Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5DDqFYqMsinwF7UJa9yjDuCU-as.roa
File:                     5DDqFYqMsinwF7UJa9yjDuCU-as.roa (raw, json)
Hash identifier:          WWL1SxyHdTcrU+V1XmJcJaBSbp8tb9u1gcZdd4sunYs=
Subject key identifier:   E4:30:EA:15:8A:8C:B2:29:F0:17:B5:09:6B:DC:A3:0E:E0:94:F9:AB
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01986BC14D2B6624A4B762569C8D1B09CE97
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5DDqFYqMsinwF7UJa9yjDuCU-as.roa
Signing time:             Sat 02 Aug 2025 17:08:06 +0000
ROA not before:           Sat 02 Aug 2025 17:08:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136501
IP address blocks:        217.60.0.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6b:c1:4d:2b:66:24:a4:b7:62:56:9c:8d:1b:09:ce:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug  2 17:08:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e430ea158a8cb229f017b5096bdca30ee094f9ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:89:5f:22:f6:c1:05:9e:29:ba:ed:8a:f8:a9:
                    8e:06:6a:9f:af:6c:22:05:db:2f:37:21:f2:20:31:
                    86:8c:9a:51:0d:ad:cd:1f:3b:e4:ce:37:5e:b0:6a:
                    65:df:11:23:9f:78:30:2b:a9:1a:d4:c2:e2:d9:23:
                    63:00:5d:2a:7e:e1:30:95:87:1f:5c:34:6b:1c:1b:
                    aa:79:fb:29:a8:85:62:22:ca:98:e9:0f:28:0c:4e:
                    b5:bb:0c:5a:eb:36:a9:e1:e4:e8:85:28:54:68:de:
                    be:b0:cb:c0:c5:d0:d1:84:40:0e:35:d4:83:4d:ee:
                    24:48:55:d9:a1:19:ea:dd:e6:58:2f:1e:99:2c:61:
                    15:50:6c:63:96:83:05:50:d7:70:b9:62:30:08:25:
                    da:78:97:65:51:dd:55:94:ef:01:58:75:3d:89:78:
                    b6:8d:99:9b:94:a8:68:bd:1b:7a:8c:fb:c8:02:3a:
                    a9:9b:67:b3:8e:1b:36:ab:4a:c7:74:a9:72:6d:0f:
                    38:29:78:1e:78:3e:4f:4e:dc:01:c6:db:5d:b9:ce:
                    96:d3:39:71:05:71:57:6e:fa:9d:c3:f4:59:01:1a:
                    f8:d4:d4:34:64:7a:3a:06:8e:7d:72:82:d9:dd:77:
                    e0:47:e2:ca:5f:78:5b:79:4c:0e:34:39:4d:34:0c:
                    a2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:30:EA:15:8A:8C:B2:29:F0:17:B5:09:6B:DC:A3:0E:E0:94:F9:AB
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5DDqFYqMsinwF7UJa9yjDuCU-as.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7f:1d:66:e5:bc:57:f6:3a:ad:05:04:ed:d6:a6:1a:fc:25:20:
         50:03:19:f1:fa:02:fa:6b:4e:bc:0d:8f:bf:5c:85:9e:d9:20:
         c5:4e:54:2e:87:5b:a7:c3:0f:68:8b:1e:3e:db:cd:a0:e7:fb:
         89:5c:32:b3:67:4d:db:2f:47:dc:f5:6b:b9:47:b1:21:ec:98:
         b4:74:19:86:be:d9:97:06:1c:69:f2:9d:3e:89:c8:6a:74:4c:
         53:0b:73:20:7e:5f:61:78:6d:e7:3e:03:9f:12:1e:92:6c:94:
         33:a3:ba:e0:71:9d:71:b3:39:35:1c:98:8f:9a:e1:16:82:16:
         2f:65:c4:87:4a:3b:8c:6f:4a:bc:f7:f6:e1:6e:de:25:e1:3b:
         aa:b0:45:3b:18:8c:a3:44:0a:bf:1d:dc:b3:1e:95:e9:03:b9:
         a3:d5:86:a6:0c:21:d5:a3:6b:e7:71:16:aa:c1:ce:bb:5f:54:
         ce:b2:3a:63:61:19:0a:cf:66:1e:29:9f:84:4e:62:aa:ef:68:
         12:f2:6e:3f:3e:7d:ba:55:47:46:b5:6b:77:92:84:bb:ab:20:
         b5:47:21:23:40:35:cb:d3:d9:f3:e3:a3:6d:a2:4d:ff:0b:9d:
         b6:b2:27:63:90:20:e0:c6:b6:72:38:a0:05:00:c9:d8:b4:f7:
         85:de:d0:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhrwU0rZiSkt2JWnI0bCc6XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODAyMTcwODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDMwZWExNThhOGNiMjI5ZjAxN2I1MDk2YmRjYTMwZWUwOTRmOWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYlfIvbBBZ4puu2K+KmOBmqfr2wi
BdsvNyHyIDGGjJpRDa3NHzvkzjdesGpl3xEjn3gwK6ka1MLi2SNjAF0qfuEwlYcf
XDRrHBuqefspqIViIsqY6Q8oDE61uwxa6zap4eTohShUaN6+sMvAxdDRhEAONdSD
Te4kSFXZoRnq3eZYLx6ZLGEVUGxjloMFUNdwuWIwCCXaeJdlUd1VlO8BWHU9iXi2
jZmblKhovRt6jPvIAjqpm2ezjhs2q0rHdKlybQ84KXgeeD5PTtwBxttduc6W0zlx
BXFXbvqdw/RZARr41NQ0ZHo6Bo59coLZ3XfgR+LKX3hbeUwONDlNNAyiEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQw6hWKjLIp8Be1CWvcow7glPmrMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNUREcUZZcU1zaW53RjdVSmE5eWpEdUNVLWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2TwAMA0G
CSqGSIb3DQEBCwUAA4IBAQB/HWblvFf2Oq0FBO3Wphr8JSBQAxnx+gL6a068DY+/
XIWe2SDFTlQuh1unww9oix4+282g5/uJXDKzZ03bL0fc9Wu5R7Eh7Ji0dBmGvtmX
Bhxp8p0+ichqdExTC3Mgfl9heG3nPgOfEh6SbJQzo7rgcZ1xszk1HJiPmuEWghYv
ZcSHSjuMb0q89/bhbt4l4TuqsEU7GIyjRAq/HdyzHpXpA7mj1YamDCHVo2vncRaq
wc67X1TOsjpjYRkKz2YeKZ+ETmKq72gS8m4/Pn26VUdGtWt3koS7qyC1RyEjQDXL
09nz46Ntok3/C522sidjkCDgxrZyOKAFAMnYtPeF3tCm
-----END CERTIFICATE-----