Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kYq58dtyjjDVvQIHhKEAH_fiRDc.roa
File:                     kYq58dtyjjDVvQIHhKEAH_fiRDc.roa (raw, json)
Hash identifier:          dOtDvTs40OfeRjmpXFwC16HpnMPLaek1e68u17FsfPo=
Subject key identifier:   91:8A:B9:F1:DB:72:8E:30:D5:BD:02:07:84:A1:00:1F:F7:E2:44:37
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01982E05C3150D1D813588B4378D45B275CF
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kYq58dtyjjDVvQIHhKEAH_fiRDc.roa
Signing time:             Mon 21 Jul 2025 17:26:26 +0000
ROA not before:           Mon 21 Jul 2025 17:26:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206647
IP address blocks:        94.183.174.0/24 maxlen: 24
                          94.183.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 03:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2e:05:c3:15:0d:1d:81:35:88:b4:37:8d:45:b2:75:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 21 17:26:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=918ab9f1db728e30d5bd020784a1001ff7e24437
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:dd:9a:e8:2c:e3:7b:9f:7e:7b:83:45:24:24:
                    3b:41:e3:47:e5:43:ce:a6:99:a0:8f:8d:13:9a:e1:
                    49:11:c9:35:63:65:2f:6b:ad:13:1a:d2:63:49:a6:
                    b2:2b:a7:6d:c8:3e:04:b9:69:7a:07:ab:bc:6b:0a:
                    d5:0f:23:18:dc:8a:5e:23:c8:da:f2:69:1d:21:cb:
                    85:18:c8:84:83:d0:67:82:75:fe:d2:32:61:59:b3:
                    c0:f6:c6:7b:1a:3e:1f:82:da:7b:6c:c6:19:43:14:
                    69:5e:63:15:0f:db:b9:75:d2:02:0e:0d:6d:42:18:
                    2e:7d:b3:1c:3f:1c:d3:8c:64:e8:c9:7a:da:b3:7b:
                    08:85:25:74:f5:c7:55:09:73:42:da:93:2c:4a:7d:
                    c3:c6:d9:16:2e:2b:e7:e3:cb:17:cf:3a:91:fb:b9:
                    b7:0f:92:93:d3:32:7f:75:19:61:2c:08:6a:9c:2b:
                    02:9c:ca:19:f6:aa:98:26:5b:9d:14:a0:fc:c1:bd:
                    06:46:7a:b9:94:4a:73:f0:e6:2d:75:d4:3e:32:2b:
                    76:8c:04:1e:de:bb:d0:91:81:a4:4e:c8:eb:6b:67:
                    e7:fb:46:c4:2d:1a:5b:57:f4:7e:b2:50:2a:06:62:
                    63:a5:2f:81:fb:18:b2:22:f2:35:7f:27:c5:c9:1f:
                    73:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:8A:B9:F1:DB:72:8E:30:D5:BD:02:07:84:A1:00:1F:F7:E2:44:37
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kYq58dtyjjDVvQIHhKEAH_fiRDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.174.0/24
                  94.183.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:61:89:4b:28:83:61:45:bd:ae:78:a5:73:72:de:17:04:c1:
         98:33:a1:19:4b:e4:6b:08:a1:52:7f:54:bd:7f:89:52:72:b8:
         29:34:40:51:33:36:d3:ef:a0:73:3e:68:50:18:13:aa:a7:b9:
         7e:57:c5:ca:9e:46:52:24:b7:ec:6b:f7:48:90:3e:90:29:64:
         13:47:c8:ee:55:42:3a:bb:eb:17:07:06:85:b1:00:03:76:18:
         7d:a1:82:92:09:65:e5:fc:a6:28:88:e3:92:88:26:75:60:21:
         d5:40:ed:ac:e6:32:6c:16:4d:23:cb:25:c5:68:b3:c9:c9:e5:
         61:12:8c:fd:f2:27:87:0a:41:7b:86:e0:81:5c:90:8b:ba:e1:
         dc:32:fc:cd:97:e4:99:13:04:48:7d:e8:07:72:c6:03:ef:87:
         a5:d1:1d:ed:31:12:99:76:c1:ca:95:7b:37:42:5a:20:21:71:
         73:f5:98:1a:a8:59:88:8d:73:10:40:a7:03:16:ed:ea:f2:87:
         52:cb:e8:b1:ae:07:be:79:26:95:de:df:54:35:13:ca:80:00:
         b4:ff:ae:2a:25:3d:07:92:57:8a:3a:29:57:92:f3:6b:72:ab:
         23:bf:ea:51:f2:41:a0:de:e3:dd:9d:b3:bc:42:6a:c3:01:a8:
         2c:19:2f:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZguBcMVDR2BNYi0N41FsnXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzIxMTcyNjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MThhYjlmMWRiNzI4ZTMwZDViZDAyMDc4NGExMDAxZmY3ZTI0NDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt92a6Czje59+e4NFJCQ7QeNH5UPO
ppmgj40TmuFJEck1Y2Uva60TGtJjSaayK6dtyD4EuWl6B6u8awrVDyMY3IpeI8ja
8mkdIcuFGMiEg9BngnX+0jJhWbPA9sZ7Gj4fgtp7bMYZQxRpXmMVD9u5ddICDg1t
QhgufbMcPxzTjGToyXras3sIhSV09cdVCXNC2pMsSn3DxtkWLivn48sXzzqR+7m3
D5KT0zJ/dRlhLAhqnCsCnMoZ9qqYJludFKD8wb0GRnq5lEpz8OYtddQ+Mit2jAQe
3rvQkYGkTsjra2fn+0bELRpbV/R+slAqBmJjpS+B+xiyIvI1fyfFyR9zFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJGKufHbco4w1b0CB4ShAB/34kQ3MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEva1lxNThkdHlqakRWdlFJSGhLRUFIX2ZpUkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXreuAwQA
XrewMA0GCSqGSIb3DQEBCwUAA4IBAQBhYYlLKINhRb2ueKVzct4XBMGYM6EZS+Rr
CKFSf1S9f4lScrgpNEBRMzbT76BzPmhQGBOqp7l+V8XKnkZSJLfsa/dIkD6QKWQT
R8juVUI6u+sXBwaFsQADdhh9oYKSCWXl/KYoiOOSiCZ1YCHVQO2s5jJsFk0jyyXF
aLPJyeVhEoz98ieHCkF7huCBXJCLuuHcMvzNl+SZEwRIfegHcsYD74el0R3tMRKZ
dsHKlXs3QlogIXFz9ZgaqFmIjXMQQKcDFu3q8odSy+ixrge+eSaV3t9UNRPKgAC0
/64qJT0HkleKOilXkvNrcqsjv+pR8kGg3uPdnbO8QmrDAagsGS+Q
-----END CERTIFICATE-----