Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uwgokzH1Zkil_FiihZhc30jUeZE.roa
File:                     uwgokzH1Zkil_FiihZhc30jUeZE.roa (raw, json)
Hash identifier:          yhWreb6k986KBrMYPEU+wR/eihDfjY3YoL9hVOjfvi0=
Subject key identifier:   BB:08:28:93:31:F5:66:48:A5:FC:58:A2:85:98:5C:DF:48:D4:79:91
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01982788FEDB5ABFE06B17EF716E13FF882C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uwgokzH1Zkil_FiihZhc30jUeZE.roa
Signing time:             Sun 20 Jul 2025 11:12:26 +0000
ROA not before:           Sun 20 Jul 2025 11:12:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216169
IP address blocks:        217.60.199.0/24 maxlen: 24
                          217.60.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:27:88:fe:db:5a:bf:e0:6b:17:ef:71:6e:13:ff:88:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 20 11:12:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb08289331f56648a5fc58a285985cdf48d47991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:22:76:26:86:40:34:de:aa:22:e0:b3:19:d6:
                    ee:68:29:1b:65:7b:d7:4d:00:0b:16:f1:2f:22:ba:
                    d2:61:b8:e5:2a:76:82:d9:02:c4:c2:b6:66:66:57:
                    22:40:8d:57:78:0f:e0:02:0b:05:26:d5:d8:71:19:
                    91:1b:5c:7b:6e:56:50:06:ba:5b:0b:e1:59:03:1a:
                    1d:50:20:ea:25:d9:cc:46:34:7c:0f:1e:82:d6:60:
                    85:b5:e3:e5:e4:1e:3d:9c:75:6d:e6:9e:51:37:ac:
                    e1:7f:ee:f1:1e:82:35:02:6e:f2:c3:15:32:9d:cc:
                    ed:3f:bf:0d:ed:11:77:40:74:1b:8d:87:d6:89:5f:
                    cd:6f:3a:73:89:07:c5:bf:34:f1:b5:7f:81:d9:47:
                    1e:5c:64:1b:9f:dc:9f:58:9f:63:d3:0e:6d:2b:ef:
                    18:48:df:cf:42:e7:e3:63:01:fb:02:b9:42:31:3f:
                    d5:d5:d8:4e:58:40:8e:77:dd:ef:89:6e:36:58:8c:
                    e7:1c:42:91:c6:1b:51:82:42:21:8c:b5:b5:83:0f:
                    14:01:44:d5:97:aa:5b:85:26:39:11:e3:0c:bb:b2:
                    1c:b5:89:e4:f8:3b:e7:ea:83:c1:0f:bf:0c:dc:dc:
                    43:7c:f4:02:87:92:1f:76:a0:86:32:9f:33:35:61:
                    54:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:08:28:93:31:F5:66:48:A5:FC:58:A2:85:98:5C:DF:48:D4:79:91
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uwgokzH1Zkil_FiihZhc30jUeZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.199.0/24
                  217.60.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:d7:43:f3:81:ad:72:e3:a5:40:f5:b2:98:50:1c:ce:b1:10:
         1a:9a:87:44:fb:33:14:ec:9c:12:f2:18:f8:ef:92:1a:d5:96:
         dc:b1:09:38:69:8c:29:fa:69:f7:f3:bb:3b:5c:c0:41:90:49:
         39:85:ad:62:d2:82:93:a3:32:8a:87:5f:37:a4:b7:64:bb:66:
         f7:13:bd:0e:56:e2:9e:47:fe:bf:38:24:85:ff:36:4b:47:49:
         58:c7:e4:ca:62:4e:43:ca:c7:31:ee:14:3c:a4:31:55:91:0c:
         3d:9d:ab:3e:6f:24:50:fb:7d:85:42:65:38:a7:74:ca:cc:f0:
         9a:98:b6:bf:05:9c:35:02:56:a9:5d:fa:70:22:7b:07:92:4b:
         7b:e2:80:53:db:22:4b:28:01:f1:6f:3c:e3:96:b3:cf:a0:dd:
         c1:95:68:8f:7d:be:1f:54:88:63:61:75:db:8f:c9:4b:a9:ab:
         eb:c5:5d:78:f7:5e:a4:d9:1f:de:4b:68:5c:19:b8:c5:1e:fc:
         8d:b4:cd:c4:fc:80:9c:dc:06:14:73:8e:cc:9b:36:a8:4e:a5:
         b9:7a:8b:25:ca:5d:4c:53:b1:8b:88:c5:6e:1f:4e:16:bc:45:
         c9:61:29:99:bd:79:ff:4b:3b:1b:f1:11:68:94:1a:77:3a:2d:
         e2:59:82:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgniP7bWr/gaxfvcW4T/4gsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzIwMTExMjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjA4Mjg5MzMxZjU2NjQ4YTVmYzU4YTI4NTk4NWNkZjQ4ZDQ3OTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiJ2JoZANN6qIuCzGdbuaCkbZXvX
TQALFvEvIrrSYbjlKnaC2QLEwrZmZlciQI1XeA/gAgsFJtXYcRmRG1x7blZQBrpb
C+FZAxodUCDqJdnMRjR8Dx6C1mCFtePl5B49nHVt5p5RN6zhf+7xHoI1Am7ywxUy
ncztP78N7RF3QHQbjYfWiV/NbzpziQfFvzTxtX+B2UceXGQbn9yfWJ9j0w5tK+8Y
SN/PQufjYwH7ArlCMT/V1dhOWECOd93viW42WIznHEKRxhtRgkIhjLW1gw8UAUTV
l6pbhSY5EeMMu7IctYnk+Dvn6oPBD78M3NxDfPQCh5IfdqCGMp8zNWFUJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLsIKJMx9WZIpfxYooWYXN9I1HmRMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdXdnb2t6SDFaa2lsX0ZpaWhaaGMzMGpVZVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2TzHAwQA
2TztMA0GCSqGSIb3DQEBCwUAA4IBAQB310Pzga1y46VA9bKYUBzOsRAamodE+zMU
7JwS8hj475Ia1ZbcsQk4aYwp+mn387s7XMBBkEk5ha1i0oKTozKKh183pLdku2b3
E70OVuKeR/6/OCSF/zZLR0lYx+TKYk5Dyscx7hQ8pDFVkQw9nas+byRQ+32FQmU4
p3TKzPCamLa/BZw1AlapXfpwInsHkkt74oBT2yJLKAHxbzzjlrPPoN3BlWiPfb4f
VIhjYXXbj8lLqavrxV14916k2R/eS2hcGbjFHvyNtM3E/ICc3AYUc47MmzaoTqW5
eoslyl1MU7GLiMVuH04WvEXJYSmZvXn/Szsb8RFolBp3Oi3iWYI9
-----END CERTIFICATE-----