Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FFc-nq2_-stcorJtCy-YmGU0-xI.roa
File:                     FFc-nq2_-stcorJtCy-YmGU0-xI.roa (raw, json)
Hash identifier:          ezMgAOf/LHEFafLKx2q9mHiY47TR+2U5mqdd9eEZn4I=
Subject key identifier:   14:57:3E:9E:AD:BF:FA:CB:5C:A2:B2:6D:0B:2F:98:98:65:34:FB:12
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CD849A9F61F68711DA05394B19A67A26F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FFc-nq2_-stcorJtCy-YmGU0-xI.roa
Signing time:             Tue 10 Mar 2026 15:07:12 +0000
ROA not before:           Tue 10 Mar 2026 15:07:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212743
IP address blocks:        217.60.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 13:59:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d8:49:a9:f6:1f:68:71:1d:a0:53:94:b1:9a:67:a2:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 10 15:07:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14573e9eadbffacb5ca2b26d0b2f98986534fb12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ba:29:b5:46:62:ce:fe:ca:72:e4:1e:17:5b:
                    e6:5c:69:d3:60:62:25:ca:7f:83:93:11:ca:07:25:
                    8d:26:d7:b0:f3:56:42:17:b6:81:99:d9:ef:d1:56:
                    d5:d1:8c:b7:84:8d:e7:12:dd:d4:1d:eb:59:b0:34:
                    65:87:f6:89:91:14:81:91:38:1e:93:c9:3e:a3:84:
                    50:34:bf:c2:26:d4:38:03:b5:06:df:32:11:e3:24:
                    2c:55:f6:33:2a:f3:1e:fb:9d:73:ce:da:84:8b:11:
                    55:8e:28:e8:92:0c:34:18:df:95:34:78:f0:50:8c:
                    ff:c4:ff:c2:58:07:a1:55:c8:42:5b:04:12:88:c6:
                    43:c4:3f:78:6d:e0:c1:09:d1:43:40:a9:f7:5f:6e:
                    4b:91:1a:25:56:cf:ac:2d:29:d9:14:b7:c2:6d:e5:
                    ee:35:bf:f6:a4:88:9b:11:c9:7f:33:f5:c4:e5:6e:
                    5c:44:e6:30:ef:a3:c2:dc:77:f8:5d:2b:fc:69:f6:
                    50:fd:fe:e4:d2:26:ed:09:b1:31:10:c7:c0:5e:64:
                    ec:2c:4e:02:51:34:39:a2:59:24:72:f2:fc:b7:0e:
                    ab:83:52:be:82:54:1d:d8:fd:ae:cb:2a:d6:d1:2b:
                    74:50:92:53:9d:7b:a6:11:9c:46:48:95:88:e1:1d:
                    10:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:57:3E:9E:AD:BF:FA:CB:5C:A2:B2:6D:0B:2F:98:98:65:34:FB:12
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FFc-nq2_-stcorJtCy-YmGU0-xI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:61:04:7b:61:d6:3e:43:ab:c4:02:56:17:f5:6c:15:4a:5e:
         11:c4:c1:ce:ef:64:6a:4f:72:64:9d:d6:a4:4a:79:b5:12:08:
         35:51:92:dd:e0:92:1c:86:29:49:0d:57:ed:9d:8b:05:bd:71:
         de:a5:39:d1:e8:55:7b:3e:c5:c4:d6:34:b0:f4:b8:47:cd:14:
         82:2c:5c:c9:45:78:6f:43:00:53:53:23:0b:69:e3:24:79:b7:
         91:d3:2a:9a:d6:e7:5e:33:b7:0a:d8:b4:0f:e7:fb:d0:82:dc:
         9c:ce:0f:d6:da:08:fc:a7:7a:51:91:b0:1c:5a:97:29:ef:49:
         bf:bd:73:89:07:7e:c2:d1:9f:05:0a:05:08:b2:8d:56:a2:41:
         59:f7:3a:30:29:6d:69:44:12:81:fd:1b:57:00:0e:79:7a:e4:
         be:f8:fa:05:fb:1f:03:21:4f:c5:1b:75:b2:ec:55:74:50:bc:
         ff:f0:07:df:43:90:4d:cc:fe:e6:f5:c6:e0:78:97:5a:b8:47:
         5c:51:53:0e:af:fe:e8:47:59:4e:eb:0d:b9:9f:47:b0:31:62:
         4f:a1:7d:74:d9:f7:92:81:39:c3:e5:2f:50:c2:99:7c:fa:b0:
         04:c4:e8:9d:b3:45:22:53:42:6b:46:89:54:4f:a0:5e:1a:7c:
         d8:17:0a:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzYSan2H2hxHaBTlLGaZ6JvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzEwMTUwNzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDU3M2U5ZWFkYmZmYWNiNWNhMmIyNmQwYjJmOTg5ODY1MzRmYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLoptUZizv7KcuQeF1vmXGnTYGIl
yn+DkxHKByWNJtew81ZCF7aBmdnv0VbV0Yy3hI3nEt3UHetZsDRlh/aJkRSBkTge
k8k+o4RQNL/CJtQ4A7UG3zIR4yQsVfYzKvMe+51zztqEixFVjijokgw0GN+VNHjw
UIz/xP/CWAehVchCWwQSiMZDxD94beDBCdFDQKn3X25LkRolVs+sLSnZFLfCbeXu
Nb/2pIibEcl/M/XE5W5cROYw76PC3Hf4XSv8afZQ/f7k0ibtCbExEMfAXmTsLE4C
UTQ5olkkcvL8tw6rg1K+glQd2P2uyyrW0St0UJJTnXumEZxGSJWI4R0QZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRXPp6tv/rLXKKybQsvmJhlNPsSMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRkZjLW5xMl8tc3Rjb3JKdEN5LVltR1UwLXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TwMMA0G
CSqGSIb3DQEBCwUAA4IBAQCBYQR7YdY+Q6vEAlYX9WwVSl4RxMHO72RqT3Jkndak
Snm1Egg1UZLd4JIchilJDVftnYsFvXHepTnR6FV7PsXE1jSw9LhHzRSCLFzJRXhv
QwBTUyMLaeMkebeR0yqa1udeM7cK2LQP5/vQgtyczg/W2gj8p3pRkbAcWpcp70m/
vXOJB37C0Z8FCgUIso1WokFZ9zowKW1pRBKB/RtXAA55euS++PoF+x8DIU/FG3Wy
7FV0ULz/8AffQ5BNzP7m9cbgeJdauEdcUVMOr/7oR1lO6w25n0ewMWJPoX102feS
gTnD5S9Qwpl8+rAExOids0UiU0JrRolUT6BeGnzYFwp3
-----END CERTIFICATE-----