Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MyA7NeQ4rAabs1Q6FJKyGC-BMiY.roa
File:                     MyA7NeQ4rAabs1Q6FJKyGC-BMiY.roa (raw, json)
Hash identifier:          SndhqGLf0ofHtk2s07h1nms7rUXbAZeqyM8zLp5ieS8=
Subject key identifier:   33:20:3B:35:E4:38:AC:06:9B:B3:54:3A:14:92:B2:18:2F:81:32:26
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019662CE5272F23C5D7DA368367B9D9F633B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MyA7NeQ4rAabs1Q6FJKyGC-BMiY.roa
Signing time:             Wed 23 Apr 2025 13:20:10 +0000
ROA not before:           Wed 23 Apr 2025 13:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204203
IP address blocks:        217.60.241.0/24 maxlen: 24
                          217.60.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 19:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:ce:52:72:f2:3c:5d:7d:a3:68:36:7b:9d:9f:63:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 23 13:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33203b35e438ac069bb3543a1492b2182f813226
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:aa:52:0c:4d:22:47:d5:86:c3:c0:19:3f:10:
                    6b:27:f6:5d:b8:5c:ed:af:2f:ed:89:f3:e3:67:0b:
                    a9:ff:9d:79:29:e9:01:33:8d:c3:2d:2c:21:64:0a:
                    b3:3d:f0:06:b3:e1:3d:15:be:3d:c4:d2:27:c2:25:
                    97:b0:a4:61:da:9e:7c:d8:ee:89:3a:61:f0:ee:a5:
                    df:39:2f:ee:45:6c:72:40:4a:13:df:37:3e:da:1e:
                    8b:15:d3:db:dd:9a:af:f4:30:d6:0b:d1:d8:19:a4:
                    97:ee:d3:d0:ca:24:a9:7b:40:ce:96:6f:d3:a5:e8:
                    e1:37:1a:90:63:65:9f:c0:5c:46:15:0c:6d:6f:20:
                    00:7c:1e:ab:c1:20:b2:ac:f1:3c:b7:8d:2a:8f:c2:
                    1d:c3:55:29:34:39:77:2d:ec:cc:42:71:dc:b0:9f:
                    1d:97:eb:4e:fe:7c:46:af:31:7f:b7:d7:9f:fe:65:
                    6e:90:d0:c9:72:db:c3:32:8c:4f:f3:a8:2f:30:8b:
                    22:81:2e:fc:2e:ba:27:84:d7:10:6e:2a:61:32:fe:
                    0d:c9:e6:58:9e:2e:63:55:8a:15:34:f8:5c:d1:af:
                    1e:fc:3f:16:a1:3a:7b:ca:7a:51:a2:bc:63:ee:92:
                    9e:20:15:f9:cb:a5:95:70:04:03:c0:d0:cf:09:86:
                    b9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:20:3B:35:E4:38:AC:06:9B:B3:54:3A:14:92:B2:18:2F:81:32:26
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MyA7NeQ4rAabs1Q6FJKyGC-BMiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.241.0/24
                  217.60.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:99:3d:b4:b5:0b:97:d2:2a:fe:36:e4:b5:25:c3:64:7c:94:
         7c:6f:18:73:b7:f5:2e:54:ac:74:ed:07:ca:d7:7a:1e:a7:6a:
         04:87:fe:93:7e:0f:80:01:c2:28:84:60:35:7f:ef:6f:12:59:
         c5:8f:4d:ef:c8:91:0b:c8:f3:2c:ef:8a:71:33:43:e4:cc:c3:
         9f:71:3a:07:35:07:02:74:86:23:b7:44:e0:38:b8:50:4f:6a:
         99:f1:64:d8:83:a4:9e:30:7a:e8:bd:71:75:68:cf:59:5d:16:
         9f:c0:bd:98:cf:3a:df:ff:df:4c:f8:81:21:84:b2:da:b1:5c:
         c7:c5:b5:36:40:29:82:a4:4d:27:8d:e3:e5:f6:9b:4d:f2:2a:
         3c:ba:2b:8a:77:bd:4a:e9:74:b8:ff:61:5b:49:82:9f:8e:c8:
         a5:cc:5d:59:f1:07:00:4e:1d:87:9a:b3:f7:2a:20:0f:51:89:
         c8:98:d8:90:99:1c:fa:ce:99:f4:d9:40:93:a7:cf:c8:b7:c5:
         80:09:26:dc:6f:64:77:f4:f1:37:53:95:1c:c4:6e:6a:42:26:
         a5:b4:52:82:20:e3:96:c8:95:4a:61:af:2c:ec:44:65:98:7e:
         5c:e8:16:7f:23:36:6b:37:4e:3e:3a:ce:14:51:ab:70:8c:5d:
         65:fb:d6:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZizlJy8jxdfaNoNnudn2M7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDIzMTMyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzIwM2IzNWU0MzhhYzA2OWJiMzU0M2ExNDkyYjIxODJmODEzMjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6pSDE0iR9WGw8AZPxBrJ/ZduFzt
ry/tifPjZwup/515KekBM43DLSwhZAqzPfAGs+E9Fb49xNInwiWXsKRh2p582O6J
OmHw7qXfOS/uRWxyQEoT3zc+2h6LFdPb3Zqv9DDWC9HYGaSX7tPQyiSpe0DOlm/T
pejhNxqQY2WfwFxGFQxtbyAAfB6rwSCyrPE8t40qj8Idw1UpNDl3LezMQnHcsJ8d
l+tO/nxGrzF/t9ef/mVukNDJctvDMoxP86gvMIsigS78LronhNcQbiphMv4NyeZY
ni5jVYoVNPhc0a8e/D8WoTp7ynpRorxj7pKeIBX5y6WVcAQDwNDPCYa5dQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDMgOzXkOKwGm7NUOhSSshgvgTImMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTXlBN05lUTRyQWFiczFRNkZKS3lHQy1CTWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2TzxAwQA
2Tz/MA0GCSqGSIb3DQEBCwUAA4IBAQC7mT20tQuX0ir+NuS1JcNkfJR8bxhzt/Uu
VKx07QfK13oep2oEh/6Tfg+AAcIohGA1f+9vElnFj03vyJELyPMs74pxM0PkzMOf
cToHNQcCdIYjt0TgOLhQT2qZ8WTYg6SeMHrovXF1aM9ZXRafwL2Yzzrf/99M+IEh
hLLasVzHxbU2QCmCpE0njePl9ptN8io8uiuKd71K6XS4/2FbSYKfjsilzF1Z8QcA
Th2HmrP3KiAPUYnImNiQmRz6zpn02UCTp8/It8WACSbcb2R39PE3U5UcxG5qQial
tFKCIOOWyJVKYa8s7ERlmH5c6BZ/IzZrN04+Os4UUatwjF1l+9av
-----END CERTIFICATE-----