Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ACTiWa1qa3EVWrs3juYkdACUf2k.roa
File:                     ACTiWa1qa3EVWrs3juYkdACUf2k.roa (raw, json)
Hash identifier:          D1loIHcubEOlaYhm3J38vbnnk/706IhPm++oQwQb9l0=
Subject key identifier:   00:24:E2:59:AD:6A:6B:71:15:5A:BB:37:8E:E6:24:74:00:94:7F:69
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019842251E2E333C41DCEEEBAD1E9D5D83AE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ACTiWa1qa3EVWrs3juYkdACUf2k.roa
Signing time:             Fri 25 Jul 2025 15:13:05 +0000
ROA not before:           Fri 25 Jul 2025 15:13:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216169
IP address blocks:        217.60.199.0/24 maxlen: 24
                          217.60.237.0/24 maxlen: 24
                          217.60.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:42:25:1e:2e:33:3c:41:dc:ee:eb:ad:1e:9d:5d:83:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 25 15:13:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0024e259ad6a6b71155abb378ee6247400947f69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5d:cb:a7:79:fb:de:55:e8:74:83:53:fd:b6:
                    de:0f:7a:e3:28:0a:4b:6e:cd:d6:0e:69:b5:0b:d3:
                    cb:ca:b2:8f:7e:5b:ac:a9:d1:73:d0:da:4c:9d:3f:
                    f0:a0:c8:64:dc:fa:0b:5b:fa:76:38:84:4a:71:c2:
                    22:c1:72:0d:ab:f8:a0:5c:f7:bb:2d:87:3d:d4:9f:
                    c8:83:0c:a8:0c:20:6b:0c:46:55:37:a2:00:ac:2c:
                    43:99:81:f0:99:81:98:16:53:75:63:40:04:83:67:
                    6b:8f:74:8c:f2:f5:28:2d:61:1d:60:83:d7:39:d7:
                    fa:db:79:76:87:ac:96:34:a0:81:f1:38:92:a4:d7:
                    f1:af:7f:34:82:8d:7a:9a:d3:ac:b7:6f:44:d6:59:
                    6c:c9:16:60:fc:49:36:78:a8:b0:52:28:f1:20:9e:
                    6e:a8:bf:fa:1e:74:a7:b6:c0:63:bf:4b:e7:9d:66:
                    7d:67:54:8c:a4:24:21:0c:77:aa:ec:8a:fa:83:93:
                    97:da:86:20:9a:9e:f1:ae:d5:64:c7:ec:1d:93:64:
                    98:1f:8a:0c:c7:89:3e:b3:32:fa:da:4e:c6:83:4a:
                    f8:0c:09:fe:05:b4:1f:30:81:10:cf:b8:25:53:17:
                    aa:98:c2:e3:8a:4f:bd:b6:bd:19:f2:16:8f:6f:e6:
                    31:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:24:E2:59:AD:6A:6B:71:15:5A:BB:37:8E:E6:24:74:00:94:7F:69
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ACTiWa1qa3EVWrs3juYkdACUf2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.199.0/24
                  217.60.237.0/24
                  217.60.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:8c:05:25:b5:93:c9:2e:71:b9:15:58:64:0c:fc:8e:0d:8d:
         70:8f:6b:92:8c:21:07:11:c6:48:e7:63:a1:43:43:82:3a:5e:
         12:36:b8:30:8a:4d:da:6f:10:2b:9a:35:4a:c2:db:8b:94:9d:
         d9:62:40:c9:cf:a7:61:b3:e5:12:cb:27:9d:80:0f:9e:7a:45:
         f3:cf:39:e7:ad:6a:a3:66:4d:ec:c5:13:67:4e:78:de:f7:35:
         55:3a:09:d5:ab:c3:f2:99:fe:73:4d:e1:60:bc:3f:a9:4c:93:
         2c:3e:14:e8:0b:6e:60:4f:04:15:87:0e:1e:84:3d:06:c2:48:
         c6:2f:0e:13:0d:91:60:45:2a:6c:d8:63:f8:06:21:89:a6:14:
         bf:33:c1:27:a6:1a:05:0c:30:07:27:5c:59:93:fa:27:6e:f7:
         20:ba:99:00:ea:81:d9:36:ba:6d:15:ea:46:36:2b:5e:40:02:
         76:bf:2e:38:97:c7:fe:a0:6d:1b:cd:07:3a:78:cc:0a:91:ec:
         f5:ac:93:67:f9:2c:09:af:bf:6d:ce:15:4c:78:ed:2b:51:2b:
         34:ea:7a:1e:c1:91:b1:ed:3b:db:27:e8:85:a7:f7:ea:d6:74:
         88:09:c8:14:9d:e6:6b:c9:d7:fe:a7:0c:6a:45:67:f0:23:94:
         53:f2:01:39
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhCJR4uMzxB3O7rrR6dXYOuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzI1MTUxMzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDI0ZTI1OWFkNmE2YjcxMTU1YWJiMzc4ZWU2MjQ3NDAwOTQ3ZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3V3Lp3n73lXodINT/bbeD3rjKApL
bs3WDmm1C9PLyrKPflusqdFz0NpMnT/woMhk3PoLW/p2OIRKccIiwXINq/igXPe7
LYc91J/IgwyoDCBrDEZVN6IArCxDmYHwmYGYFlN1Y0AEg2drj3SM8vUoLWEdYIPX
Odf623l2h6yWNKCB8TiSpNfxr380go16mtOst29E1llsyRZg/Ek2eKiwUijxIJ5u
qL/6HnSntsBjv0vnnWZ9Z1SMpCQhDHeq7Ir6g5OX2oYgmp7xrtVkx+wdk2SYH4oM
x4k+szL62k7Gg0r4DAn+BbQfMIEQz7glUxeqmMLjik+9tr0Z8haPb+YxPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAAk4lmtamtxFVq7N47mJHQAlH9pMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQUNUaVdhMXFhM0VWV3JzM2p1WWtkQUNVZjJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA2TzHAwQA
2TztAwQA2TzzMA0GCSqGSIb3DQEBCwUAA4IBAQAVjAUltZPJLnG5FVhkDPyODY1w
j2uSjCEHEcZI52OhQ0OCOl4SNrgwik3abxArmjVKwtuLlJ3ZYkDJz6dhs+USyyed
gA+eekXzzznnrWqjZk3sxRNnTnje9zVVOgnVq8Pymf5zTeFgvD+pTJMsPhToC25g
TwQVhw4ehD0GwkjGLw4TDZFgRSps2GP4BiGJphS/M8EnphoFDDAHJ1xZk/onbvcg
upkA6oHZNrptFepGNiteQAJ2vy44l8f+oG0bzQc6eMwKkez1rJNn+SwJr79tzhVM
eO0rUSs06noewZGx7TvbJ+iFp/fq1nSICcgUneZrydf+pwxqRWfwI5RT8gE5
-----END CERTIFICATE-----