Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LoPnWol0XHcl53WVPrIteAO8lXM.roa
File:                     LoPnWol0XHcl53WVPrIteAO8lXM.roa (raw, json)
Hash identifier:          m5SVay22By+9+5QsXwbQjVyhryprbmQyC0f9nzS0qxU=
Subject key identifier:   2E:83:E7:5A:89:74:5C:77:25:E7:75:95:3E:B2:2D:78:03:BC:95:73
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01986BC725E9F32487629E83099673E12584
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LoPnWol0XHcl53WVPrIteAO8lXM.roa
Signing time:             Sat 02 Aug 2025 17:14:30 +0000
ROA not before:           Sat 02 Aug 2025 17:14:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18811
IP address blocks:        217.60.0.0/21 maxlen: 24
                          217.60.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6b:c7:25:e9:f3:24:87:62:9e:83:09:96:73:e1:25:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug  2 17:14:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e83e75a89745c7725e775953eb22d7803bc9573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:76:f8:60:b5:86:57:76:b5:88:28:6b:40:e1:
                    92:76:f0:67:f4:be:0c:1f:48:1a:df:6d:cb:39:23:
                    5e:c9:de:c2:0f:fc:31:11:7f:5b:61:5a:a1:5e:76:
                    8f:9d:9e:52:81:22:8b:e4:b0:3c:b1:c6:86:9b:74:
                    31:84:75:e1:90:e8:17:82:c8:e5:e6:6a:d6:2f:6f:
                    58:69:78:21:0d:91:26:85:03:85:07:2e:91:62:48:
                    3c:ff:2a:0c:d4:7d:e3:d8:62:84:fe:d5:95:30:38:
                    84:66:f4:1f:0b:7b:b6:51:b9:bd:7f:5f:0a:0d:e9:
                    d7:5f:a4:ad:44:a2:cc:4d:25:b9:16:f8:02:2d:a0:
                    95:62:4a:71:c2:67:c4:a9:aa:b1:cf:f6:5a:90:6a:
                    15:c6:c0:5b:3b:7e:4c:49:61:b8:87:73:e2:0e:6f:
                    58:56:0b:c8:b4:7b:d0:bb:9c:31:24:4b:fd:b1:31:
                    e7:43:db:75:af:86:34:7e:12:2e:50:7d:de:c5:51:
                    a0:51:87:51:a9:e4:6a:c3:9d:ad:f6:b8:1d:43:78:
                    34:f2:35:31:7b:40:78:bd:b6:aa:58:c6:31:79:51:
                    82:b0:44:83:e1:37:b2:ca:ea:a6:21:be:dd:ee:35:
                    1f:31:f9:0f:4f:47:5e:1e:b2:1a:24:01:29:d2:cf:
                    06:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:83:E7:5A:89:74:5C:77:25:E7:75:95:3E:B2:2D:78:03:BC:95:73
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LoPnWol0XHcl53WVPrIteAO8lXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.0.0/21
                  217.60.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:c8:5a:d2:b5:f7:fd:0b:b3:22:b3:ac:fc:f6:41:76:e2:94:
         89:a8:a2:ff:96:b0:76:a2:fa:a1:a6:0d:17:88:8f:93:b0:3c:
         8f:97:d3:05:32:a3:19:bf:9e:8f:8c:91:3d:e8:39:6f:d9:2c:
         52:b7:03:68:b2:24:66:dd:a3:b7:b4:73:a6:a8:ce:7c:49:9c:
         37:ce:38:d4:54:37:e4:45:4c:33:22:59:ed:a5:ea:dd:2b:6e:
         1d:0a:b1:93:29:ec:cf:22:58:10:ef:88:da:1a:ea:19:0f:f1:
         8c:ec:e8:45:a4:bc:b1:27:0b:04:3f:97:6e:5e:7d:1e:6e:a1:
         d4:ce:a9:39:42:9a:58:1c:86:0a:1a:03:ca:9d:68:9b:5d:db:
         e2:11:72:ce:21:29:2d:e1:64:9f:4a:38:e7:6e:f7:5c:74:18:
         e3:ee:f1:09:e7:c0:2f:21:24:15:fe:d4:e2:1e:a8:62:11:7a:
         93:b8:3d:71:0a:9b:e2:0a:35:0f:0f:2d:23:ae:3c:a8:ab:02:
         68:89:77:c4:08:56:6b:b4:2c:02:17:a6:34:3c:d6:9a:db:64:
         27:81:19:f4:34:b6:29:c1:94:75:b0:d0:15:a5:ca:0b:ce:66:
         50:06:2b:e3:ae:29:f8:27:fa:ff:dd:cd:08:63:7d:d5:e7:8f:
         0b:97:9b:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhrxyXp8ySHYp6DCZZz4SWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODAyMTcxNDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTgzZTc1YTg5NzQ1Yzc3MjVlNzc1OTUzZWIyMmQ3ODAzYmM5NTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3b4YLWGV3a1iChrQOGSdvBn9L4M
H0ga323LOSNeyd7CD/wxEX9bYVqhXnaPnZ5SgSKL5LA8scaGm3QxhHXhkOgXgsjl
5mrWL29YaXghDZEmhQOFBy6RYkg8/yoM1H3j2GKE/tWVMDiEZvQfC3u2Ubm9f18K
DenXX6StRKLMTSW5FvgCLaCVYkpxwmfEqaqxz/ZakGoVxsBbO35MSWG4h3PiDm9Y
VgvItHvQu5wxJEv9sTHnQ9t1r4Y0fhIuUH3exVGgUYdRqeRqw52t9rgdQ3g08jUx
e0B4vbaqWMYxeVGCsESD4TeyyuqmIb7d7jUfMfkPT0deHrIaJAEp0s8GtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC6D51qJdFx3Jed1lT6yLXgDvJVzMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTG9QbldvbDBYSGNsNTNXVlBySXRlQU84bFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQD2TwAAwQC
2Ty8MA0GCSqGSIb3DQEBCwUAA4IBAQC4yFrStff9C7Mis6z89kF24pSJqKL/lrB2
ovqhpg0XiI+TsDyPl9MFMqMZv56PjJE96Dlv2SxStwNosiRm3aO3tHOmqM58SZw3
zjjUVDfkRUwzIlntperdK24dCrGTKezPIlgQ74jaGuoZD/GM7OhFpLyxJwsEP5du
Xn0ebqHUzqk5QppYHIYKGgPKnWibXdviEXLOISkt4WSfSjjnbvdcdBjj7vEJ58Av
ISQV/tTiHqhiEXqTuD1xCpviCjUPDy0jrjyoqwJoiXfECFZrtCwCF6Y0PNaa22Qn
gRn0NLYpwZR1sNAVpcoLzmZQBivjrin4J/r/3c0IY33V548Ll5tZ
-----END CERTIFICATE-----