Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gdHpwC3ra3UEtmrF9fhi-XOOxws.roa
File:                     gdHpwC3ra3UEtmrF9fhi-XOOxws.roa (raw, json)
Hash identifier:          qtLzR2Ff5DEVQ3p1uK15413A5+fxoH5Z4uJ9GHtgiyo=
Subject key identifier:   81:D1:E9:C0:2D:EB:6B:75:04:B6:6A:C5:F5:F8:62:F9:73:8E:C7:0B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01993D4FAEE80C29D7E9620270031FFAF590
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gdHpwC3ra3UEtmrF9fhi-XOOxws.roa
Signing time:             Fri 12 Sep 2025 09:44:16 +0000
ROA not before:           Fri 12 Sep 2025 09:44:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210448
IP address blocks:        217.60.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:4f:ae:e8:0c:29:d7:e9:62:02:70:03:1f:fa:f5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 12 09:44:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81d1e9c02deb6b7504b66ac5f5f862f9738ec70b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0f:b7:f1:08:e8:de:1a:33:08:1e:fe:e5:35:
                    04:0a:66:e6:77:de:d8:99:ce:4a:fa:51:aa:21:1c:
                    19:37:57:c9:b1:5e:1d:9f:db:a6:c3:f7:e0:16:2a:
                    ab:7a:e5:9b:fd:3a:75:86:f6:86:25:07:1e:48:e3:
                    bc:16:66:df:30:e6:1c:62:b0:11:5c:76:61:59:80:
                    ee:52:52:35:b5:e2:ff:8a:f3:70:69:04:2d:2f:72:
                    60:06:a9:87:62:21:52:93:fd:bd:ed:c8:72:6b:46:
                    88:0b:38:96:cb:15:fa:2c:0b:9e:ba:e2:e0:c5:ed:
                    7b:7d:ce:d5:b8:a6:08:c7:e5:27:cd:25:b4:e9:56:
                    a8:77:83:2b:8d:c2:ab:36:4b:b2:1e:7e:39:10:ab:
                    76:bc:4b:7f:da:bb:a4:08:f7:48:06:0f:ac:f2:86:
                    9d:58:c0:31:4a:39:86:74:a8:9a:a2:1a:75:fa:c5:
                    89:e4:a6:62:02:a8:03:e3:c8:f5:ea:2c:ef:a3:63:
                    97:81:bf:10:49:c0:e7:95:33:d6:f5:33:0c:ba:2e:
                    84:59:57:08:f4:de:c0:b1:66:a2:32:13:9d:4d:94:
                    33:9c:16:ad:e1:8f:07:2a:ab:fb:a2:3c:79:ab:69:
                    b4:ca:e5:57:28:ab:64:51:84:ab:09:ee:93:91:47:
                    db:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D1:E9:C0:2D:EB:6B:75:04:B6:6A:C5:F5:F8:62:F9:73:8E:C7:0B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gdHpwC3ra3UEtmrF9fhi-XOOxws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:40:3e:f8:26:2c:95:91:ae:e6:17:64:27:b0:a8:9e:95:30:
         b4:2b:fd:72:e3:1d:b4:95:ae:04:05:48:64:dd:17:93:71:45:
         03:14:43:cf:8e:b9:f3:4b:e9:1b:90:d9:fe:b0:d7:1d:15:c6:
         b2:16:35:27:7a:36:db:8a:b9:78:27:70:f5:27:c6:07:3b:40:
         ee:47:39:12:44:49:79:56:78:aa:da:9d:d4:30:c2:e6:5d:13:
         63:ce:3e:29:9e:89:54:9c:ac:22:d6:c2:d9:24:9c:0c:64:c7:
         e7:46:7a:b1:cf:4b:16:4e:d5:50:66:72:c8:3a:03:6e:d1:69:
         80:4a:13:4e:e1:26:e8:ff:84:26:f6:f9:24:37:ea:11:50:e8:
         0a:17:91:f8:e0:25:88:1a:8d:e0:c3:22:e4:d1:6a:d0:43:48:
         93:a5:05:ba:fd:89:74:95:90:64:fe:0b:57:6d:09:71:9a:f5:
         2b:d3:d4:1d:29:3d:68:6e:66:23:c5:16:0c:b5:7f:ed:2e:e9:
         be:21:13:bd:e3:de:ed:8c:b7:e3:0e:4d:65:8f:98:d9:ab:bb:
         8d:74:01:48:8c:9a:f0:04:a9:95:8c:23:30:41:f7:8a:b8:be:
         ca:03:9e:f7:18:33:f6:f4:94:f3:d3:f2:39:83:a9:5d:04:5a:
         99:88:80:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk9T67oDCnX6WICcAMf+vWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTEyMDk0NDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQxZTljMDJkZWI2Yjc1MDRiNjZhYzVmNWY4NjJmOTczOGVjNzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQ+38Qjo3hozCB7+5TUECmbmd97Y
mc5K+lGqIRwZN1fJsV4dn9umw/fgFiqreuWb/Tp1hvaGJQceSOO8FmbfMOYcYrAR
XHZhWYDuUlI1teL/ivNwaQQtL3JgBqmHYiFSk/297chya0aICziWyxX6LAueuuLg
xe17fc7VuKYIx+UnzSW06Vaod4MrjcKrNkuyHn45EKt2vEt/2rukCPdIBg+s8oad
WMAxSjmGdKiaohp1+sWJ5KZiAqgD48j16izvo2OXgb8QScDnlTPW9TMMui6EWVcI
9N7AsWaiMhOdTZQznBat4Y8HKqv7ojx5q2m0yuVXKKtkUYSrCe6TkUfb4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHR6cAt62t1BLZqxfX4YvlzjscLMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZ2RIcHdDM3JhM1VFdG1yRjlmaGktWE9PeHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TwNMA0G
CSqGSIb3DQEBCwUAA4IBAQBqQD74JiyVka7mF2QnsKielTC0K/1y4x20la4EBUhk
3ReTcUUDFEPPjrnzS+kbkNn+sNcdFcayFjUnejbbirl4J3D1J8YHO0DuRzkSREl5
Vniq2p3UMMLmXRNjzj4pnolUnKwi1sLZJJwMZMfnRnqxz0sWTtVQZnLIOgNu0WmA
ShNO4Sbo/4Qm9vkkN+oRUOgKF5H44CWIGo3gwyLk0WrQQ0iTpQW6/Yl0lZBk/gtX
bQlxmvUr09QdKT1obmYjxRYMtX/tLum+IRO9497tjLfjDk1lj5jZq7uNdAFIjJrw
BKmVjCMwQfeKuL7KA573GDP29JTz0/I5g6ldBFqZiIAK
-----END CERTIFICATE-----