Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_NDyWDbCd4kNLwukvAC9wT7dHS4.roa
File:                     _NDyWDbCd4kNLwukvAC9wT7dHS4.roa (raw, json)
Hash identifier:          je4PU4Ve19ud8gyLSiU9JcD9kZ3rNYPt0QIuqt81jPo=
Subject key identifier:   FC:D0:F2:58:36:C2:77:89:0D:2F:0B:A4:BC:00:BD:C1:3E:DD:1D:2E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E796DEF3F77A1246C8D96B5F27D77B362
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_NDyWDbCd4kNLwukvAC9wT7dHS4.roa
Signing time:             Sat 30 May 2026 15:08:28 +0000
ROA not before:           Sat 30 May 2026 15:08:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197574
IP address blocks:        217.60.32.0/24 maxlen: 24
                          217.60.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:79:6d:ef:3f:77:a1:24:6c:8d:96:b5:f2:7d:77:b3:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 30 15:08:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fcd0f25836c277890d2f0ba4bc00bdc13edd1d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:29:01:c2:05:82:23:68:69:a1:39:c5:b8:1e:
                    3a:96:9a:8f:c1:98:7b:fb:02:49:8b:ad:28:8c:3f:
                    cb:4e:35:3a:9a:c7:39:c1:2a:21:31:bf:d5:f1:21:
                    d6:98:61:63:a3:d6:e3:ee:c6:1e:a0:14:06:22:20:
                    d3:0a:f0:c9:7d:df:98:57:fc:8a:63:af:de:e0:c7:
                    b4:4b:a3:ee:63:21:dc:85:72:10:48:67:3f:2c:9a:
                    55:3e:61:a1:d3:55:14:71:5f:c3:dc:ca:6d:2f:38:
                    34:39:c1:24:4f:90:14:b0:6f:2c:27:05:d7:72:46:
                    48:b1:72:87:1d:0d:14:99:59:b5:51:6c:d0:7e:b7:
                    a7:c2:12:c0:17:3e:c3:f4:a2:ac:cb:f4:ad:33:ed:
                    f1:f1:f4:5a:19:95:81:38:02:55:4f:23:86:09:a8:
                    38:9a:52:70:03:d3:47:ed:37:56:0e:6d:8f:83:b6:
                    40:29:f9:a5:99:1d:97:fa:00:82:b6:1f:4f:69:0a:
                    02:0e:17:88:ba:eb:14:ac:48:ff:83:a9:12:08:80:
                    f4:6b:c1:ee:5f:ae:58:d3:99:f8:cf:2e:26:f0:4d:
                    0a:f4:01:bb:eb:89:42:31:32:b1:0a:ce:4d:37:f6:
                    69:71:38:56:d0:24:e4:d2:72:6a:b8:cc:0a:d3:de:
                    da:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:D0:F2:58:36:C2:77:89:0D:2F:0B:A4:BC:00:BD:C1:3E:DD:1D:2E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_NDyWDbCd4kNLwukvAC9wT7dHS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:57:06:37:7d:18:52:08:76:4a:69:6f:fb:1e:77:fe:8c:b5:
         3d:61:4f:c3:0c:c0:df:b1:63:d0:90:25:5c:8d:ad:70:d5:6f:
         2f:c7:0f:07:b5:40:7e:68:82:21:53:ca:4d:f5:f5:5e:52:29:
         d4:e7:39:18:76:09:8c:3d:2e:eb:8a:48:b2:1c:14:ca:ff:1c:
         0a:45:c1:33:78:28:67:ff:e0:74:cd:e7:64:61:74:33:f0:86:
         ce:83:5c:53:de:93:b8:58:b7:5e:41:56:1a:bc:a1:bc:1e:17:
         38:c0:2f:14:30:4f:a4:61:82:ec:05:65:67:49:18:5e:e7:03:
         d8:b9:72:c9:29:f8:bb:4c:a2:03:79:1f:6c:2e:64:5e:07:93:
         bd:d1:7c:a8:d2:e8:f3:7f:e5:15:40:08:81:31:df:98:58:f6:
         2e:f7:16:61:54:11:44:b4:06:b3:cf:91:18:b2:1c:09:3c:ab:
         9f:40:98:55:01:13:d0:35:ad:1b:bc:97:dd:6d:d1:f9:aa:26:
         27:f7:8f:60:fd:10:de:9c:d7:a1:2d:02:d5:9d:c4:8a:1d:8c:
         d8:14:3f:7f:72:24:23:f2:b9:fd:50:49:2a:bf:68:f0:df:7e:
         76:8e:6f:b4:8e:22:91:4c:6b:4a:98:12:51:67:e3:d1:a7:9d:
         d6:fe:9b:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ55be8/d6EkbI2WtfJ9d7NiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTMwMTUwODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2QwZjI1ODM2YzI3Nzg5MGQyZjBiYTRiYzAwYmRjMTNlZGQxZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SkBwgWCI2hpoTnFuB46lpqPwZh7
+wJJi60ojD/LTjU6msc5wSohMb/V8SHWmGFjo9bj7sYeoBQGIiDTCvDJfd+YV/yK
Y6/e4Me0S6PuYyHchXIQSGc/LJpVPmGh01UUcV/D3MptLzg0OcEkT5AUsG8sJwXX
ckZIsXKHHQ0UmVm1UWzQfrenwhLAFz7D9KKsy/StM+3x8fRaGZWBOAJVTyOGCag4
mlJwA9NH7TdWDm2Pg7ZAKfmlmR2X+gCCth9PaQoCDheIuusUrEj/g6kSCID0a8Hu
X65Y05n4zy4m8E0K9AG764lCMTKxCs5NN/ZpcThW0CTk0nJquMwK097a2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzQ8lg2wneJDS8LpLwAvcE+3R0uMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvX05EeVdEYkNkNGtOTHd1a3ZBQzl3VDdkSFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2TwgMA0G
CSqGSIb3DQEBCwUAA4IBAQCCVwY3fRhSCHZKaW/7Hnf+jLU9YU/DDMDfsWPQkCVc
ja1w1W8vxw8HtUB+aIIhU8pN9fVeUinU5zkYdgmMPS7rikiyHBTK/xwKRcEzeChn
/+B0zedkYXQz8IbOg1xT3pO4WLdeQVYavKG8Hhc4wC8UME+kYYLsBWVnSRhe5wPY
uXLJKfi7TKIDeR9sLmReB5O90Xyo0ujzf+UVQAiBMd+YWPYu9xZhVBFEtAazz5EY
shwJPKufQJhVARPQNa0bvJfdbdH5qiYn949g/RDenNehLQLVncSKHYzYFD9/ciQj
8rn9UEkqv2jw3352jm+0jiKRTGtKmBJRZ+PRp53W/psi
-----END CERTIFICATE-----