Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TknBt5KQxoQiyDGGWi_A2fymWQw.roa
File:                     TknBt5KQxoQiyDGGWi_A2fymWQw.roa (raw, json)
Hash identifier:          kKO1R/id7Q3nN3Yhha+2SbMqxgKWdsi8h6fmSPDW6go=
Subject key identifier:   4E:49:C1:B7:92:90:C6:84:22:C8:31:86:5A:2F:C0:D9:FC:A6:59:0C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EA20316A9114691D6C0F7E97B09B05A55
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TknBt5KQxoQiyDGGWi_A2fymWQw.roa
Signing time:             Sun 07 Jun 2026 12:16:11 +0000
ROA not before:           Sun 07 Jun 2026 12:16:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206647
IP address blocks:        94.183.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a2:03:16:a9:11:46:91:d6:c0:f7:e9:7b:09:b0:5a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  7 12:16:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e49c1b79290c68422c831865a2fc0d9fca6590c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4f:b5:90:50:31:a2:53:35:f0:06:15:58:2b:
                    99:f1:b9:8d:57:98:fb:5a:ef:71:98:1b:ac:da:59:
                    e6:7e:fc:68:24:0b:7b:98:28:64:42:e3:b8:f6:10:
                    73:77:6d:3c:75:10:54:28:1b:05:0a:1b:c9:80:6b:
                    34:f5:0c:0b:11:d8:8f:7d:ab:4b:f4:2f:0c:0b:0d:
                    b7:d3:ce:61:bd:d7:34:c9:9d:7e:09:3d:98:eb:c9:
                    2b:07:85:bc:28:99:19:13:c6:4e:a5:b3:05:82:10:
                    41:3a:12:e2:ce:61:51:ea:69:5f:a3:0f:fd:88:59:
                    ee:e4:23:31:70:bd:7b:39:fd:3c:ba:c2:a0:56:55:
                    f4:76:ea:eb:98:00:70:21:90:0a:d9:30:32:50:36:
                    f5:71:1c:08:80:e2:2a:65:5c:e6:9c:55:a6:30:a0:
                    0b:e8:7a:7c:66:3a:4d:bd:7f:4f:74:79:1e:4d:23:
                    93:5e:cc:46:d5:a5:a0:9e:34:a5:48:0c:86:43:d8:
                    f5:01:a8:ad:4d:c9:84:ca:95:15:39:7b:2f:64:df:
                    18:5d:bb:df:c5:48:fd:cb:dc:ff:d0:8c:84:47:9b:
                    76:84:45:6e:89:33:6b:94:22:5f:69:58:76:31:e1:
                    29:b9:a8:70:69:dc:da:bf:7b:ba:b7:15:29:29:7a:
                    7f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:49:C1:B7:92:90:C6:84:22:C8:31:86:5A:2F:C0:D9:FC:A6:59:0C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TknBt5KQxoQiyDGGWi_A2fymWQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:38:0f:9e:bd:b5:d2:a6:4f:b5:ac:22:62:df:1e:6c:e4:db:
         cc:32:2b:6a:31:d0:91:7a:13:08:24:3b:5e:f5:a1:51:90:cc:
         83:e7:48:b3:4b:67:f4:64:b5:7e:8d:1f:0f:97:94:3c:74:ce:
         0c:1a:b5:80:29:fa:8e:57:60:5c:31:23:fd:22:bc:a0:99:68:
         35:0a:33:72:e7:d0:5d:1c:93:42:c8:70:9c:db:76:a7:b9:92:
         5c:9a:1b:8e:7d:64:dd:17:48:9d:20:e1:59:0f:23:28:a6:67:
         7e:b6:9c:80:49:77:02:35:e6:9b:a6:70:b5:41:36:ca:45:10:
         3b:96:9e:41:64:2f:08:94:1e:1a:8a:3d:a9:77:e4:28:13:e2:
         71:9f:5d:76:42:c1:2d:4c:ef:ac:1a:b6:56:23:1d:bc:31:41:
         7c:e4:ed:0b:75:c6:fd:c6:a0:69:a2:ff:67:67:c7:54:2c:3c:
         f5:5a:28:61:af:8f:54:a6:6f:8e:19:c5:cb:03:61:9e:83:1e:
         ba:49:8e:2a:ab:1b:b0:ce:c3:7b:d6:7a:23:6d:6f:ce:16:62:
         40:f7:cc:29:21:ab:9d:db:35:32:c5:24:7e:70:13:86:f1:01:
         ff:97:1e:ba:a7:36:d3:bd:2f:ca:99:c8:9c:e8:e3:d3:a7:0c:
         e8:8c:a7:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6iAxapEUaR1sD36XsJsFpVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA3MTIxNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQ5YzFiNzkyOTBjNjg0MjJjODMxODY1YTJmYzBkOWZjYTY1OTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjk+1kFAxolM18AYVWCuZ8bmNV5j7
Wu9xmBus2lnmfvxoJAt7mChkQuO49hBzd208dRBUKBsFChvJgGs09QwLEdiPfatL
9C8MCw23085hvdc0yZ1+CT2Y68krB4W8KJkZE8ZOpbMFghBBOhLizmFR6mlfow/9
iFnu5CMxcL17Of08usKgVlX0durrmABwIZAK2TAyUDb1cRwIgOIqZVzmnFWmMKAL
6Hp8ZjpNvX9PdHkeTSOTXsxG1aWgnjSlSAyGQ9j1AaitTcmEypUVOXsvZN8YXbvf
xUj9y9z/0IyER5t2hEVuiTNrlCJfaVh2MeEpuahwadzav3u6txUpKXp/0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5JwbeSkMaEIsgxhlovwNn8plkMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVGtuQnQ1S1F4b1FpeURHR1dpX0EyZnltV1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrfWMA0G
CSqGSIb3DQEBCwUAA4IBAQBuOA+evbXSpk+1rCJi3x5s5NvMMitqMdCRehMIJDte
9aFRkMyD50izS2f0ZLV+jR8Pl5Q8dM4MGrWAKfqOV2BcMSP9IrygmWg1CjNy59Bd
HJNCyHCc23anuZJcmhuOfWTdF0idIOFZDyMopmd+tpyASXcCNeabpnC1QTbKRRA7
lp5BZC8IlB4aij2pd+QoE+Jxn112QsEtTO+sGrZWIx28MUF85O0Ldcb9xqBpov9n
Z8dULDz1Wihhr49Upm+OGcXLA2Gegx66SY4qqxuwzsN71nojbW/OFmJA98wpIaud
2zUyxSR+cBOG8QH/lx66pzbTvS/Kmcic6OPTpwzojKem
-----END CERTIFICATE-----