Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PcbB4BoDaM9U7vYZ47e_FnWNleQ.roa
File:                     PcbB4BoDaM9U7vYZ47e_FnWNleQ.roa (raw, json)
Hash identifier:          c7JfQkJeoO3RuN0jd1qoLYe75kZN8Nr907EoTaS6Byc=
Subject key identifier:   3D:C6:C1:E0:1A:03:68:CF:54:EE:F6:19:E3:B7:BF:16:75:8D:95:E4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A3F3B539A6E7D0F11B04660D813B837BF
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PcbB4BoDaM9U7vYZ47e_FnWNleQ.roa
Signing time:             Sat 01 Nov 2025 11:44:03 +0000
ROA not before:           Sat 01 Nov 2025 11:44:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18811
IP address blocks:        217.60.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 07:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3f:3b:53:9a:6e:7d:0f:11:b0:46:60:d8:13:b8:37:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  1 11:44:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dc6c1e01a0368cf54eef619e3b7bf16758d95e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:69:fa:d0:2f:86:14:5c:d2:4d:1b:af:f8:0d:
                    3c:91:1e:7e:ec:9d:7c:64:e4:8e:1d:86:c7:e1:4f:
                    32:3a:9f:79:4d:8a:23:18:e1:35:d5:82:da:3e:06:
                    dd:5b:f7:75:4f:8f:88:c9:e5:5c:dc:69:bc:7c:a4:
                    cf:71:0b:50:49:88:15:89:fd:ae:a1:a7:67:6a:5c:
                    cb:28:0e:e9:ba:25:00:8a:64:0b:ce:bc:bb:30:06:
                    7e:35:61:3f:55:cd:96:32:0d:8e:60:61:81:8a:7e:
                    53:76:89:c8:15:d1:75:83:70:bc:52:b9:97:19:90:
                    91:5d:22:94:78:45:45:82:03:d5:e9:7c:1a:f0:9f:
                    02:ab:f9:04:31:6e:89:ad:80:02:5d:e2:40:51:e9:
                    9f:66:95:a9:a2:3a:b6:53:a9:7e:55:81:3f:59:99:
                    69:f4:2d:c9:c4:35:aa:a3:3c:44:ec:5d:32:c8:77:
                    ee:82:d2:fc:f9:d6:98:a1:3a:94:30:4e:61:f5:d4:
                    6e:cd:90:13:30:00:ed:31:93:50:43:bd:8b:5f:0e:
                    bb:5d:1e:ac:05:74:e5:7a:10:a0:23:1c:be:3d:66:
                    2f:eb:10:2c:5e:29:cc:07:cc:ba:18:e4:d8:fb:09:
                    fe:bb:69:69:52:06:9d:3e:f6:6c:e6:cd:50:1c:bb:
                    49:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C6:C1:E0:1A:03:68:CF:54:EE:F6:19:E3:B7:BF:16:75:8D:95:E4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PcbB4BoDaM9U7vYZ47e_FnWNleQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:40:02:68:82:31:4f:41:52:f9:92:9f:20:90:11:7a:66:90:
         14:40:59:5d:25:22:c8:12:06:2d:f4:9a:32:94:e9:07:4e:d7:
         4b:f9:87:24:b4:db:fd:43:0d:b5:b2:61:ab:70:3d:5c:2e:e3:
         e7:f3:c1:9d:e2:32:34:7e:71:81:11:e3:b0:92:85:0f:f0:58:
         cd:81:35:ff:5d:78:b5:c1:00:11:c5:15:45:8e:26:69:ba:29:
         25:0b:ae:ff:94:7c:e5:aa:87:50:4f:5e:41:b7:7f:78:87:02:
         ee:1d:94:aa:f3:4c:95:d9:8d:ae:3f:57:f3:9a:77:e0:27:c5:
         a3:ef:d1:0b:9f:72:70:eb:91:6a:95:28:45:c6:a1:07:fa:df:
         b0:45:3c:c8:a7:54:7a:f3:e5:49:15:2a:55:36:bf:44:ad:59:
         d7:7e:63:d1:22:11:fd:e1:9a:fb:ac:c0:a3:42:4a:7a:e5:8d:
         65:75:dc:95:c9:b9:8c:cc:d7:16:d3:15:bd:b1:96:26:79:32:
         c8:b4:a5:d9:d3:d1:f8:ae:a1:de:f6:4e:72:cf:a8:99:a6:33:
         04:12:2e:dd:c2:5d:b9:7d:b4:d3:11:e4:25:a3:cb:92:76:a5:
         f7:41:0c:94:58:38:1a:01:3e:97:30:5e:f1:dd:ca:ae:af:6d:
         72:10:11:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo/O1Oabn0PEbBGYNgTuDe/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTAxMTE0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGM2YzFlMDFhMDM2OGNmNTRlZWY2MTllM2I3YmYxNjc1OGQ5NWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGn60C+GFFzSTRuv+A08kR5+7J18
ZOSOHYbH4U8yOp95TYojGOE11YLaPgbdW/d1T4+IyeVc3Gm8fKTPcQtQSYgVif2u
oadnalzLKA7puiUAimQLzry7MAZ+NWE/Vc2WMg2OYGGBin5TdonIFdF1g3C8UrmX
GZCRXSKUeEVFggPV6Xwa8J8Cq/kEMW6JrYACXeJAUemfZpWpojq2U6l+VYE/WZlp
9C3JxDWqozxE7F0yyHfugtL8+daYoTqUME5h9dRuzZATMADtMZNQQ72LXw67XR6s
BXTlehCgIxy+PWYv6xAsXinMB8y6GOTY+wn+u2lpUgadPvZs5s1QHLtJTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3GweAaA2jPVO72GeO3vxZ1jZXkMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUGNiQjRCb0RhTTlVN3ZZWjQ3ZV9GbldObGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2Ty8MA0G
CSqGSIb3DQEBCwUAA4IBAQA0QAJogjFPQVL5kp8gkBF6ZpAUQFldJSLIEgYt9Joy
lOkHTtdL+YcktNv9Qw21smGrcD1cLuPn88Gd4jI0fnGBEeOwkoUP8FjNgTX/XXi1
wQARxRVFjiZpuiklC67/lHzlqodQT15Bt394hwLuHZSq80yV2Y2uP1fzmnfgJ8Wj
79ELn3Jw65FqlShFxqEH+t+wRTzIp1R68+VJFSpVNr9ErVnXfmPRIhH94Zr7rMCj
Qkp65Y1lddyVybmMzNcW0xW9sZYmeTLItKXZ09H4rqHe9k5yz6iZpjMEEi7dwl25
fbTTEeQlo8uSdqX3QQyUWDgaAT6XMF7x3cqur21yEBFf
-----END CERTIFICATE-----