Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GA_wWZxnrZVoWsdAOY_IbnHvpAU.roa
File:                     GA_wWZxnrZVoWsdAOY_IbnHvpAU.roa (raw, json)
Hash identifier:          oztu2UCH4nB2bSmAfBlLi39LPCbjCoHcJxUlq0YQkes=
Subject key identifier:   18:0F:F0:59:9C:67:AD:95:68:5A:C7:40:39:8F:C8:6E:71:EF:A4:05
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CC28221633770E1CF4F1B578AC2808DF8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GA_wWZxnrZVoWsdAOY_IbnHvpAU.roa
Signing time:             Fri 06 Mar 2026 09:37:14 +0000
ROA not before:           Fri 06 Mar 2026 09:37:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51722
IP address blocks:        217.60.200.0/22 maxlen: 24
                          217.60.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 13:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:82:21:63:37:70:e1:cf:4f:1b:57:8a:c2:80:8d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  6 09:37:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=180ff0599c67ad95685ac740398fc86e71efa405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bd:d1:6b:80:73:65:62:05:84:5a:86:24:da:
                    b8:ab:65:c9:d3:9e:1e:a5:23:c2:25:8d:08:cb:07:
                    b1:c3:21:38:0a:cb:19:f5:a3:90:b8:a8:6d:96:ae:
                    eb:71:3c:9e:e8:ff:5d:1d:85:2f:da:e6:8a:df:7e:
                    ed:18:b8:26:70:4f:ba:0b:79:1a:a0:4d:25:74:b0:
                    f6:ff:33:63:a8:fc:d9:54:20:7d:d3:b9:e3:76:6f:
                    dd:e5:20:83:2b:a0:35:f1:96:1e:74:b7:e8:31:50:
                    e8:26:30:7a:c3:2c:c1:20:35:35:c6:09:81:e1:81:
                    bf:57:ac:4c:28:bb:0f:2b:d7:77:23:75:94:50:73:
                    0f:14:07:7e:fc:f1:62:79:2c:ce:62:6b:a3:48:70:
                    5f:ba:39:c6:d2:93:5e:47:0c:54:8f:2a:b8:bf:ca:
                    83:12:05:bb:62:25:5f:29:1f:ec:8d:b1:fa:3b:26:
                    c8:cd:3c:4c:33:86:ab:74:fc:78:bf:3c:98:07:66:
                    a9:2c:4e:25:72:91:fd:1e:d4:a2:f6:48:9a:03:42:
                    e0:ef:a0:6c:a6:f9:47:92:15:ee:a3:31:52:3d:14:
                    8f:58:20:6a:90:9c:72:93:6f:51:60:ba:50:5f:e1:
                    8c:fe:bd:82:12:1a:1f:b6:73:9e:23:8e:e6:1b:db:
                    0f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:0F:F0:59:9C:67:AD:95:68:5A:C7:40:39:8F:C8:6E:71:EF:A4:05
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GA_wWZxnrZVoWsdAOY_IbnHvpAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:38:20:4a:f7:a4:51:3e:91:5c:38:29:4b:91:64:d7:16:d2:
         43:14:f2:b4:2a:7b:e5:2f:c7:26:be:ea:60:e5:6b:36:1f:1b:
         38:b2:63:54:9d:e1:b6:38:66:5b:44:2f:23:69:37:50:03:68:
         f4:8a:e3:db:02:b6:a5:6f:d6:5c:78:94:b5:91:e8:e5:a1:99:
         e2:f9:6f:ea:43:fc:f6:2b:a0:56:6d:f0:ec:71:26:94:39:ea:
         2d:a0:7a:cd:a4:ab:3e:44:2d:10:16:6f:97:42:ce:fd:3f:2b:
         f6:e6:37:98:0f:8d:55:3d:3d:16:21:d6:b9:95:07:1c:65:11:
         b6:89:62:18:fd:2a:54:63:ef:84:5a:c5:e3:c1:dc:bd:41:4b:
         ec:a3:11:57:e3:02:76:00:73:38:22:04:0c:97:6e:1d:6c:bf:
         af:8d:83:b5:66:7c:67:e7:5c:71:c6:83:79:1c:27:0c:25:8d:
         bd:4a:b7:79:f5:8d:8d:54:68:dd:c2:c1:3f:6c:2d:70:84:9d:
         18:a4:23:73:1b:06:f9:2c:4d:2c:4c:61:d3:07:0b:f1:9c:a7:
         4a:52:2f:e1:80:71:c9:25:05:19:cd:a0:6c:9c:78:80:f9:d2:
         ad:30:e6:34:4e:c0:f1:29:eb:68:14:bc:00:ee:ea:e4:93:e5:
         2b:0c:5a:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzCgiFjN3Dhz08bV4rCgI34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzA2MDkzNzE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODBmZjA1OTljNjdhZDk1Njg1YWM3NDAzOThmYzg2ZTcxZWZhNDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx73Ra4BzZWIFhFqGJNq4q2XJ054e
pSPCJY0IywexwyE4CssZ9aOQuKhtlq7rcTye6P9dHYUv2uaK337tGLgmcE+6C3ka
oE0ldLD2/zNjqPzZVCB907njdm/d5SCDK6A18ZYedLfoMVDoJjB6wyzBIDU1xgmB
4YG/V6xMKLsPK9d3I3WUUHMPFAd+/PFieSzOYmujSHBfujnG0pNeRwxUjyq4v8qD
EgW7YiVfKR/sjbH6OybIzTxMM4ardPx4vzyYB2apLE4lcpH9HtSi9kiaA0Lg76Bs
pvlHkhXuozFSPRSPWCBqkJxyk29RYLpQX+GM/r2CEhoftnOeI47mG9sPOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgP8FmcZ62VaFrHQDmPyG5x76QFMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvR0Ffd1daeG5yWlZvV3NkQU9ZX0libkh2cEFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2TzIMA0G
CSqGSIb3DQEBCwUAA4IBAQA1OCBK96RRPpFcOClLkWTXFtJDFPK0KnvlL8cmvupg
5Ws2Hxs4smNUneG2OGZbRC8jaTdQA2j0iuPbAralb9ZceJS1kejloZni+W/qQ/z2
K6BWbfDscSaUOeotoHrNpKs+RC0QFm+XQs79Pyv25jeYD41VPT0WIda5lQccZRG2
iWIY/SpUY++EWsXjwdy9QUvsoxFX4wJ2AHM4IgQMl24dbL+vjYO1Znxn51xxxoN5
HCcMJY29Srd59Y2NVGjdwsE/bC1whJ0YpCNzGwb5LE0sTGHTBwvxnKdKUi/hgHHJ
JQUZzaBsnHiA+dKtMOY0TsDxKetoFLwA7urkk+UrDFol
-----END CERTIFICATE-----