Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/SA5LrFJRMz3EFzF7pjmn_WCSNpo.roa
File:                     SA5LrFJRMz3EFzF7pjmn_WCSNpo.roa (raw, json)
Hash identifier:          3AQA7mP7VU2MP25QUqWPbm0EpS/rDo1bqsSJ9/Rpvac=
Subject key identifier:   48:0E:4B:AC:52:51:33:3D:C4:17:31:7B:A6:39:A7:FD:60:92:36:9A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197EDEF419DEF8A4F41AB79A2BADC6818CD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/SA5LrFJRMz3EFzF7pjmn_WCSNpo.roa
Signing time:             Wed 09 Jul 2025 06:46:09 +0000
ROA not before:           Wed 09 Jul 2025 06:46:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207350
IP address blocks:        94.183.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ed:ef:41:9d:ef:8a:4f:41:ab:79:a2:ba:dc:68:18:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul  9 06:46:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=480e4bac5251333dc417317ba639a7fd6092369a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9f:f7:49:87:0f:6a:07:d7:71:56:95:55:50:
                    64:e8:0a:f0:38:b0:cd:73:d8:9b:fc:b1:db:00:3a:
                    34:15:35:04:f4:0d:46:42:f7:a1:85:a0:1c:3c:a3:
                    d1:59:b9:92:a8:f3:02:70:89:98:be:27:3b:00:b0:
                    cb:45:30:6c:9f:de:e4:2e:3a:8c:9f:2e:2a:70:28:
                    13:81:61:9d:6c:b8:c9:96:07:62:6d:cb:c3:eb:90:
                    38:88:be:21:f4:8b:0c:6f:a8:5b:7b:c6:02:61:51:
                    27:19:79:ea:1d:c2:34:de:3d:35:65:68:e9:f0:96:
                    d5:e5:3b:55:b5:eb:f9:c8:3f:c5:13:e7:a9:ff:18:
                    aa:38:75:4e:bb:1f:f0:e7:44:38:8f:44:bb:03:d3:
                    63:f7:79:df:52:77:67:6d:6c:55:f1:13:78:11:9c:
                    b8:aa:d5:a1:0c:46:fc:9f:de:bd:8b:82:d5:fd:58:
                    02:8d:ac:a8:60:da:ec:09:f6:40:76:0f:a0:d9:f9:
                    76:b7:77:36:a9:39:54:0e:fa:1a:a5:5a:b6:7e:84:
                    75:03:52:73:ed:d7:7d:ce:98:96:e4:39:27:d6:25:
                    e5:f2:86:f6:22:7f:46:9b:34:ac:bc:29:bd:15:57:
                    5f:2f:73:67:3e:bc:a7:2b:c0:fb:29:7f:68:a7:e7:
                    1b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:0E:4B:AC:52:51:33:3D:C4:17:31:7B:A6:39:A7:FD:60:92:36:9A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/SA5LrFJRMz3EFzF7pjmn_WCSNpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:53:ac:2d:fa:64:28:de:6e:6b:d9:ac:1a:c0:ad:34:17:f8:
         00:65:ac:c9:d1:df:80:75:49:c4:be:ab:29:f1:49:2a:8d:e3:
         cc:96:6e:14:26:45:4e:d5:ac:6b:5b:58:bb:24:fc:7c:40:c4:
         9e:d8:7f:12:72:7e:d4:d3:84:77:e7:5f:a3:73:7d:ea:2a:b5:
         66:40:01:3c:5a:04:8b:2e:ec:6c:6b:26:c6:a7:a1:d0:95:3e:
         49:23:cf:2c:d2:c8:ef:0c:a9:ba:d0:56:c9:6a:dc:3b:25:ab:
         80:a5:82:b9:99:da:93:d5:de:5f:83:5f:cd:d6:59:45:74:d6:
         4e:8c:19:fb:92:c8:3e:c2:b8:9c:b7:6f:df:45:ab:c5:fa:3a:
         19:00:cf:76:a0:18:67:e0:e1:08:23:3f:09:87:4d:ea:36:7b:
         1d:82:58:ab:2b:0e:ac:d6:46:b5:ef:10:c6:95:d8:ed:a7:93:
         d3:b9:20:2b:08:ba:2d:4b:3a:16:08:d2:98:98:4a:5c:18:bb:
         57:e1:b0:3f:8d:9d:5e:be:e9:03:39:da:0f:f7:32:9d:c0:2c:
         8f:75:f4:99:ad:81:d5:a6:c5:64:6b:55:db:76:e1:d2:50:94:
         09:de:58:6e:34:ce:73:6e:2f:c6:33:35:78:2c:f0:8f:0f:5a:
         fd:91:c1:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZft70Gd74pPQat5orrcaBjNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzA5MDY0NjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODBlNGJhYzUyNTEzMzNkYzQxNzMxN2JhNjM5YTdmZDYwOTIzNjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp/3SYcPagfXcVaVVVBk6ArwOLDN
c9ib/LHbADo0FTUE9A1GQvehhaAcPKPRWbmSqPMCcImYvic7ALDLRTBsn97kLjqM
ny4qcCgTgWGdbLjJlgdibcvD65A4iL4h9IsMb6hbe8YCYVEnGXnqHcI03j01ZWjp
8JbV5TtVtev5yD/FE+ep/xiqOHVOux/w50Q4j0S7A9Nj93nfUndnbWxV8RN4EZy4
qtWhDEb8n969i4LV/VgCjayoYNrsCfZAdg+g2fl2t3c2qTlUDvoapVq2foR1A1Jz
7dd9zpiW5Dkn1iXl8ob2In9GmzSsvCm9FVdfL3NnPrynK8D7KX9op+cbswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgOS6xSUTM9xBcxe6Y5p/1gkjaaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvU0E1THJGSlJNejNFRnpGN3BqbW5fV0NTTnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrefMA0G
CSqGSIb3DQEBCwUAA4IBAQCRU6wt+mQo3m5r2awawK00F/gAZazJ0d+AdUnEvqsp
8UkqjePMlm4UJkVO1axrW1i7JPx8QMSe2H8Scn7U04R351+jc33qKrVmQAE8WgSL
LuxsaybGp6HQlT5JI88s0sjvDKm60FbJatw7JauApYK5mdqT1d5fg1/N1llFdNZO
jBn7ksg+wrict2/fRavF+joZAM92oBhn4OEIIz8Jh03qNnsdglirKw6s1ka17xDG
ldjtp5PTuSArCLotSzoWCNKYmEpcGLtX4bA/jZ1evukDOdoP9zKdwCyPdfSZrYHV
psVka1XbduHSUJQJ3lhuNM5zbi/GMzV4LPCPD1r9kcEn
-----END CERTIFICATE-----