Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R_OoHiggHNN7Y1cFHQSzhnYWrO8.roa
File:                     R_OoHiggHNN7Y1cFHQSzhnYWrO8.roa (raw, json)
Hash identifier:          hhZ0Hqq+w6zuTeCR6J/vAxB1MSn5CKlJ1HQSkunjcbI=
Subject key identifier:   47:F3:A8:1E:28:20:1C:D3:7B:63:57:05:1D:04:B3:86:76:16:AC:EF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EA5CD8982BAECC70A4764439A5B1DEDD3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R_OoHiggHNN7Y1cFHQSzhnYWrO8.roa
Signing time:             Mon 08 Jun 2026 05:56:11 +0000
ROA not before:           Mon 08 Jun 2026 05:56:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57568
IP address blocks:        217.60.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 15:44:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:cd:89:82:ba:ec:c7:0a:47:64:43:9a:5b:1d:ed:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  8 05:56:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47f3a81e28201cd37b6357051d04b3867616acef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ac:16:3a:0e:44:e0:73:5c:56:2d:58:64:5c:
                    54:c0:2c:c2:31:e2:75:b1:0a:81:56:ab:29:f3:7e:
                    a7:7c:92:58:c5:5b:26:dc:29:44:6f:1d:15:19:9d:
                    e0:d9:35:4f:58:d6:c5:91:77:d3:98:f1:58:72:bf:
                    22:b0:f7:b4:ef:df:0f:fc:86:77:b7:c5:34:de:9e:
                    c3:a8:3b:c8:06:e8:87:d6:a9:6b:45:12:93:89:3b:
                    60:f4:08:aa:60:f6:99:40:5b:37:86:c5:8d:07:65:
                    b5:40:b2:bd:b9:b5:5f:bb:1c:d6:4b:86:8c:19:c4:
                    92:77:be:06:74:54:f5:7f:bb:2f:1b:c8:b3:db:ae:
                    d3:ac:49:d8:b5:2f:a5:fb:35:81:7b:5e:d7:7b:56:
                    38:35:f8:49:76:1a:33:d0:cb:cb:7d:d5:51:a5:17:
                    cd:e9:f9:e8:0f:6b:f4:b6:f0:9f:18:43:e4:4a:09:
                    4f:e4:6d:0e:da:65:2a:e6:84:b0:7d:ba:e6:4b:74:
                    24:e1:81:2e:5c:0f:c2:e8:33:91:1e:18:56:5f:a4:
                    a5:bc:fe:db:57:7b:7e:e7:8e:56:4e:32:d4:00:9a:
                    11:c0:27:d3:ec:74:84:c7:8b:65:12:f9:72:d8:ef:
                    6a:a9:9e:e7:ff:e2:ce:21:27:7e:d8:04:be:16:de:
                    0f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:F3:A8:1E:28:20:1C:D3:7B:63:57:05:1D:04:B3:86:76:16:AC:EF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R_OoHiggHNN7Y1cFHQSzhnYWrO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:3c:ef:e2:74:33:06:c0:c0:40:60:6f:b1:ea:9f:e4:d1:08:
         68:1b:dc:f5:4b:76:40:5b:14:cc:7e:37:30:6e:70:b0:a1:cc:
         3f:0e:a1:6e:b4:44:fd:31:a7:ee:85:5c:93:a8:a0:36:9e:0d:
         f2:f4:30:6e:b4:cb:fe:b6:ce:62:0d:3c:f6:52:54:ea:9f:6e:
         d1:3e:66:ef:78:51:df:b2:8e:65:65:bf:f1:14:cc:e7:77:78:
         ea:66:ef:1e:78:2d:c0:91:2a:e3:b4:67:8a:ea:29:49:da:2c:
         ec:a8:fe:12:64:83:2e:cf:84:a6:1c:9a:30:f1:be:a5:53:47:
         0e:42:3e:29:30:50:3b:b3:5d:a6:9a:fa:32:8d:58:c5:43:d7:
         68:1f:6d:e8:85:a4:a6:74:05:b2:92:5f:20:99:32:dd:ba:7d:
         5f:73:0b:37:64:96:1b:11:d8:36:7e:86:7d:5a:38:94:bc:11:
         27:0e:4f:85:7c:d1:7f:51:7b:e0:04:19:b6:e9:94:74:1e:f8:
         93:5f:c0:83:03:a6:82:d2:6b:91:16:a5:f6:06:46:b9:a5:9a:
         df:9f:e0:13:2b:b7:a7:63:02:01:7f:98:96:dc:47:51:58:f6:
         c2:48:5b:c2:17:ac:cd:32:aa:47:8a:4e:55:a2:c7:5c:b7:88:
         47:7a:eb:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6lzYmCuuzHCkdkQ5pbHe3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA4MDU1NjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2YzYTgxZTI4MjAxY2QzN2I2MzU3MDUxZDA0YjM4Njc2MTZhY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKwWOg5E4HNcVi1YZFxUwCzCMeJ1
sQqBVqsp836nfJJYxVsm3ClEbx0VGZ3g2TVPWNbFkXfTmPFYcr8isPe0798P/IZ3
t8U03p7DqDvIBuiH1qlrRRKTiTtg9AiqYPaZQFs3hsWNB2W1QLK9ubVfuxzWS4aM
GcSSd74GdFT1f7svG8iz267TrEnYtS+l+zWBe17Xe1Y4NfhJdhoz0MvLfdVRpRfN
6fnoD2v0tvCfGEPkSglP5G0O2mUq5oSwfbrmS3Qk4YEuXA/C6DORHhhWX6SlvP7b
V3t+545WTjLUAJoRwCfT7HSEx4tlEvly2O9qqZ7n/+LOISd+2AS+Ft4PcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfzqB4oIBzTe2NXBR0Es4Z2FqzvMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUl9Pb0hpZ2dITk43WTFjRkhRU3pobllXck84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TzAMA0G
CSqGSIb3DQEBCwUAA4IBAQAjPO/idDMGwMBAYG+x6p/k0QhoG9z1S3ZAWxTMfjcw
bnCwocw/DqFutET9MafuhVyTqKA2ng3y9DButMv+ts5iDTz2UlTqn27RPmbveFHf
so5lZb/xFMznd3jqZu8eeC3AkSrjtGeK6ilJ2izsqP4SZIMuz4SmHJow8b6lU0cO
Qj4pMFA7s12mmvoyjVjFQ9doH23ohaSmdAWykl8gmTLdun1fcws3ZJYbEdg2foZ9
WjiUvBEnDk+FfNF/UXvgBBm26ZR0HviTX8CDA6aC0muRFqX2Bka5pZrfn+ATK7en
YwIBf5iW3EdRWPbCSFvCF6zNMqpHik5Vosdct4hHeuv5
-----END CERTIFICATE-----