Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GJ1qrr1gLNj_DGRHykXD2P4HCzc.roa
File:                     GJ1qrr1gLNj_DGRHykXD2P4HCzc.roa (raw, json)
Hash identifier:          WbI7XJChajrD/v8o+cRamfGwlRi7z42d78B+s7AYb7k=
Subject key identifier:   18:9D:6A:AE:BD:60:2C:D8:FF:0C:64:47:CA:45:C3:D8:FE:07:0B:37
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01992845C5402BDAF46B671C31E818C62050
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GJ1qrr1gLNj_DGRHykXD2P4HCzc.roa
Signing time:             Mon 08 Sep 2025 07:41:25 +0000
ROA not before:           Mon 08 Sep 2025 07:41:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214078
IP address blocks:        217.60.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:45:c5:40:2b:da:f4:6b:67:1c:31:e8:18:c6:20:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  8 07:41:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=189d6aaebd602cd8ff0c6447ca45c3d8fe070b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:92:e4:f8:ca:d2:18:aa:e8:56:df:93:fc:dd:
                    7f:1a:9f:ed:a7:25:ac:fe:04:89:c4:80:70:16:5c:
                    8a:73:11:2e:07:13:94:9a:76:94:0f:5f:60:5d:de:
                    18:36:2c:5f:b9:82:4a:5e:07:c9:e1:02:23:72:04:
                    17:4e:34:2b:a0:d4:cb:7b:8b:76:16:f1:e4:8a:8b:
                    87:45:1a:05:b6:0a:04:18:f8:7e:a5:89:42:73:68:
                    a5:fb:7d:a7:b1:9c:c3:50:f9:9c:d1:09:58:33:07:
                    b0:fe:b5:1b:93:c1:fa:2e:75:5b:92:d0:17:03:74:
                    c1:de:bf:83:ae:f1:a3:e1:ec:b7:93:f0:0a:82:fc:
                    8a:f4:32:cc:dc:a8:af:a4:52:c3:3f:67:f7:96:a5:
                    e5:21:99:4d:73:12:51:e5:1e:7a:e3:5f:dd:55:df:
                    ca:af:93:f8:6f:48:5c:42:45:7f:fd:f2:01:a9:a9:
                    65:8c:6b:ac:2e:33:43:97:e4:3a:c2:95:e1:27:94:
                    5b:22:ed:c3:c4:a2:92:ff:c9:10:5a:20:01:3e:3c:
                    a3:8d:59:6b:5d:65:22:5d:54:0c:1a:59:f4:6e:fd:
                    93:25:39:2e:16:0c:3c:2c:4c:b8:74:d2:e6:50:03:
                    44:2a:d7:3a:ef:c4:99:d4:56:d4:5c:51:4c:bf:44:
                    6b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:9D:6A:AE:BD:60:2C:D8:FF:0C:64:47:CA:45:C3:D8:FE:07:0B:37
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GJ1qrr1gLNj_DGRHykXD2P4HCzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:12:6f:dc:ca:fc:3e:69:9f:91:6d:27:f7:cb:f5:42:b2:9f:
         cc:70:ec:f4:d9:e7:59:be:69:0b:34:ac:d3:5f:dc:fa:f5:6b:
         d0:13:67:46:9e:35:5c:20:9f:b7:fe:0c:33:26:85:03:45:fa:
         fd:3b:10:00:64:e2:94:51:49:a2:0c:d8:e0:c7:a6:76:3a:05:
         98:f8:ee:ed:51:f0:58:93:27:69:40:18:b2:c5:7a:fa:30:bc:
         b3:b6:cb:48:80:ad:77:c4:9b:c0:fb:2b:a7:b6:c4:10:76:90:
         91:99:65:2d:9d:3e:a7:91:77:16:b8:64:e4:d4:9a:2e:27:90:
         5d:8d:64:77:c1:78:97:f5:49:27:62:8b:f5:48:72:e8:03:4e:
         f5:48:15:70:77:6b:4d:3b:4a:cd:da:85:10:d3:2c:ea:77:5d:
         9f:0d:ac:ff:69:90:89:ae:41:1b:c4:26:53:c3:fa:ff:ef:71:
         64:8a:01:56:a6:d0:16:aa:b3:94:86:de:f2:2c:93:c3:92:7f:
         a7:06:86:6e:3d:55:b2:b6:23:77:2a:5b:7a:2a:77:fa:c9:cc:
         bb:0b:67:88:d6:91:03:22:ef:07:de:5f:cf:5c:92:3e:40:70:
         9e:67:d9:d0:5a:4e:b4:e9:02:30:da:46:26:be:13:39:eb:97:
         c9:3c:79:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkoRcVAK9r0a2ccMegYxiBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTA4MDc0MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODlkNmFhZWJkNjAyY2Q4ZmYwYzY0NDdjYTQ1YzNkOGZlMDcwYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJLk+MrSGKroVt+T/N1/Gp/tpyWs
/gSJxIBwFlyKcxEuBxOUmnaUD19gXd4YNixfuYJKXgfJ4QIjcgQXTjQroNTLe4t2
FvHkiouHRRoFtgoEGPh+pYlCc2il+32nsZzDUPmc0QlYMwew/rUbk8H6LnVbktAX
A3TB3r+DrvGj4ey3k/AKgvyK9DLM3KivpFLDP2f3lqXlIZlNcxJR5R5641/dVd/K
r5P4b0hcQkV//fIBqalljGusLjNDl+Q6wpXhJ5RbIu3DxKKS/8kQWiABPjyjjVlr
XWUiXVQMGln0bv2TJTkuFgw8LEy4dNLmUANEKtc678SZ1FbUXFFMv0RrzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBidaq69YCzY/wxkR8pFw9j+Bws3MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvR0oxcXJyMWdMTmpfREdSSHlrWEQyUDRIQ3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Tz3MA0G
CSqGSIb3DQEBCwUAA4IBAQBUEm/cyvw+aZ+RbSf3y/VCsp/McOz02edZvmkLNKzT
X9z69WvQE2dGnjVcIJ+3/gwzJoUDRfr9OxAAZOKUUUmiDNjgx6Z2OgWY+O7tUfBY
kydpQBiyxXr6MLyztstIgK13xJvA+yuntsQQdpCRmWUtnT6nkXcWuGTk1JouJ5Bd
jWR3wXiX9UknYov1SHLoA071SBVwd2tNO0rN2oUQ0yzqd12fDaz/aZCJrkEbxCZT
w/r/73FkigFWptAWqrOUht7yLJPDkn+nBoZuPVWytiN3Klt6Knf6ycy7C2eI1pED
Iu8H3l/PXJI+QHCeZ9nQWk606QIw2kYmvhM565fJPHlf
-----END CERTIFICATE-----