Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fheo3KUfJpknHtUQ4UFWl3O1GUU.roa
File:                     fheo3KUfJpknHtUQ4UFWl3O1GUU.roa (raw, json)
Hash identifier:          M1RRXxR3Zy7rHqsFEV15PgnCYB1DN/NJavcjygvWttk=
Subject key identifier:   7E:17:A8:DC:A5:1F:26:99:27:1E:D5:10:E1:41:56:97:73:B5:19:45
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01990F15FB634206206443A48DE1560DCCE1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fheo3KUfJpknHtUQ4UFWl3O1GUU.roa
Signing time:             Wed 03 Sep 2025 10:18:42 +0000
ROA not before:           Wed 03 Sep 2025 10:18:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211421
IP address blocks:        217.60.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 19:39:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:15:fb:63:42:06:20:64:43:a4:8d:e1:56:0d:cc:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  3 10:18:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e17a8dca51f2699271ed510e141569773b51945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:bf:a9:6c:d0:96:8d:11:44:8d:97:a2:1e:1e:
                    92:e8:a3:70:81:70:e8:ca:57:9f:52:fa:6c:cf:e6:
                    58:77:0c:2a:4e:06:4b:19:a3:89:f1:a5:56:5f:75:
                    f9:13:be:22:f9:6e:bd:07:9d:98:f1:df:cd:e5:6b:
                    df:79:78:61:43:85:54:ca:1e:c6:81:5c:2b:5e:28:
                    91:61:3f:6e:d8:45:37:2b:1f:ab:e0:8d:52:eb:b0:
                    ce:09:2c:c9:ab:a8:84:65:15:ca:c7:0a:ed:4a:af:
                    d3:33:83:97:5c:05:c4:d6:c0:68:80:13:65:1d:9e:
                    a4:e7:3b:25:b5:35:87:87:a0:d6:3b:d4:ba:8b:83:
                    7e:27:e3:89:e5:75:40:db:dd:e9:b3:e6:9d:ac:1d:
                    78:7a:07:12:2e:fd:18:d5:50:50:4e:aa:4f:62:c0:
                    5f:b6:8a:21:9b:31:90:22:78:65:95:cf:bf:60:80:
                    0e:f2:70:ac:8f:44:eb:10:66:d2:9a:08:c3:fc:04:
                    2c:ad:f6:27:8f:66:c2:e1:b3:0d:91:fd:8d:94:1d:
                    69:7f:0f:14:1d:2d:c2:7e:86:f8:1a:d1:99:dc:2d:
                    2d:2a:bc:1c:d4:1c:f2:ad:11:04:41:20:e8:a0:b7:
                    aa:c4:df:c3:ec:a8:e6:7c:60:f9:6d:17:3d:dc:40:
                    65:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:17:A8:DC:A5:1F:26:99:27:1E:D5:10:E1:41:56:97:73:B5:19:45
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fheo3KUfJpknHtUQ4UFWl3O1GUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:0c:1d:ee:30:09:12:c2:5d:81:d7:eb:f3:90:54:97:50:6c:
         12:5a:f2:9b:c9:5e:c0:95:28:e4:92:0d:eb:1a:30:0e:76:21:
         3e:24:c6:6a:25:9b:f9:14:2f:24:c6:ea:03:ce:cd:0d:eb:cd:
         4c:a7:9e:7f:25:c7:e0:54:77:3a:7e:bc:16:75:1a:79:d6:04:
         b9:28:fa:6b:a8:f1:3c:52:de:de:21:1d:8e:76:2d:a1:cd:4a:
         23:de:9f:4a:7f:31:f8:b1:80:64:3e:35:01:69:01:58:19:b1:
         33:53:ef:c7:35:6a:71:28:a8:66:09:d1:30:0e:58:4a:ad:e4:
         d6:9b:dd:91:14:e2:5a:41:27:c1:b6:24:96:3c:d8:f1:ef:35:
         67:11:15:07:5f:cf:0a:f4:22:2a:a7:7c:91:14:07:fd:2f:a4:
         7d:f5:cf:b8:0b:f7:eb:53:b0:67:04:d4:46:d5:86:2f:73:50:
         ad:21:44:59:3d:c0:e6:2f:ef:6e:57:a4:91:5d:ce:ce:61:15:
         3e:01:51:76:7a:98:fe:c2:d6:ef:79:29:79:a9:af:3e:1d:79:
         25:29:fd:13:b7:39:c8:42:ee:4c:65:ae:e2:05:8c:80:46:5d:
         55:07:bc:5d:79:49:bd:e0:0f:12:72:d5:62:68:fd:f2:db:e8:
         fb:39:d1:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkPFftjQgYgZEOkjeFWDczhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTAzMTAxODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTE3YThkY2E1MWYyNjk5MjcxZWQ1MTBlMTQxNTY5NzczYjUxOTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAub+pbNCWjRFEjZeiHh6S6KNwgXDo
ylefUvpsz+ZYdwwqTgZLGaOJ8aVWX3X5E74i+W69B52Y8d/N5WvfeXhhQ4VUyh7G
gVwrXiiRYT9u2EU3Kx+r4I1S67DOCSzJq6iEZRXKxwrtSq/TM4OXXAXE1sBogBNl
HZ6k5zsltTWHh6DWO9S6i4N+J+OJ5XVA293ps+adrB14egcSLv0Y1VBQTqpPYsBf
toohmzGQInhllc+/YIAO8nCsj0TrEGbSmgjD/AQsrfYnj2bC4bMNkf2NlB1pfw8U
HS3Cfob4GtGZ3C0tKrwc1BzyrREEQSDooLeqxN/D7KjmfGD5bRc93EBlPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4XqNylHyaZJx7VEOFBVpdztRlFMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZmhlbzNLVWZKcGtuSHRVUTRVRldsM08xR1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TzGMA0G
CSqGSIb3DQEBCwUAA4IBAQCzDB3uMAkSwl2B1+vzkFSXUGwSWvKbyV7AlSjkkg3r
GjAOdiE+JMZqJZv5FC8kxuoDzs0N681Mp55/JcfgVHc6frwWdRp51gS5KPprqPE8
Ut7eIR2Odi2hzUoj3p9KfzH4sYBkPjUBaQFYGbEzU+/HNWpxKKhmCdEwDlhKreTW
m92RFOJaQSfBtiSWPNjx7zVnERUHX88K9CIqp3yRFAf9L6R99c+4C/frU7BnBNRG
1YYvc1CtIURZPcDmL+9uV6SRXc7OYRU+AVF2epj+wtbveSl5qa8+HXklKf0TtznI
Qu5MZa7iBYyARl1VB7xdeUm94A8SctViaP3y2+j7OdF5
-----END CERTIFICATE-----