Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CI6zwgorFpz0MNbmcHHMoMywtlE.roa
File:                     CI6zwgorFpz0MNbmcHHMoMywtlE.roa (raw, json)
Hash identifier:          cK1+39lNGkVJWc+llGmPtZwvcT+gR8Uz+M7ccfznzKE=
Subject key identifier:   08:8E:B3:C2:0A:2B:16:9C:F4:30:D6:E6:70:71:CC:A0:CC:B0:B6:51
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019DAB09EF7958685CD66D3BB3667DB8EDEE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CI6zwgorFpz0MNbmcHHMoMywtlE.roa
Signing time:             Mon 20 Apr 2026 13:17:28 +0000
ROA not before:           Mon 20 Apr 2026 13:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198154
IP address blocks:        94.183.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:09:ef:79:58:68:5c:d6:6d:3b:b3:66:7d:b8:ed:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 20 13:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=088eb3c20a2b169cf430d6e67071cca0ccb0b651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ef:d0:e3:c6:bb:12:56:b3:51:27:6d:79:16:
                    8a:c5:f1:4e:d3:43:79:a7:99:f4:1a:e0:ae:1c:84:
                    57:84:12:c9:4b:2e:26:9a:0b:c7:55:3f:45:77:94:
                    c7:df:b1:2e:af:e3:6e:31:72:86:5a:e1:e8:ad:d7:
                    68:53:27:9d:0d:1d:8f:28:10:95:8e:0b:bb:20:01:
                    ef:a3:89:79:03:2c:40:b4:b3:78:59:62:67:88:9b:
                    ce:d0:8e:0f:43:79:33:6a:0d:6d:cd:7d:f0:9e:89:
                    12:74:37:7c:1b:9d:23:01:eb:0e:3a:70:cc:99:aa:
                    fd:50:ec:c6:aa:55:88:fb:9b:a5:97:4a:17:d7:88:
                    df:f4:59:e2:78:d3:25:50:8c:43:4d:50:14:41:e0:
                    af:57:fb:03:d6:1d:68:a2:27:9b:82:84:e5:60:b6:
                    5e:6c:21:81:a9:82:f9:10:ea:d0:08:e9:ca:0d:7b:
                    2b:c3:96:ee:d6:e1:fa:0b:0d:aa:a3:61:f9:43:fb:
                    62:a0:64:f8:52:05:76:cf:fc:ad:67:eb:2e:07:eb:
                    6c:59:2c:00:f4:88:2a:16:ea:b5:b0:77:ea:6b:8f:
                    41:44:c6:9c:c3:e3:6a:76:5e:c0:60:77:83:96:b6:
                    1f:99:6f:b0:04:b9:e1:a0:b2:32:37:2e:16:e8:cb:
                    39:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:8E:B3:C2:0A:2B:16:9C:F4:30:D6:E6:70:71:CC:A0:CC:B0:B6:51
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CI6zwgorFpz0MNbmcHHMoMywtlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:22:18:f6:f0:31:23:8c:e2:89:3e:bd:bb:19:03:d1:91:6d:
         06:29:00:b5:c7:b9:27:59:eb:e1:59:94:32:a2:48:87:7a:c6:
         a5:59:11:dd:89:0a:2b:b1:74:9e:02:ec:a9:d4:b7:12:6d:2a:
         3e:5b:f1:fb:22:47:b9:2d:bd:6b:e8:40:0a:d3:f8:00:fc:06:
         d7:e5:52:5a:f0:e3:35:50:2c:d6:7c:ed:83:54:77:77:d5:8a:
         59:ad:54:56:a5:f0:68:60:8d:af:f9:a8:58:07:cb:b1:8a:0d:
         33:18:bb:0b:94:6f:97:6f:2d:9c:52:12:9c:2c:5c:18:29:b5:
         5d:43:54:20:9a:52:5b:a3:1a:e1:da:e6:93:d1:eb:02:a7:63:
         26:62:2a:55:28:b9:de:48:01:72:73:d3:21:14:d4:82:34:db:
         8e:2c:d3:b0:30:27:b2:a0:3c:75:53:81:9d:24:53:5e:db:fd:
         63:ea:ca:6c:1f:a5:31:47:8a:6e:17:71:ae:36:29:e2:6b:98:
         ec:06:ef:ae:27:f1:25:19:71:4a:cb:ee:28:17:97:33:2f:1b:
         01:ca:7c:b3:62:0c:8d:6a:a6:eb:5d:69:ff:41:4f:7b:36:5d:
         90:e8:2c:65:46:36:fc:07:ee:5a:27:2b:d5:0f:b7:0d:6c:a1:
         07:02:5e:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2rCe95WGhc1m07s2Z9uO3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNDIwMTMxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODhlYjNjMjBhMmIxNjljZjQzMGQ2ZTY3MDcxY2NhMGNjYjBiNjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO/Q48a7ElazUSdteRaKxfFO00N5
p5n0GuCuHIRXhBLJSy4mmgvHVT9Fd5TH37Eur+NuMXKGWuHorddoUyedDR2PKBCV
jgu7IAHvo4l5AyxAtLN4WWJniJvO0I4PQ3kzag1tzX3wnokSdDd8G50jAesOOnDM
mar9UOzGqlWI+5ull0oX14jf9FnieNMlUIxDTVAUQeCvV/sD1h1ooiebgoTlYLZe
bCGBqYL5EOrQCOnKDXsrw5bu1uH6Cw2qo2H5Q/tioGT4UgV2z/ytZ+suB+tsWSwA
9IgqFuq1sHfqa49BRMacw+Nqdl7AYHeDlrYfmW+wBLnhoLIyNy4W6Ms5nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiOs8IKKxac9DDW5nBxzKDMsLZRMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ0k2endnb3JGcHowTU5ibWNISE1vTXl3dGxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrenMA0G
CSqGSIb3DQEBCwUAA4IBAQCVIhj28DEjjOKJPr27GQPRkW0GKQC1x7knWevhWZQy
okiHesalWRHdiQorsXSeAuyp1LcSbSo+W/H7Ike5Lb1r6EAK0/gA/AbX5VJa8OM1
UCzWfO2DVHd31YpZrVRWpfBoYI2v+ahYB8uxig0zGLsLlG+Xby2cUhKcLFwYKbVd
Q1QgmlJboxrh2uaT0esCp2MmYipVKLneSAFyc9MhFNSCNNuOLNOwMCeyoDx1U4Gd
JFNe2/1j6spsH6UxR4puF3GuNinia5jsBu+uJ/ElGXFKy+4oF5czLxsBynyzYgyN
aqbrXWn/QU97Nl2Q6CxlRjb8B+5aJyvVD7cNbKEHAl6W
-----END CERTIFICATE-----