Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kUz4-6pQqH6mwDGtWDUnKZQoynA.roa
File:                     kUz4-6pQqH6mwDGtWDUnKZQoynA.roa (raw, json)
Hash identifier:          VPTr1S/DKsUpz4grDuhEKH1ZIvdMpN2tDGjHQRfS0WY=
Subject key identifier:   91:4C:F8:FB:AA:50:A8:7E:A6:C0:31:AD:58:35:27:29:94:28:CA:70
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D52F90FAFDF46CF2618A7A3B7BEDFDB3B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kUz4-6pQqH6mwDGtWDUnKZQoynA.roa
Signing time:             Fri 03 Apr 2026 10:52:27 +0000
ROA not before:           Fri 03 Apr 2026 10:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        217.60.128.0/19 maxlen: 24
                          217.60.128.0/20 maxlen: 24
                          217.60.152.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:f9:0f:af:df:46:cf:26:18:a7:a3:b7:be:df:db:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  3 10:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=914cf8fbaa50a87ea6c031ad583527299428ca70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:cd:08:64:a0:8e:94:2e:65:df:f6:56:3e:99:
                    27:bb:14:de:a5:33:d2:a3:bc:f6:74:6a:fd:63:c1:
                    63:95:ab:a5:e5:42:8c:fc:5a:81:14:a6:f7:5f:81:
                    86:be:57:24:c8:9d:30:b0:a8:ad:d6:2c:11:5b:90:
                    c8:fa:22:fe:2e:8e:24:27:ed:0e:87:9f:0a:3c:21:
                    70:cd:0a:3f:20:11:5c:85:e4:50:ae:43:ff:32:31:
                    61:63:d5:4d:cb:dd:f9:e8:d4:a8:03:78:d6:ed:80:
                    8c:b8:3d:a2:38:34:0d:d2:08:fa:96:0e:1c:39:75:
                    af:95:75:f9:46:15:40:e8:ec:7a:94:dd:3a:f5:2d:
                    58:43:dd:98:4f:4a:c2:f0:35:37:89:e7:8d:8b:ec:
                    05:04:d7:7e:c4:5c:8c:5c:2a:fd:8f:c8:16:41:49:
                    51:3e:a5:f5:a7:18:df:d5:85:45:38:c4:61:b7:89:
                    c5:15:de:ae:ec:cd:e5:f2:68:1c:26:65:63:88:af:
                    54:54:34:73:8b:25:96:66:5c:f8:1a:83:a1:65:25:
                    f9:9a:29:f5:d0:51:50:26:1c:70:0d:47:05:a1:3e:
                    53:76:99:9e:8a:03:38:e9:57:43:e5:32:76:b1:ef:
                    91:1f:47:00:83:3a:f3:12:5a:43:04:c5:99:5d:33:
                    71:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:4C:F8:FB:AA:50:A8:7E:A6:C0:31:AD:58:35:27:29:94:28:CA:70
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kUz4-6pQqH6mwDGtWDUnKZQoynA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         92:9e:90:ee:e6:8f:dd:3e:7e:27:c4:ab:51:04:84:01:50:53:
         3a:eb:e7:c5:17:7d:2c:14:d6:93:40:87:9e:1f:15:09:7f:2b:
         a7:07:5b:47:00:72:8b:a9:68:ad:20:a1:e6:2d:58:f9:5f:90:
         90:a3:89:4c:45:fd:57:09:d7:07:9c:ce:2b:c8:32:ac:f3:45:
         44:75:1e:3f:30:2c:f7:5e:16:6c:76:88:c8:ee:f9:66:ed:4f:
         7e:8c:c1:bf:bb:ea:db:90:dc:98:ea:1f:61:fd:10:73:e0:c6:
         1c:33:7b:ba:c7:bd:52:13:50:ec:aa:a8:0f:44:5f:14:e1:30:
         92:00:7f:41:13:0f:69:79:cb:4b:82:83:e8:e1:fa:d4:70:0d:
         e9:f8:2c:4b:c4:26:79:9c:fd:1b:b6:78:84:9e:24:55:b9:f2:
         27:48:bf:74:e3:4a:af:c8:33:2a:94:29:18:3e:25:a7:88:62:
         e9:6c:d7:2b:3f:d8:1d:82:89:e5:51:9f:ee:81:11:b4:42:85:
         e1:2a:db:99:52:eb:ae:a6:8b:ae:82:c0:c2:d2:b5:63:e6:4c:
         d2:f7:01:c6:16:d6:d2:1f:18:3d:4c:32:a1:38:1e:f5:7a:cf:
         e7:3f:3c:6c:4d:99:e1:d2:0e:3f:ea:03:e9:b2:2e:5e:86:f7:
         b4:a9:eb:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1S+Q+v30bPJhino7e+39s7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDAzMTA1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTRjZjhmYmFhNTBhODdlYTZjMDMxYWQ1ODM1MjcyOTk0MjhjYTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc0IZKCOlC5l3/ZWPpknuxTepTPS
o7z2dGr9Y8Fjlaul5UKM/FqBFKb3X4GGvlckyJ0wsKit1iwRW5DI+iL+Lo4kJ+0O
h58KPCFwzQo/IBFcheRQrkP/MjFhY9VNy9356NSoA3jW7YCMuD2iODQN0gj6lg4c
OXWvlXX5RhVA6Ox6lN069S1YQ92YT0rC8DU3ieeNi+wFBNd+xFyMXCr9j8gWQUlR
PqX1pxjf1YVFOMRht4nFFd6u7M3l8mgcJmVjiK9UVDRziyWWZlz4GoOhZSX5min1
0FFQJhxwDUcFoT5TdpmeigM46VdD5TJ2se+RH0cAgzrzElpDBMWZXTNxWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFM+PuqUKh+psAxrVg1JymUKMpwMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEva1V6NC02cFFxSDZtd0RHdFdEVW5LWlFveW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF2TyAMA0G
CSqGSIb3DQEBCwUAA4IBAQCSnpDu5o/dPn4nxKtRBIQBUFM66+fFF30sFNaTQIee
HxUJfyunB1tHAHKLqWitIKHmLVj5X5CQo4lMRf1XCdcHnM4ryDKs80VEdR4/MCz3
XhZsdojI7vlm7U9+jMG/u+rbkNyY6h9h/RBz4MYcM3u6x71SE1DsqqgPRF8U4TCS
AH9BEw9pectLgoPo4frUcA3p+CxLxCZ5nP0btniEniRVufInSL9040qvyDMqlCkY
PiWniGLpbNcrP9gdgonlUZ/ugRG0QoXhKtuZUuuupouugsDC0rVj5kzS9wHGFtbS
Hxg9TDKhOB71es/nPzxsTZnh0g4/6gPpsi5ehve0qeu/
-----END CERTIFICATE-----