Signing time:             Fri 08 May 2026 07:34:45 +0000
ROA not before:           Fri 08 May 2026 07:34:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395222
IP address blocks:        217.60.128.0/22 maxlen: 24
                          217.60.132.0/22 maxlen: 24
                          217.60.136.0/22 maxlen: 24
                          217.60.140.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:82:a4:82:3f:24:92:35:20:bb:78:85:50:cc:b1:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  8 07:34:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf0c5a58294b27d81c600758684b30776a210aa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:11:29:58:05:79:f1:a7:48:4b:7d:f9:0e:91:
                    56:bd:bf:ae:09:d4:c9:4e:56:fa:94:0c:96:77:a1:
                    99:e4:4c:d3:ac:b4:53:95:a8:90:da:61:99:bf:42:
                    fc:33:63:ff:6d:6f:ad:f0:a3:45:b7:e0:3d:a2:c0:
                    8b:0b:24:8f:0d:4d:12:23:d5:d6:9b:75:3b:8e:b7:
                    c6:10:0b:ff:01:93:c6:e6:6d:ab:7e:03:e4:62:21:
                    04:e8:56:94:b7:11:95:d0:af:a1:12:01:d7:3d:00:
                    ad:62:11:78:80:77:d5:3c:78:06:41:7e:c0:d4:9a:
                    26:1d:25:80:01:d5:4d:86:39:2c:a0:a2:70:2e:c2:
                    92:7b:16:65:7e:4a:02:d7:87:71:a6:bf:13:ea:6d:
                    71:47:ea:28:fd:17:a4:62:c1:d4:a0:92:2a:39:fb:
                    8f:3c:59:53:d2:c5:10:a8:e5:84:12:48:df:82:af:
                    ea:53:50:c1:f8:07:23:b4:88:32:50:6f:84:c8:08:
                    20:f5:1f:f3:05:20:07:d9:aa:7d:70:08:67:2d:62:
                    68:19:e7:d1:c0:7b:7b:2d:60:23:a8:06:8e:37:de:
                    bf:db:a2:c7:2d:55:b3:70:2b:6f:bc:e0:7e:df:c4:
                    82:b4:1a:d9:a4:e2:c1:9c:56:df:e4:33:a9:2d:f7:
                    9b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:0C:5A:58:29:4B:27:D8:1C:60:07:58:68:4B:30:77:6A:21:0A:A1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zwxaWClLJ9gcYAdYaEswd2ohCqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         36:a5:ab:c3:5d:05:4f:24:e9:15:3d:9a:5c:b0:4a:79:c2:2c:
         72:28:fd:3c:a7:25:2c:f0:16:b3:14:e2:67:92:33:b7:08:09:
         ff:56:89:95:96:2e:ae:9a:c3:f6:f0:e7:fe:12:5a:aa:1a:50:
         e2:9e:6a:6c:e4:ac:aa:51:58:80:2d:db:3b:b9:17:c5:23:15:
         01:32:3d:e1:60:36:a2:e1:c0:5e:a1:4f:4c:1c:d9:39:b4:d9:
         43:36:a5:cd:b0:0e:bb:22:49:c4:d8:ba:81:a3:15:43:00:72:
         d5:aa:8a:5e:77:58:e4:a6:06:55:f5:cf:62:cd:c0:7a:8c:86:
         06:87:d4:d1:60:fc:f3:52:c0:e5:8b:b8:42:c9:a5:16:f6:aa:
         0c:cb:e3:6f:9b:03:85:4e:d5:1f:51:36:f6:00:5b:90:f4:a7:
         e1:6f:07:2b:f7:76:92:cc:40:97:8d:33:76:5c:d1:db:9d:b9:
         da:60:64:79:f7:0e:6b:ea:a0:af:30:47:dd:3c:dd:65:8f:e6:
         81:1d:95:c6:71:1d:b5:22:8c:f2:ab:2b:72:91:ae:bd:e2:95:
         2d:72:00:32:a1:d0:b9:4f:78:29:67:3c:91:ac:08:dc:53:84:
         b6:37:c5:d5:dd:7e:0b:a1:15:39:56:7d:25:e4:cc:8a:95:e7:
         f9:99:96:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4GgqSCPySSNSC7eIVQzLEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTA4MDczNDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjBjNWE1ODI5NGIyN2Q4MWM2MDA3NTg2ODRiMzA3NzZhMjEwYWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBEpWAV58adIS335DpFWvb+uCdTJ
Tlb6lAyWd6GZ5EzTrLRTlaiQ2mGZv0L8M2P/bW+t8KNFt+A9osCLCySPDU0SI9XW
m3U7jrfGEAv/AZPG5m2rfgPkYiEE6FaUtxGV0K+hEgHXPQCtYhF4gHfVPHgGQX7A
1JomHSWAAdVNhjksoKJwLsKSexZlfkoC14dxpr8T6m1xR+oo/RekYsHUoJIqOfuP
PFlT0sUQqOWEEkjfgq/qU1DB+AcjtIgyUG+EyAgg9R/zBSAH2ap9cAhnLWJoGefR
wHt7LWAjqAaON96/26LHLVWzcCtvvOB+38SCtBrZpOLBnFbf5DOpLfebnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8MWlgpSyfYHGAHWGhLMHdqIQqhMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvend4YVdDbExKOWdjWUFkWWFFc3dkMm9oQ3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2TyAMA0G
CSqGSIb3DQEBCwUAA4IBAQA2pavDXQVPJOkVPZpcsEp5wixyKP08pyUs8BazFOJn
kjO3CAn/VomVli6umsP28Of+ElqqGlDinmps5KyqUViALds7uRfFIxUBMj3hYDai
4cBeoU9MHNk5tNlDNqXNsA67IknE2LqBoxVDAHLVqoped1jkpgZV9c9izcB6jIYG
h9TRYPzzUsDli7hCyaUW9qoMy+NvmwOFTtUfUTb2AFuQ9Kfhbwcr93aSzECXjTN2
XNHbnbnaYGR59w5r6qCvMEfdPN1lj+aBHZXGcR21Iozyqytyka694pUtcgAyodC5
T3gpZzyRrAjcU4S2N8XV3X4LoRU5Vn0l5MyKlef5mZY2
-----END CERTIFICATE-----