Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Jh8W-YPN7H8RUCJqCI5_8y-CmDw.roa
File:                     Jh8W-YPN7H8RUCJqCI5_8y-CmDw.roa (raw, json)
Hash identifier:          IaJDrQj6xxCJWdvuwo3rfdlhJeiM0WpJraj25ej+PjQ=
Subject key identifier:   26:1F:16:F9:83:CD:EC:7F:11:50:22:6A:08:8E:7F:F3:2F:82:98:3C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01980F5BC6A97630E9D847F03742729A5B1F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Jh8W-YPN7H8RUCJqCI5_8y-CmDw.roa
Signing time:             Tue 15 Jul 2025 18:32:09 +0000
ROA not before:           Tue 15 Jul 2025 18:32:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214184
IP address blocks:        94.183.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0f:5b:c6:a9:76:30:e9:d8:47:f0:37:42:72:9a:5b:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 15 18:32:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=261f16f983cdec7f1150226a088e7ff32f82983c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e7:8e:08:d7:6e:fe:dc:66:de:fd:2e:38:88:
                    fc:57:12:d5:42:b5:82:ee:0a:60:e7:a5:0f:cb:89:
                    9f:40:2e:04:f3:f6:a4:5c:2d:c5:04:96:2c:83:26:
                    86:15:4d:6c:4f:dc:d8:52:7e:49:3e:b9:88:06:db:
                    87:fe:69:ab:8d:12:d2:cb:49:f5:a7:ff:da:33:3f:
                    0e:62:19:9e:3b:16:4c:79:c2:91:7f:ec:a9:3b:a6:
                    1c:62:5b:75:fc:d4:2f:c5:84:55:25:bc:e4:6b:05:
                    c9:2c:62:8c:ad:ed:c2:4d:4d:e3:31:e4:7b:8b:c3:
                    68:9a:66:11:d9:7c:41:ee:2a:53:41:23:58:ce:2f:
                    50:03:4a:1e:ab:3e:d3:7d:88:99:64:71:7f:86:ac:
                    77:91:98:cf:5d:07:13:dc:22:98:91:34:cc:5e:b1:
                    30:c7:81:35:4a:fc:d7:90:98:5a:44:9f:eb:34:83:
                    5c:c4:36:02:e9:b9:83:a5:c8:ef:8c:5a:36:d1:91:
                    9e:44:6d:d6:ab:32:d0:a6:9d:60:f7:70:7e:5b:4d:
                    0e:b6:77:32:98:8c:3b:75:d5:1e:88:ec:f8:7e:db:
                    bd:06:fc:83:2c:b4:1a:d1:aa:0e:db:9b:b7:20:c7:
                    47:a2:71:57:0b:11:ed:cf:43:32:a1:2f:b8:fd:e1:
                    9d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:1F:16:F9:83:CD:EC:7F:11:50:22:6A:08:8E:7F:F3:2F:82:98:3C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Jh8W-YPN7H8RUCJqCI5_8y-CmDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:28:40:11:4b:0c:a0:33:02:7e:ba:25:1b:91:7a:c1:4d:22:
         2d:f5:1c:9a:c9:94:51:6a:91:ba:28:18:4a:aa:ac:f0:99:d8:
         e5:30:64:85:62:c6:56:1c:45:cc:df:4a:0f:2e:fc:3a:a5:d8:
         40:6f:4a:d7:56:ce:1a:fd:57:b5:57:21:c9:14:44:f6:df:c5:
         e4:05:f0:18:93:d6:f8:dd:31:1c:89:34:67:61:ff:fd:ab:38:
         eb:f5:65:29:a2:50:07:17:c6:be:98:57:4d:b1:4d:a6:7a:38:
         7b:28:19:1e:7f:30:df:99:d3:e0:d0:03:78:6d:40:97:1b:52:
         65:67:29:d4:77:51:17:0e:4e:3b:a2:6a:7f:18:72:3a:17:e1:
         f3:6d:ca:09:b7:e5:b9:08:cd:8e:1b:3c:09:69:2f:d0:39:43:
         e8:9d:48:2e:d5:b5:5e:f2:78:c4:67:72:0a:e1:96:a2:95:4f:
         01:0b:43:08:02:7a:02:32:7b:58:62:72:61:81:9d:6c:ca:1f:
         7b:e6:09:44:06:d4:7f:f5:84:8d:bb:de:04:86:1f:74:98:fd:
         a9:81:06:77:87:80:54:b7:96:39:70:95:71:f4:b7:46:42:b1:
         e4:4b:34:d3:ae:ec:b9:f2:99:bf:0c:6c:be:27:3f:78:66:4b:
         0d:a4:7a:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgPW8apdjDp2EfwN0JymlsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzE1MTgzMjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjFmMTZmOTgzY2RlYzdmMTE1MDIyNmEwODhlN2ZmMzJmODI5ODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqueOCNdu/txm3v0uOIj8VxLVQrWC
7gpg56UPy4mfQC4E8/akXC3FBJYsgyaGFU1sT9zYUn5JPrmIBtuH/mmrjRLSy0n1
p//aMz8OYhmeOxZMecKRf+ypO6YcYlt1/NQvxYRVJbzkawXJLGKMre3CTU3jMeR7
i8NommYR2XxB7ipTQSNYzi9QA0oeqz7TfYiZZHF/hqx3kZjPXQcT3CKYkTTMXrEw
x4E1SvzXkJhaRJ/rNINcxDYC6bmDpcjvjFo20ZGeRG3WqzLQpp1g93B+W00Otncy
mIw7ddUeiOz4ftu9BvyDLLQa0aoO25u3IMdHonFXCxHtz0MyoS+4/eGdOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYfFvmDzex/EVAiagiOf/Mvgpg8MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSmg4Vy1ZUE43SDhSVUNKcUNJNV84eS1DbUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrerMA0G
CSqGSIb3DQEBCwUAA4IBAQB8KEARSwygMwJ+uiUbkXrBTSIt9RyayZRRapG6KBhK
qqzwmdjlMGSFYsZWHEXM30oPLvw6pdhAb0rXVs4a/Ve1VyHJFET238XkBfAYk9b4
3TEciTRnYf/9qzjr9WUpolAHF8a+mFdNsU2mejh7KBkefzDfmdPg0AN4bUCXG1Jl
ZynUd1EXDk47omp/GHI6F+HzbcoJt+W5CM2OGzwJaS/QOUPonUgu1bVe8njEZ3IK
4ZailU8BC0MIAnoCMntYYnJhgZ1syh975glEBtR/9YSNu94Ehh90mP2pgQZ3h4BU
t5Y5cJVx9LdGQrHkSzTTruy58pm/DGy+Jz94ZksNpHpP
-----END CERTIFICATE-----