Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RZIF4n65qemc-clhHVZuUjc5_44.roa
File:                     RZIF4n65qemc-clhHVZuUjc5_44.roa (raw, json)
Hash identifier:          hJ4mSO0TkOHpnn0ZLWQPSMyGbZjSlCg4ohXoLKVwFFw=
Subject key identifier:   45:92:05:E2:7E:B9:A9:E9:9C:F9:C9:61:1D:56:6E:52:37:39:FF:8E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E6A0F001775C368D0CB582E3D85758704
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RZIF4n65qemc-clhHVZuUjc5_44.roa
Signing time:             Wed 27 May 2026 15:30:28 +0000
ROA not before:           Wed 27 May 2026 15:30:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215228
IP address blocks:        217.60.193.0/24 maxlen: 24
                          217.60.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 16:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6a:0f:00:17:75:c3:68:d0:cb:58:2e:3d:85:75:87:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 27 15:30:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=459205e27eb9a9e99cf9c9611d566e523739ff8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c2:70:1e:bd:9d:a6:50:b7:6c:3a:f5:3f:76:
                    3b:2f:61:f5:c9:e9:49:50:dc:b0:5d:c1:12:0b:03:
                    44:e6:9a:a4:57:df:9e:85:15:8f:84:0c:76:d2:31:
                    16:ba:72:ca:4c:4c:af:96:ca:93:e2:35:6e:12:bb:
                    a1:60:9f:2e:6c:14:0a:89:a8:2a:5a:fe:b2:13:a9:
                    60:e5:17:7c:d5:2e:c1:9b:ee:77:31:76:7b:8e:6c:
                    01:58:3b:e2:75:44:fc:9e:0a:19:19:8b:9b:92:65:
                    db:e6:09:2c:3d:f7:93:42:97:23:90:27:ca:52:f3:
                    a9:8e:90:81:74:ce:63:2e:70:b4:c9:1c:b6:f4:e8:
                    27:d1:dc:d4:f7:65:60:7d:c8:2a:2d:40:ff:d8:15:
                    b9:b8:c6:ea:ab:02:9e:85:98:a5:d9:fa:10:28:b3:
                    65:b9:7b:12:20:c6:d4:2c:60:7c:e6:a2:62:70:13:
                    62:48:47:fa:b7:3f:b6:24:07:e5:36:a3:7c:4e:8d:
                    bf:f2:38:05:45:7b:08:15:ec:6c:9f:1e:5a:cd:2d:
                    7d:01:75:82:8a:a1:e5:8a:bd:97:ae:07:54:38:bf:
                    6c:15:ef:b0:16:2d:d8:09:45:b6:e2:46:38:d5:c2:
                    83:22:41:db:5c:bc:a2:56:8f:6c:89:ef:16:0c:b3:
                    73:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:92:05:E2:7E:B9:A9:E9:9C:F9:C9:61:1D:56:6E:52:37:39:FF:8E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RZIF4n65qemc-clhHVZuUjc5_44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.193.0-217.60.194.255

    Signature Algorithm: sha256WithRSAEncryption
         6f:84:77:72:14:95:53:57:90:b2:e6:8b:56:06:6b:6c:e9:62:
         44:a7:e2:6f:53:b1:b5:89:65:f2:b3:6d:b4:7e:fc:3f:e0:83:
         7f:a0:5e:7f:0d:9a:b8:1d:cf:35:73:33:0d:b4:b4:08:b0:9f:
         a6:80:11:73:d4:1d:21:af:cf:d4:b4:57:f9:89:2d:c3:81:56:
         9a:d9:e1:97:2d:2b:a9:3b:78:d0:1e:ec:10:48:0d:4b:41:a9:
         e8:f4:4c:93:63:45:43:5d:01:0f:a7:46:25:3b:58:c6:d2:f6:
         51:83:c7:d5:32:40:75:e1:6a:8e:45:cd:60:59:5d:a6:b9:26:
         14:ec:cd:a3:05:be:31:ad:35:39:69:58:c6:5d:1a:f2:8a:8d:
         36:c1:87:76:34:cd:a7:19:10:f8:8a:02:ac:56:7e:75:16:1e:
         72:2b:6a:b2:ea:e9:dc:c7:92:14:1f:6f:df:7a:80:f9:88:9e:
         83:dd:3f:46:71:3f:38:dd:12:e3:9a:07:54:ee:bb:d1:29:10:
         3f:dd:6c:bb:70:6e:fb:7a:58:ba:b9:44:5c:40:56:22:4d:fa:
         b0:52:a1:c6:01:43:4d:34:cc:b7:d7:d2:c4:4b:e7:d4:a5:50:
         c3:1d:2c:8d:9a:12:93:cd:55:00:8c:23:ed:12:73:9b:5b:4e:
         12:88:87:2f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5qDwAXdcNo0MtYLj2FdYcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTI3MTUzMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTkyMDVlMjdlYjlhOWU5OWNmOWM5NjExZDU2NmU1MjM3MzlmZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8JwHr2dplC3bDr1P3Y7L2H1yelJ
UNywXcESCwNE5pqkV9+ehRWPhAx20jEWunLKTEyvlsqT4jVuEruhYJ8ubBQKiagq
Wv6yE6lg5Rd81S7Bm+53MXZ7jmwBWDvidUT8ngoZGYubkmXb5gksPfeTQpcjkCfK
UvOpjpCBdM5jLnC0yRy29Ogn0dzU92VgfcgqLUD/2BW5uMbqqwKehZil2foQKLNl
uXsSIMbULGB85qJicBNiSEf6tz+2JAflNqN8To2/8jgFRXsIFexsnx5azS19AXWC
iqHlir2XrgdUOL9sFe+wFi3YCUW24kY41cKDIkHbXLyiVo9sie8WDLNzxwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEWSBeJ+uanpnPnJYR1WblI3Of+OMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUlpJRjRuNjVxZW1jLWNsaEhWWnVVamM1XzQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADZPMED
BADZPMIwDQYJKoZIhvcNAQELBQADggEBAG+Ed3IUlVNXkLLmi1YGa2zpYkSn4m9T
sbWJZfKzbbR+/D/gg3+gXn8NmrgdzzVzMw20tAiwn6aAEXPUHSGvz9S0V/mJLcOB
VprZ4ZctK6k7eNAe7BBIDUtBqej0TJNjRUNdAQ+nRiU7WMbS9lGDx9UyQHXhao5F
zWBZXaa5JhTszaMFvjGtNTlpWMZdGvKKjTbBh3Y0zacZEPiKAqxWfnUWHnIrarLq
6dzHkhQfb996gPmInoPdP0ZxPzjdEuOaB1Tuu9EpED/dbLtwbvt6WLq5RFxAViJN
+rBSocYBQ000zLfX0sRL59SlUMMdLI2aEpPNVQCMI+0Sc5tbThKIhy8=
-----END CERTIFICATE-----