Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/YT2H1UfSyOgOCZbrUv0ZqQTO2ww.roa
File:                     YT2H1UfSyOgOCZbrUv0ZqQTO2ww.roa (raw, json)
Hash identifier:          q1L0pUhuVrSNRlRTVxukp6Z0fqvqLSA2OZ0F2b891iY=
Subject key identifier:   61:3D:87:D5:47:D2:C8:E8:0E:09:96:EB:52:FD:19:A9:04:CE:DB:0C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019EADBEF40FA02E430A99CCF0A7215AC994
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/YT2H1UfSyOgOCZbrUv0ZqQTO2ww.roa
Signing time:             Tue 09 Jun 2026 18:57:12 +0000
ROA not before:           Tue 09 Jun 2026 18:57:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59711
IP address blocks:        217.60.120.0/24 maxlen: 24
                          217.60.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 12:09:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:be:f4:0f:a0:2e:43:0a:99:cc:f0:a7:21:5a:c9:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  9 18:57:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=613d87d547d2c8e80e0996eb52fd19a904cedb0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:23:dd:4e:c1:0d:e8:2b:16:0a:ac:67:c1:57:
                    4f:0a:cd:cf:51:3e:27:96:83:67:19:4f:3c:4d:c4:
                    3c:50:e3:1e:8f:a6:b4:b6:80:d8:2c:b4:1c:ae:c8:
                    70:d8:0d:05:33:12:13:21:d9:d2:c4:33:7b:bf:d5:
                    ba:c3:29:b9:c6:43:b0:6c:8c:80:ff:6b:e6:9a:6a:
                    d5:16:3e:33:e4:54:aa:da:04:87:14:69:dd:8f:d0:
                    7b:e8:0d:89:06:a7:fb:7e:ba:ad:33:37:14:53:75:
                    ed:99:c3:ca:16:cf:e7:05:f1:70:6c:ba:91:49:c8:
                    fe:43:79:17:68:f8:0e:45:fa:2f:3a:b0:05:5f:64:
                    8d:43:56:25:7e:28:7a:f8:63:e8:c2:dc:20:45:99:
                    aa:c5:a0:64:d0:77:60:38:a8:7e:5a:b7:a0:2e:45:
                    fe:9c:c6:db:3d:99:b8:58:75:36:84:6f:fc:b0:b4:
                    2b:f4:6e:3b:80:78:2c:6d:8a:29:d6:94:30:7e:71:
                    c7:f5:1e:b4:11:5a:0d:79:7b:60:dc:94:56:79:c2:
                    dd:6c:77:db:d1:7d:61:16:4f:1e:8d:36:d5:da:67:
                    a8:71:bf:3a:59:37:d4:16:8a:a5:37:54:08:7a:1f:
                    64:52:93:e2:17:7d:03:45:2e:bb:d0:8d:26:34:86:
                    5c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:3D:87:D5:47:D2:C8:E8:0E:09:96:EB:52:FD:19:A9:04:CE:DB:0C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/YT2H1UfSyOgOCZbrUv0ZqQTO2ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:9b:b6:0c:de:e3:3c:a1:11:ff:29:b1:5f:e6:08:4a:23:c0:
         5d:1a:3e:04:85:2c:08:b4:34:a4:43:5b:af:7b:ed:24:36:46:
         05:4d:93:39:d5:30:1d:a8:0c:32:78:2d:12:d1:53:91:c3:e5:
         3e:24:07:a3:f3:66:03:66:9e:42:e2:c7:8a:8f:36:f5:4c:85:
         cf:b8:37:00:2b:3a:9e:a2:d0:bd:91:14:18:31:33:bc:d5:36:
         5c:e4:a6:28:ca:3f:90:79:b2:ec:71:51:ec:12:1a:f5:46:e9:
         b5:77:c4:8e:e5:af:ca:54:d5:3f:53:a5:bc:91:e4:c1:89:db:
         a7:6f:98:4e:b0:4f:ad:44:00:e7:cd:d8:51:9b:df:3b:6d:9d:
         03:d5:06:3a:33:59:32:87:64:b8:fb:aa:ab:a7:99:4b:c3:5f:
         25:39:d5:da:58:8c:54:80:73:5d:4b:20:bd:72:d8:8a:a8:de:
         2a:ac:51:65:52:d5:8e:81:60:01:76:58:8f:db:b5:62:74:65:
         d0:50:8c:c1:d2:16:5a:84:67:49:f7:1a:93:4b:53:91:d3:55:
         15:3d:71:22:e4:6a:d7:b2:39:05:01:09:61:a7:73:8b:fd:32:
         a1:d5:f8:f1:6f:8d:62:16:65:16:7e:56:82:fe:56:c7:a8:ed:
         ea:d2:b1:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6tvvQPoC5DCpnM8KchWsmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjA5MTg1NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTNkODdkNTQ3ZDJjOGU4MGUwOTk2ZWI1MmZkMTlhOTA0Y2VkYjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6CPdTsEN6CsWCqxnwVdPCs3PUT4n
loNnGU88TcQ8UOMej6a0toDYLLQcrshw2A0FMxITIdnSxDN7v9W6wym5xkOwbIyA
/2vmmmrVFj4z5FSq2gSHFGndj9B76A2JBqf7frqtMzcUU3XtmcPKFs/nBfFwbLqR
Scj+Q3kXaPgORfovOrAFX2SNQ1Ylfih6+GPowtwgRZmqxaBk0HdgOKh+WregLkX+
nMbbPZm4WHU2hG/8sLQr9G47gHgsbYop1pQwfnHH9R60EVoNeXtg3JRWecLdbHfb
0X1hFk8ejTbV2meocb86WTfUFoqlN1QIeh9kUpPiF30DRS670I0mNIZc9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGE9h9VH0sjoDgmW61L9GakEztsMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWVQySDFVZlN5T2dPQ1piclV2MFpxUVRPMnd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2Tx4MA0G
CSqGSIb3DQEBCwUAA4IBAQCZm7YM3uM8oRH/KbFf5ghKI8BdGj4EhSwItDSkQ1uv
e+0kNkYFTZM51TAdqAwyeC0S0VORw+U+JAej82YDZp5C4seKjzb1TIXPuDcAKzqe
otC9kRQYMTO81TZc5KYoyj+QebLscVHsEhr1Rum1d8SO5a/KVNU/U6W8keTBidun
b5hOsE+tRADnzdhRm987bZ0D1QY6M1kyh2S4+6qrp5lLw18lOdXaWIxUgHNdSyC9
ctiKqN4qrFFlUtWOgWABdliP27VidGXQUIzB0hZahGdJ9xqTS1OR01UVPXEi5GrX
sjkFAQlhp3OL/TKh1fjxb41iFmUWflaC/lbHqO3q0rEn
-----END CERTIFICATE-----