Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bkPa2I6rAmvTmGHMxLbGF95Y0Eo.roa
File:                     bkPa2I6rAmvTmGHMxLbGF95Y0Eo.roa (raw, json)
Hash identifier:          fh8mMNyHj+Q18jOQ6nJTJlBVKx4Gk2KlZdCjOc1sMBY=
Subject key identifier:   6E:43:DA:D8:8E:AB:02:6B:D3:98:61:CC:C4:B6:C6:17:DE:58:D0:4A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019E39944F0E861C6C7C41DA8933B20C7EE3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bkPa2I6rAmvTmGHMxLbGF95Y0Eo.roa
Signing time:             Mon 18 May 2026 05:34:41 +0000
ROA not before:           Mon 18 May 2026 05:34:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216150
IP address blocks:        217.60.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:39:94:4f:0e:86:1c:6c:7c:41:da:89:33:b2:0c:7e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 18 05:34:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e43dad88eab026bd39861ccc4b6c617de58d04a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f3:e2:92:29:f7:53:2d:1b:47:8f:47:12:2c:
                    92:fa:c9:ff:17:24:f0:0d:23:3f:30:7e:27:83:f6:
                    c7:ed:0d:b8:b0:6b:8f:fd:11:a1:8e:63:d9:98:67:
                    ad:97:ed:dc:b5:8c:9e:38:b0:9d:3a:3d:5a:6f:33:
                    95:fb:a4:61:d3:18:97:9b:7c:31:b1:a5:41:e3:20:
                    e3:f8:7a:d5:18:39:0d:14:55:56:a8:97:ec:6d:86:
                    1a:4e:e6:aa:83:5c:c9:0a:10:94:5f:a8:e8:4b:4f:
                    85:2b:63:29:01:31:d0:b4:72:61:99:2c:1c:ed:1d:
                    a4:80:5a:e9:eb:4e:02:4d:82:0f:a5:85:a3:22:9d:
                    04:5d:3c:30:de:1f:97:5f:49:c1:80:0f:f4:f3:c7:
                    4b:c3:ee:5c:ae:56:f5:0d:0f:eb:a5:14:88:45:79:
                    91:d5:2e:a2:20:6d:82:9f:b1:f0:ed:77:92:a3:e3:
                    7b:72:00:00:9b:74:bf:b0:3f:22:a9:d9:0d:7b:6c:
                    ec:34:f8:b1:67:7e:83:21:cc:0c:13:98:49:fb:b4:
                    ee:2d:0f:dc:3a:dc:4e:f0:11:23:34:ed:40:99:88:
                    3a:82:d1:58:47:74:c4:ff:6c:40:0d:39:11:31:8c:
                    c7:47:3a:e3:28:b9:34:68:8e:d8:f1:e0:12:83:e4:
                    4a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:43:DA:D8:8E:AB:02:6B:D3:98:61:CC:C4:B6:C6:17:DE:58:D0:4A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bkPa2I6rAmvTmGHMxLbGF95Y0Eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:c8:45:a9:96:b6:19:85:c1:94:83:9a:66:3b:e5:10:56:4e:
         de:0b:9c:54:df:14:39:3c:45:0f:e5:17:be:47:c1:03:6b:52:
         72:61:98:f5:96:cf:51:ba:cc:9b:36:38:86:c8:30:9b:39:ae:
         2c:1f:9b:c9:94:ed:60:71:4b:10:28:63:9e:bd:e7:dc:82:c5:
         b7:47:99:c1:02:f3:e9:57:7e:5e:4b:46:91:14:03:a5:75:1f:
         da:98:c8:58:30:b6:62:20:d1:ba:60:86:17:63:b5:3b:01:b2:
         00:54:95:1d:90:53:10:1c:e4:3e:2c:85:6c:22:e7:15:68:f5:
         56:fa:98:4c:23:22:d3:39:cf:9c:47:c2:2f:1e:a6:85:0e:7c:
         ee:80:82:08:47:19:f0:ac:bd:f8:c6:f0:ad:5a:48:8e:57:2e:
         f1:8f:5c:e4:e5:05:60:f3:c5:3a:2d:10:c6:00:f5:eb:e9:57:
         0e:b1:a8:2e:7f:88:dc:d3:f1:49:c4:69:7f:75:09:3c:0b:40:
         ee:00:6f:b4:39:58:4a:89:bb:fa:68:56:0c:a3:40:2f:db:d2:
         54:0c:cf:3b:29:79:2a:0b:d1:d0:8b:94:ec:c4:0f:21:ad:19:
         30:2c:31:61:19:81:8f:55:ea:ab:d2:87:70:c6:13:3d:e6:e6:
         86:0b:d1:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ45lE8OhhxsfEHaiTOyDH7jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTE4MDUzNDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTQzZGFkODhlYWIwMjZiZDM5ODYxY2NjNGI2YzYxN2RlNThkMDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfPikin3Uy0bR49HEiyS+sn/FyTw
DSM/MH4ng/bH7Q24sGuP/RGhjmPZmGetl+3ctYyeOLCdOj1abzOV+6Rh0xiXm3wx
saVB4yDj+HrVGDkNFFVWqJfsbYYaTuaqg1zJChCUX6joS0+FK2MpATHQtHJhmSwc
7R2kgFrp604CTYIPpYWjIp0EXTww3h+XX0nBgA/088dLw+5crlb1DQ/rpRSIRXmR
1S6iIG2Cn7Hw7XeSo+N7cgAAm3S/sD8iqdkNe2zsNPixZ36DIcwME5hJ+7TuLQ/c
OtxO8BEjNO1AmYg6gtFYR3TE/2xADTkRMYzHRzrjKLk0aI7Y8eASg+RKrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5D2tiOqwJr05hhzMS2xhfeWNBKMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYmtQYTJJNnJBbXZUbUdITXhMYkdGOTVZMEVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TwYMA0G
CSqGSIb3DQEBCwUAA4IBAQCLyEWplrYZhcGUg5pmO+UQVk7eC5xU3xQ5PEUP5Re+
R8EDa1JyYZj1ls9RusybNjiGyDCbOa4sH5vJlO1gcUsQKGOevefcgsW3R5nBAvPp
V35eS0aRFAOldR/amMhYMLZiING6YIYXY7U7AbIAVJUdkFMQHOQ+LIVsIucVaPVW
+phMIyLTOc+cR8IvHqaFDnzugIIIRxnwrL34xvCtWkiOVy7xj1zk5QVg88U6LRDG
APXr6VcOsaguf4jc0/FJxGl/dQk8C0DuAG+0OVhKibv6aFYMo0Av29JUDM87KXkq
C9HQi5TsxA8hrRkwLDFhGYGPVeqr0odwxhM95uaGC9FY
-----END CERTIFICATE-----