Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kM1c5vgPZ9tQXhVsTKfI2wJ_UBs.roa
File:                     kM1c5vgPZ9tQXhVsTKfI2wJ_UBs.roa (raw, json)
Hash identifier:          cSPbOepsUiXhsxcg+TxKEO4r2Je6r4BpIlbwkPvJSvM=
Subject key identifier:   90:CD:5C:E6:F8:0F:67:DB:50:5E:15:6C:4C:A7:C8:DB:02:7F:50:1B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282382C1BB7E8857A4DEE2E8F65BDF7D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kM1c5vgPZ9tQXhVsTKfI2wJ_UBs.roa
Signing time:             Thu 02 Jan 2025 17:50:03 +0000
ROA not before:           Thu 02 Jan 2025 17:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216169
IP address blocks:        217.60.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:82:c1:bb:7e:88:57:a4:de:e2:e8:f6:5b:df:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90cd5ce6f80f67db505e156c4ca7c8db027f501b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:af:82:83:ce:12:a6:0c:ed:80:da:59:7f:69:
                    1c:dc:bf:9b:0c:ad:32:84:ac:df:88:e4:10:fa:71:
                    c8:35:49:f5:4d:0f:df:c7:7d:75:40:34:15:5d:74:
                    84:95:58:18:5d:59:b3:5f:6d:3f:90:a8:20:90:f8:
                    74:41:9e:5b:87:06:fe:dd:9d:a0:68:df:68:61:0f:
                    12:1a:1d:31:8b:e9:16:da:19:a1:86:b1:59:d0:ef:
                    08:3d:0f:1b:44:e4:ab:c6:d4:94:d8:af:e3:2c:89:
                    b1:1b:4a:5c:5c:55:7f:9f:3c:3e:85:55:1a:9b:ef:
                    70:24:17:e3:00:45:85:c4:a3:d2:73:b5:5e:27:5d:
                    0a:28:93:51:7f:8d:c3:69:a9:9c:60:14:c8:c0:d2:
                    ea:e1:33:43:72:97:85:86:dd:58:44:58:b4:ff:71:
                    9c:2d:2c:b6:13:35:8d:1a:30:88:9c:ed:53:da:6b:
                    08:3c:67:81:cd:bf:00:72:f9:ac:49:08:23:95:c9:
                    ba:86:7f:3d:0d:3b:c6:17:3e:69:45:8a:36:2f:da:
                    94:e9:ef:6c:3b:76:c8:7a:ef:21:36:a4:df:12:b7:
                    4f:4b:e3:d9:5e:fb:98:ff:fe:a2:21:68:0c:c0:35:
                    a1:13:17:8e:b7:1b:bd:36:a3:80:d7:cf:4d:76:2e:
                    ab:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:CD:5C:E6:F8:0F:67:DB:50:5E:15:6C:4C:A7:C8:DB:02:7F:50:1B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kM1c5vgPZ9tQXhVsTKfI2wJ_UBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:32:d8:ec:a0:69:20:28:06:65:e1:b2:21:e2:e1:01:24:03:
         e4:75:e2:11:55:5e:21:c5:02:6c:d4:2f:1d:7b:79:60:ff:70:
         e6:4d:cc:bc:f6:65:98:7a:ab:80:46:d7:a1:04:54:fd:a4:58:
         07:97:15:1a:43:02:3a:24:af:53:a1:36:f9:cc:13:d1:fd:4c:
         cb:d9:81:57:c0:14:8f:fa:59:60:81:e8:cb:25:e7:a1:9c:85:
         5d:26:9c:68:f4:de:cf:d3:9d:11:5c:11:54:d8:60:c8:87:6d:
         27:27:8d:e2:ca:e8:ea:9d:1b:a7:f0:9b:52:d6:07:d5:a3:be:
         0a:c1:6e:56:22:0d:0c:d3:d3:82:78:b1:c3:3b:13:68:8e:75:
         10:26:1b:89:1f:c8:8f:d5:fa:c7:af:b7:d9:c2:c7:2d:65:25:
         4f:dc:6b:6a:78:66:68:94:c3:d1:e8:6a:b4:6d:38:20:a0:ff:
         b4:29:27:7e:bc:96:4e:26:4f:04:7b:a2:d4:71:76:5a:b7:c6:
         57:c7:17:eb:d4:03:ae:ae:9e:37:80:de:ee:ea:71:ae:b2:7a:
         70:a5:da:77:f7:6a:29:62:c7:79:86:a9:ae:97:67:d1:cd:17:
         81:52:4f:08:ea:20:ca:2a:97:8f:8c:86:bb:fa:45:26:63:63:
         ad:c2:79:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4LBu36IV6Te4uj2W999MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGNkNWNlNmY4MGY2N2RiNTA1ZTE1NmM0Y2E3YzhkYjAyN2Y1MDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva+Cg84SpgztgNpZf2kc3L+bDK0y
hKzfiOQQ+nHINUn1TQ/fx311QDQVXXSElVgYXVmzX20/kKggkPh0QZ5bhwb+3Z2g
aN9oYQ8SGh0xi+kW2hmhhrFZ0O8IPQ8bROSrxtSU2K/jLImxG0pcXFV/nzw+hVUa
m+9wJBfjAEWFxKPSc7VeJ10KKJNRf43DaamcYBTIwNLq4TNDcpeFht1YRFi0/3Gc
LSy2EzWNGjCInO1T2msIPGeBzb8AcvmsSQgjlcm6hn89DTvGFz5pRYo2L9qU6e9s
O3bIeu8hNqTfErdPS+PZXvuY//6iIWgMwDWhExeOtxu9NqOA189Ndi6ruwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDNXOb4D2fbUF4VbEynyNsCf1AbMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEva00xYzV2Z1BaOXRRWGhWc1RLZkkyd0pfVUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TzHMA0G
CSqGSIb3DQEBCwUAA4IBAQAdMtjsoGkgKAZl4bIh4uEBJAPkdeIRVV4hxQJs1C8d
e3lg/3DmTcy89mWYequARtehBFT9pFgHlxUaQwI6JK9ToTb5zBPR/UzL2YFXwBSP
+llggejLJeehnIVdJpxo9N7P050RXBFU2GDIh20nJ43iyujqnRun8JtS1gfVo74K
wW5WIg0M09OCeLHDOxNojnUQJhuJH8iP1frHr7fZwsctZSVP3GtqeGZolMPR6Gq0
bTggoP+0KSd+vJZOJk8Ee6LUcXZat8ZXxxfr1AOurp43gN7u6nGusnpwpdp392op
Ysd5hqmul2fRzReBUk8I6iDKKpePjIa7+kUmY2OtwnkX
-----END CERTIFICATE-----