Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IeVx1dW8WzeQ5KBEtw57WfXFKXA.roa
File:                     IeVx1dW8WzeQ5KBEtw57WfXFKXA.roa (raw, json)
Hash identifier:          yUkPvCnv41eazhoITy1HztBRXsqmA5NFCWHS3U6d3Ks=
Subject key identifier:   21:E5:71:D5:D5:BC:5B:37:90:E4:A0:44:B7:0E:7B:59:F5:C5:29:70
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198563857EFA9323AAEA7D1BD94CCA4B741
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IeVx1dW8WzeQ5KBEtw57WfXFKXA.roa
Signing time:             Tue 29 Jul 2025 12:46:29 +0000
ROA not before:           Tue 29 Jul 2025 12:46:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62442
IP address blocks:        94.183.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:38:57:ef:a9:32:3a:ae:a7:d1:bd:94:cc:a4:b7:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 29 12:46:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21e571d5d5bc5b3790e4a044b70e7b59f5c52970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:58:8e:00:73:e0:1a:3e:3a:2a:0c:76:02:ea:
                    73:a4:82:d1:af:d6:ce:81:d4:66:ee:63:1e:2b:d8:
                    ac:fc:a6:a6:ec:6c:48:67:27:d8:d4:cd:fc:38:b1:
                    e0:a4:81:2c:b9:c8:e3:83:44:14:fc:81:04:53:eb:
                    bb:cf:c1:5a:98:f9:5d:bd:d8:81:bf:b3:a4:37:fd:
                    de:15:01:04:06:06:2e:63:1a:81:a8:3f:4c:71:ce:
                    49:ec:af:c4:e4:16:4d:cc:94:14:e2:ef:3e:9b:8b:
                    86:65:42:33:4a:2b:a5:6b:e0:99:5c:9a:a0:17:84:
                    73:bd:c3:b7:31:f1:9a:32:52:ce:0d:da:ec:05:d5:
                    d8:46:5e:ea:a9:b8:b2:8e:8e:fb:40:a1:ed:c7:d4:
                    78:18:fe:d3:c3:47:2f:0a:91:f8:2d:0d:4d:36:71:
                    b4:4d:fc:ee:44:a8:fb:19:c1:db:44:a5:70:47:cc:
                    66:f2:3e:18:91:7a:00:1e:7d:74:1f:69:a8:2a:b5:
                    8c:f6:86:59:3d:e9:0a:ed:95:ae:c6:a1:e9:15:fd:
                    17:64:36:6c:1b:88:3a:d9:4c:f7:71:1e:0c:8d:8b:
                    90:0a:11:25:bb:62:02:bf:41:54:0e:01:24:e9:d0:
                    d7:e9:22:f4:b4:b5:e4:41:24:88:ff:cf:4d:0b:f3:
                    c8:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E5:71:D5:D5:BC:5B:37:90:E4:A0:44:B7:0E:7B:59:F5:C5:29:70
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IeVx1dW8WzeQ5KBEtw57WfXFKXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:c0:40:14:46:e2:72:15:4a:91:af:80:9e:76:b1:18:44:46:
         13:95:8e:f9:53:ab:cc:58:38:21:2b:00:1d:eb:40:84:e5:9f:
         d9:2b:ee:ab:d3:8e:ff:81:3d:04:9a:32:ab:17:d9:25:5a:30:
         ba:08:98:59:35:d4:19:e3:26:ba:c5:89:d1:bf:c1:56:6b:12:
         38:88:8d:66:7c:ad:45:e5:68:61:dd:e3:b0:d3:51:ae:b3:48:
         ed:0a:0c:4c:6d:f6:da:63:ec:a1:4b:d9:61:de:cb:8c:c5:81:
         70:6d:4b:99:78:ed:a6:f8:28:14:c0:4d:ee:be:db:9b:45:c4:
         27:7d:4f:dc:8a:4d:b0:1e:84:87:7b:07:8a:7e:a4:db:91:69:
         b8:ef:38:bc:db:92:ea:b9:32:6c:e9:be:21:e7:2e:43:bc:70:
         6e:59:36:d0:d3:de:44:71:e2:bc:5a:79:5a:55:ed:5c:b8:b6:
         7e:12:40:51:4f:b1:e0:0c:49:e3:16:7a:8f:20:db:db:2a:87:
         67:6a:40:70:49:7d:30:19:c6:3c:0d:d3:c0:73:d7:e1:99:44:
         65:4f:4f:74:14:b9:e5:58:4e:5d:2a:34:01:99:e2:36:5c:8f:
         92:38:27:af:ad:06:2c:4d:27:e3:18:c4:52:96:f9:a2:c6:9e:
         14:ef:f1:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhWOFfvqTI6rqfRvZTMpLdBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzI5MTI0NjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWU1NzFkNWQ1YmM1YjM3OTBlNGEwNDRiNzBlN2I1OWY1YzUyOTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1liOAHPgGj46Kgx2AupzpILRr9bO
gdRm7mMeK9is/Kam7GxIZyfY1M38OLHgpIEsucjjg0QU/IEEU+u7z8FamPldvdiB
v7OkN/3eFQEEBgYuYxqBqD9Mcc5J7K/E5BZNzJQU4u8+m4uGZUIzSiula+CZXJqg
F4RzvcO3MfGaMlLODdrsBdXYRl7qqbiyjo77QKHtx9R4GP7Tw0cvCpH4LQ1NNnG0
TfzuRKj7GcHbRKVwR8xm8j4YkXoAHn10H2moKrWM9oZZPekK7ZWuxqHpFf0XZDZs
G4g62Uz3cR4MjYuQChElu2ICv0FUDgEk6dDX6SL0tLXkQSSI/89NC/PIXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHlcdXVvFs3kOSgRLcOe1n1xSlwMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSWVWeDFkVzhXemVRNUtCRXR3NTdXZlhGS1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrexMA0G
CSqGSIb3DQEBCwUAA4IBAQBUwEAURuJyFUqRr4CedrEYREYTlY75U6vMWDghKwAd
60CE5Z/ZK+6r047/gT0EmjKrF9klWjC6CJhZNdQZ4ya6xYnRv8FWaxI4iI1mfK1F
5Whh3eOw01Gus0jtCgxMbfbaY+yhS9lh3suMxYFwbUuZeO2m+CgUwE3uvtubRcQn
fU/cik2wHoSHeweKfqTbkWm47zi825LquTJs6b4h5y5DvHBuWTbQ095EceK8Wnla
Ve1cuLZ+EkBRT7HgDEnjFnqPINvbKodnakBwSX0wGcY8DdPAc9fhmURlT090FLnl
WE5dKjQBmeI2XI+SOCevrQYsTSfjGMRSlvmixp4U7/H9
-----END CERTIFICATE-----