Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HYnzuqNt90a6EgGaYNxRqH-VGbA.roa
File:                     HYnzuqNt90a6EgGaYNxRqH-VGbA.roa (raw, json)
Hash identifier:          2bNXx5vIoCl9QC6rA2VzWxVQ/uubCIP5u8LNz9Nb7tM=
Subject key identifier:   1D:89:F3:BA:A3:6D:F7:46:BA:12:01:9A:60:DC:51:A8:7F:95:19:B0
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01979E24D85F1A3719A4C82E9E93A3F1098D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HYnzuqNt90a6EgGaYNxRqH-VGbA.roa
Signing time:             Mon 23 Jun 2025 18:55:04 +0000
ROA not before:           Mon 23 Jun 2025 18:55:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215391
IP address blocks:        217.60.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 16:32:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9e:24:d8:5f:1a:37:19:a4:c8:2e:9e:93:a3:f1:09:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 23 18:55:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d89f3baa36df746ba12019a60dc51a87f9519b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b7:d3:08:b2:85:00:13:23:ad:70:9e:aa:06:
                    e9:e2:01:90:71:95:f0:2a:bf:6f:02:30:86:4e:b9:
                    6c:b8:87:c3:1d:4b:78:52:18:5e:51:cf:f3:19:96:
                    fc:6c:ba:b5:7c:b3:17:d5:92:19:da:b6:2a:4a:2f:
                    92:77:d6:de:9e:e5:db:9e:c9:86:df:d7:24:4b:cb:
                    33:21:08:fe:3c:9a:53:81:81:94:02:9b:69:d8:26:
                    28:96:53:35:f8:4b:e9:90:6d:91:73:89:c8:3c:8a:
                    c4:7f:1d:97:35:3f:be:77:9d:3d:72:04:2b:b9:05:
                    6c:7d:7b:70:19:d7:50:8f:e7:5a:f9:d2:46:81:12:
                    23:f6:8b:b6:d8:06:94:ed:f7:f4:23:5f:f8:8e:25:
                    c2:a9:90:7d:9c:77:ad:dc:05:d7:46:f4:e7:b8:a6:
                    88:3c:8d:11:90:a4:01:18:6d:94:d8:77:c3:4f:c6:
                    b0:7e:f2:6e:b0:b6:c1:be:c7:a8:58:0b:dd:2b:92:
                    df:fc:d9:70:7e:ed:1d:03:6a:6a:8c:4e:2b:59:bf:
                    8e:5b:34:b2:ae:07:22:26:76:93:16:d5:83:89:5f:
                    06:91:3f:0e:2e:e8:1a:be:d2:5a:ce:00:c4:23:0c:
                    b3:fb:ba:cb:62:46:bf:dd:f1:30:69:aa:4b:9c:13:
                    ce:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:89:F3:BA:A3:6D:F7:46:BA:12:01:9A:60:DC:51:A8:7F:95:19:B0
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HYnzuqNt90a6EgGaYNxRqH-VGbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:56:e1:5e:00:5f:ec:87:33:b9:7c:7b:f9:3b:f4:41:41:8f:
         d6:4f:c7:e7:ea:06:94:31:1e:53:da:cd:93:f5:c3:9d:4f:a6:
         8d:21:2a:da:5b:fe:5a:38:bf:6a:e7:03:04:38:65:7c:73:5a:
         c0:bb:25:e9:a4:f9:b4:e5:a0:08:11:bd:55:e7:a9:80:62:73:
         17:04:9c:e9:7b:0b:38:ff:ab:44:36:fe:fe:69:51:2f:62:9a:
         11:7d:be:78:c2:e8:c2:f0:45:9b:73:2f:fb:d6:44:b5:76:72:
         c5:02:d7:40:53:45:59:65:85:8d:55:c1:b8:92:4a:a9:42:a2:
         87:a9:d1:d2:df:32:58:bf:81:d8:64:c0:ba:5b:7b:a3:d7:b0:
         bb:d2:d8:04:8c:db:69:ad:22:7c:66:09:76:1d:f6:41:81:45:
         72:03:8b:bf:c7:29:fb:94:af:cc:73:d7:cd:95:fd:ab:28:7a:
         3a:53:d7:4d:74:ee:e9:ce:f8:c6:7b:7b:11:9e:07:04:47:77:
         bb:ac:c2:c3:c4:53:6f:a5:f0:76:e4:2e:c5:a1:72:a7:b3:2e:
         e3:28:4e:3a:a4:0b:25:dc:70:37:2b:07:6c:23:7b:4b:81:e5:
         11:21:18:9c:55:51:0b:2d:fb:96:01:81:d9:cd:be:93:14:e2:
         2d:82:ac:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeeJNhfGjcZpMgunpOj8QmNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjIzMTg1NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDg5ZjNiYWEzNmRmNzQ2YmExMjAxOWE2MGRjNTFhODdmOTUxOWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07fTCLKFABMjrXCeqgbp4gGQcZXw
Kr9vAjCGTrlsuIfDHUt4UhheUc/zGZb8bLq1fLMX1ZIZ2rYqSi+Sd9benuXbnsmG
39ckS8szIQj+PJpTgYGUAptp2CYollM1+EvpkG2Rc4nIPIrEfx2XNT++d509cgQr
uQVsfXtwGddQj+da+dJGgRIj9ou22AaU7ff0I1/4jiXCqZB9nHet3AXXRvTnuKaI
PI0RkKQBGG2U2HfDT8awfvJusLbBvseoWAvdK5Lf/Nlwfu0dA2pqjE4rWb+OWzSy
rgciJnaTFtWDiV8GkT8OLugavtJazgDEIwyz+7rLYka/3fEwaapLnBPOJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2J87qjbfdGuhIBmmDcUah/lRmwMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSFluenVxTnQ5MGE2RWdHYVlOeFJxSC1WR2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Tz+MA0G
CSqGSIb3DQEBCwUAA4IBAQAkVuFeAF/shzO5fHv5O/RBQY/WT8fn6gaUMR5T2s2T
9cOdT6aNISraW/5aOL9q5wMEOGV8c1rAuyXppPm05aAIEb1V56mAYnMXBJzpews4
/6tENv7+aVEvYpoRfb54wujC8EWbcy/71kS1dnLFAtdAU0VZZYWNVcG4kkqpQqKH
qdHS3zJYv4HYZMC6W3uj17C70tgEjNtprSJ8Zgl2HfZBgUVyA4u/xyn7lK/Mc9fN
lf2rKHo6U9dNdO7pzvjGe3sRngcER3e7rMLDxFNvpfB25C7FoXKnsy7jKE46pAsl
3HA3KwdsI3tLgeURIRicVVELLfuWAYHZzb6TFOItgqyh
-----END CERTIFICATE-----