Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cjw6kb35S0HaCDCiMSdqCHu_mOo.roa
File:                     cjw6kb35S0HaCDCiMSdqCHu_mOo.roa (raw, json)
Hash identifier:          o5zFTRBjp6mg/Qhy5lGiqmgx5idep0IQuOHwHC7JkvA=
Subject key identifier:   72:3C:3A:91:BD:F9:4B:41:DA:08:30:A2:31:27:6A:08:7B:BF:98:EA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C28D0DAB5FBCCBA70E67D47189FCE4B5D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cjw6kb35S0HaCDCiMSdqCHu_mOo.roa
Signing time:             Wed 04 Feb 2026 13:21:41 +0000
ROA not before:           Wed 04 Feb 2026 13:21:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215391
IP address blocks:        217.60.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:28:d0:da:b5:fb:cc:ba:70:e6:7d:47:18:9f:ce:4b:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb  4 13:21:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=723c3a91bdf94b41da0830a231276a087bbf98ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:47:c2:e5:19:d8:b3:59:e6:14:e6:89:03:33:
                    ae:cd:05:8e:e1:55:a8:58:4f:96:d5:03:b2:06:a0:
                    78:0e:7a:57:d5:bb:4d:76:8a:05:79:85:33:1f:9b:
                    ef:55:3d:97:2b:6a:3f:15:50:5d:92:25:39:15:e7:
                    36:8e:47:20:8a:62:0d:09:85:ec:ce:b9:a4:a0:41:
                    77:e8:80:04:c5:e0:51:47:66:68:40:83:b1:11:f8:
                    18:f0:a2:6d:bb:f3:73:d6:56:ee:af:d5:99:91:49:
                    6a:aa:77:8d:16:56:b1:27:b4:ed:c7:fe:72:d1:9d:
                    ce:0c:a2:ea:b9:c3:be:1c:b4:64:d7:de:ff:2f:a7:
                    4f:96:52:e0:9f:d9:81:80:7c:26:d0:22:12:fc:93:
                    bf:7d:85:8b:2a:c7:00:39:b3:0d:58:4d:16:a3:d3:
                    f5:cc:6a:bd:64:eb:a8:da:09:f2:c9:0a:7a:6d:d7:
                    b1:88:1b:b9:15:a6:22:52:b0:70:56:14:37:90:65:
                    2d:7e:27:89:26:79:6b:6b:68:aa:38:71:62:df:ef:
                    cb:98:95:57:f2:6e:da:97:e9:07:81:d6:0e:93:33:
                    27:73:b1:60:09:6c:af:a5:34:8f:ae:e5:32:f1:83:
                    cf:33:7a:aa:3f:9f:7b:47:6b:58:30:d9:ab:c9:f2:
                    a5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:3C:3A:91:BD:F9:4B:41:DA:08:30:A2:31:27:6A:08:7B:BF:98:EA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cjw6kb35S0HaCDCiMSdqCHu_mOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:b9:a5:f6:3b:76:d0:4f:40:2e:af:d5:b4:a5:36:88:e2:c8:
         42:40:1f:f9:2e:69:3e:39:e8:93:6d:4f:84:ff:e8:c6:b2:fa:
         88:4d:50:f6:e5:26:ae:15:16:0a:88:c5:98:cb:0a:60:44:85:
         ce:aa:87:e8:08:3d:9d:ac:ed:9e:b2:10:e8:8c:6b:d8:95:1a:
         63:5a:88:6c:d9:d3:5f:f2:bd:a8:af:ea:23:c8:fb:38:ae:50:
         1b:a1:75:9a:fa:c4:92:51:33:84:f6:9b:d2:8a:b1:e4:71:5e:
         24:84:be:af:32:76:dc:e6:b6:3d:c7:1a:d3:74:41:b7:95:2a:
         5f:ac:32:2c:56:1b:a9:cc:e5:a8:dc:12:a0:9c:70:72:0d:74:
         0f:0d:18:13:d4:50:9d:29:62:05:52:70:ec:18:0c:a8:67:72:
         1f:d9:1a:52:f0:4e:c8:f1:ba:90:71:73:e6:56:13:69:71:30:
         b4:2b:0f:f8:1e:94:73:ad:13:a9:84:b3:f8:b7:53:7e:c2:03:
         fa:72:ff:42:04:e4:62:42:de:fb:d4:2f:df:0b:04:29:21:55:
         1d:fc:6f:1a:c4:3b:08:e9:24:c3:d9:c6:13:b3:80:f8:b8:2b:
         18:61:49:7f:ff:ba:e2:bd:bb:f9:aa:02:d9:de:6d:30:16:e2:
         d3:c0:6f:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwo0Nq1+8y6cOZ9RxifzktdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjA0MTMyMTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjNjM2E5MWJkZjk0YjQxZGEwODMwYTIzMTI3NmEwODdiYmY5OGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kfC5RnYs1nmFOaJAzOuzQWO4VWo
WE+W1QOyBqB4DnpX1btNdooFeYUzH5vvVT2XK2o/FVBdkiU5Fec2jkcgimINCYXs
zrmkoEF36IAExeBRR2ZoQIOxEfgY8KJtu/Nz1lbur9WZkUlqqneNFlaxJ7Ttx/5y
0Z3ODKLqucO+HLRk197/L6dPllLgn9mBgHwm0CIS/JO/fYWLKscAObMNWE0Wo9P1
zGq9ZOuo2gnyyQp6bdexiBu5FaYiUrBwVhQ3kGUtfieJJnlra2iqOHFi3+/LmJVX
8m7al+kHgdYOkzMnc7FgCWyvpTSPruUy8YPPM3qqP597R2tYMNmryfKlRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHI8OpG9+UtB2ggwojEnagh7v5jqMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY2p3NmtiMzVTMEhhQ0RDaU1TZHFDSHVfbU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Tz+MA0G
CSqGSIb3DQEBCwUAA4IBAQCWuaX2O3bQT0Aur9W0pTaI4shCQB/5Lmk+OeiTbU+E
/+jGsvqITVD25SauFRYKiMWYywpgRIXOqofoCD2drO2eshDojGvYlRpjWohs2dNf
8r2or+ojyPs4rlAboXWa+sSSUTOE9pvSirHkcV4khL6vMnbc5rY9xxrTdEG3lSpf
rDIsVhupzOWo3BKgnHByDXQPDRgT1FCdKWIFUnDsGAyoZ3If2RpS8E7I8bqQcXPm
VhNpcTC0Kw/4HpRzrROphLP4t1N+wgP6cv9CBORiQt771C/fCwQpIVUd/G8axDsI
6STD2cYTs4D4uCsYYUl//7rivbv5qgLZ3m0wFuLTwG8F
-----END CERTIFICATE-----