Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RCT7uSHPqR2DmOnkCzRWEkoTMos.roa
File:                     RCT7uSHPqR2DmOnkCzRWEkoTMos.roa (raw, json)
Hash identifier:          QKGJTUBMuX0YcnfuOinFnxjI/LK6j2o2yI90fymyhro=
Subject key identifier:   44:24:FB:B9:21:CF:A9:1D:83:98:E9:E4:0B:34:56:12:4A:13:32:8B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A790E18E7649740CB8BF8DE39BE33EF60
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RCT7uSHPqR2DmOnkCzRWEkoTMos.roa
Signing time:             Wed 12 Nov 2025 17:12:38 +0000
ROA not before:           Wed 12 Nov 2025 17:12:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214431
IP address blocks:        94.183.156.0/24 maxlen: 24
                          94.183.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Nov 2025 15:11:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:79:0e:18:e7:64:97:40:cb:8b:f8:de:39:be:33:ef:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 12 17:12:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4424fbb921cfa91d8398e9e40b3456124a13328b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3a:ae:e8:3a:8e:cf:b8:59:78:42:1e:78:12:
                    f6:3c:3f:d3:e8:40:b7:9e:f7:c7:f7:35:b3:09:88:
                    90:82:72:ba:ab:7f:93:60:7f:9e:48:8c:57:4c:c1:
                    d6:91:4f:dc:35:30:16:91:6c:77:4e:60:9a:9a:64:
                    b5:4f:1b:f2:54:db:99:f3:2f:90:b2:64:25:c7:ed:
                    49:c5:17:78:c5:ab:0c:1b:f6:63:55:38:ba:18:05:
                    79:92:df:24:0a:91:45:ff:30:8c:b8:e4:12:2f:89:
                    33:9c:97:a1:ba:f2:89:8c:f9:d6:6f:25:cf:7b:1c:
                    32:8f:f0:84:be:72:24:32:7a:e3:c8:d5:87:49:c4:
                    1b:76:1c:3c:bf:7c:4c:82:1e:3d:b2:03:f5:33:72:
                    8f:a3:be:2e:d7:69:03:fa:08:6a:d6:2c:5c:59:16:
                    79:be:e5:fb:0d:7c:0d:9d:c3:1c:de:e8:d8:c2:1e:
                    df:1c:bd:86:30:56:ef:37:b0:17:8a:b2:fa:d9:d4:
                    8a:c4:fc:68:0e:27:3e:71:b6:1e:78:7c:92:0f:4e:
                    aa:4c:d5:3b:60:e5:8c:4e:5f:e2:c5:2b:8a:73:1c:
                    61:ba:1f:3a:0a:e7:94:cf:9a:87:1d:c2:e7:31:80:
                    a7:4e:57:f3:8b:9a:65:c2:35:e3:ed:fd:0a:84:b0:
                    39:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:24:FB:B9:21:CF:A9:1D:83:98:E9:E4:0B:34:56:12:4A:13:32:8B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RCT7uSHPqR2DmOnkCzRWEkoTMos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:6b:a3:c8:87:e0:c8:90:d9:82:f8:cc:85:1f:3c:08:be:a1:
         e5:38:4d:40:a3:d2:8f:98:94:a0:dc:61:10:83:7c:3d:b4:42:
         0e:70:2c:9f:7c:51:c4:19:39:08:d5:67:e1:20:58:f2:ee:f1:
         dc:f6:41:ae:4a:9d:cb:ec:43:f5:0c:36:8e:ef:b9:86:86:7d:
         28:4a:77:cc:df:81:5b:d8:e9:be:b4:8c:20:a9:59:d3:94:73:
         4d:3c:7b:30:05:1d:9b:6b:a5:41:fd:24:01:91:0c:4a:36:bb:
         cf:34:3d:15:fd:13:50:27:d2:8a:60:54:a1:3e:32:13:02:e1:
         ed:9e:05:d3:d2:57:88:13:54:d4:0d:aa:61:f8:99:76:d2:5c:
         5e:73:cd:49:c9:4b:77:c7:80:8e:85:03:a1:cb:95:b9:6b:50:
         25:10:d6:6e:57:0c:ae:04:4c:b3:6a:75:bf:24:84:85:84:32:
         f7:52:3f:10:9d:a6:c5:e2:55:ad:f9:97:14:60:23:13:4d:da:
         1a:18:48:d7:1c:b9:0a:11:3e:30:c7:aa:a1:2f:12:ec:23:c9:
         9f:c5:9d:ae:e2:3c:f6:4f:2e:41:46:9b:69:bd:3d:0c:73:2f:
         c6:32:24:ec:42:6b:4d:46:2b:ba:3b:cb:9f:a5:62:5c:2e:f9:
         aa:5b:db:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZp5DhjnZJdAy4v43jm+M+9gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTEyMTcxMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDI0ZmJiOTIxY2ZhOTFkODM5OGU5ZTQwYjM0NTYxMjRhMTMzMjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjqu6DqOz7hZeEIeeBL2PD/T6EC3
nvfH9zWzCYiQgnK6q3+TYH+eSIxXTMHWkU/cNTAWkWx3TmCammS1TxvyVNuZ8y+Q
smQlx+1JxRd4xasMG/ZjVTi6GAV5kt8kCpFF/zCMuOQSL4kznJehuvKJjPnWbyXP
exwyj/CEvnIkMnrjyNWHScQbdhw8v3xMgh49sgP1M3KPo74u12kD+ghq1ixcWRZ5
vuX7DXwNncMc3ujYwh7fHL2GMFbvN7AXirL62dSKxPxoDic+cbYeeHySD06qTNU7
YOWMTl/ixSuKcxxhuh86CueUz5qHHcLnMYCnTlfzi5plwjXj7f0KhLA5+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQk+7khz6kdg5jp5As0VhJKEzKLMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUkNUN3VTSFBxUjJEbU9ua0N6UldFa29UTW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXrecMA0G
CSqGSIb3DQEBCwUAA4IBAQAka6PIh+DIkNmC+MyFHzwIvqHlOE1Ao9KPmJSg3GEQ
g3w9tEIOcCyffFHEGTkI1WfhIFjy7vHc9kGuSp3L7EP1DDaO77mGhn0oSnfM34Fb
2Om+tIwgqVnTlHNNPHswBR2ba6VB/SQBkQxKNrvPND0V/RNQJ9KKYFShPjITAuHt
ngXT0leIE1TUDaph+Jl20lxec81JyUt3x4COhQOhy5W5a1AlENZuVwyuBEyzanW/
JISFhDL3Uj8QnabF4lWt+ZcUYCMTTdoaGEjXHLkKET4wx6qhLxLsI8mfxZ2u4jz2
Ty5BRptpvT0Mcy/GMiTsQmtNRiu6O8ufpWJcLvmqW9tz
-----END CERTIFICATE-----