Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/m_h1Wt3wb16NxpMD4X8LsZfSYLg.roa
File:                     m_h1Wt3wb16NxpMD4X8LsZfSYLg.roa (raw, json)
Hash identifier:          7HXHGAqa98cCWoBCDO6BCZEO+hsXz1KaBET0hQ/gOsY=
Subject key identifier:   9B:F8:75:5A:DD:F0:6F:5E:8D:C6:93:03:E1:7F:0B:B1:97:D2:60:B8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823429CFD5C3860A66A91A86F84BF0C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/m_h1Wt3wb16NxpMD4X8LsZfSYLg.roa
Signing time:             Thu 02 Jan 2025 17:49:46 +0000
ROA not before:           Thu 02 Jan 2025 17:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        217.60.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:42:9c:fd:5c:38:60:a6:6a:91:a8:6f:84:bf:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bf8755addf06f5e8dc69303e17f0bb197d260b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f4:fd:88:9c:87:47:4f:6b:07:ec:fe:1a:28:
                    8e:de:0f:a6:8f:88:12:c4:bc:c2:81:3b:4a:6e:b1:
                    cb:91:b3:36:48:b0:f7:fa:55:ae:c8:e0:59:bf:f7:
                    fe:64:43:7d:43:42:ca:1d:b2:12:73:71:6a:6c:a9:
                    1e:4c:62:7d:3a:7b:b9:2a:f7:09:08:39:f1:cc:c6:
                    12:01:92:e3:03:87:c6:db:f2:9b:c3:c1:f8:02:71:
                    6c:3e:7d:d9:03:29:4d:04:b5:ef:c7:9b:62:4e:2f:
                    00:4c:18:66:b3:5f:e3:fe:eb:1a:4e:cb:5e:79:e7:
                    53:10:f5:73:11:a1:5b:58:08:da:be:13:ac:3a:7b:
                    5e:ae:09:20:16:f1:2f:e9:92:95:18:fa:1b:1b:91:
                    ba:01:83:af:43:55:84:0d:54:86:79:8b:9e:fd:59:
                    03:e2:62:a5:05:c1:fe:d9:d8:3d:38:59:7c:50:c8:
                    0b:b7:8b:94:4f:07:3d:85:aa:10:cb:83:8e:ef:83:
                    bb:44:6d:49:43:ed:8b:5e:c2:cb:18:33:af:37:11:
                    08:7c:c9:6e:3b:7c:03:03:58:dd:88:d9:4c:d1:a0:
                    0a:46:ca:82:08:e8:b7:c8:93:f6:20:cf:69:9d:47:
                    2f:04:10:6e:ab:f0:f2:c4:93:a7:45:0b:70:fc:45:
                    43:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:F8:75:5A:DD:F0:6F:5E:8D:C6:93:03:E1:7F:0B:B1:97:D2:60:B8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/m_h1Wt3wb16NxpMD4X8LsZfSYLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:f9:b8:b6:58:f6:41:81:e9:f0:20:f6:03:dc:ff:dd:fd:63:
         5f:96:eb:ab:9a:4e:5f:fd:47:09:1f:78:13:06:cb:9a:41:a9:
         4c:6f:e7:3f:8f:56:d0:d3:63:b5:0e:64:f3:0c:20:37:07:ab:
         47:1a:91:f3:e8:40:58:19:ae:7d:d4:c8:f6:5a:e0:79:0a:ab:
         69:7b:ef:a4:fd:98:ec:7c:a6:88:ac:08:1a:c3:4b:c1:b1:e8:
         16:ec:6d:55:d9:a1:5b:9a:19:11:5d:82:e9:ba:be:db:43:ed:
         d4:8e:aa:b9:fd:19:ca:39:cb:3c:51:e8:dd:dd:4d:f4:b9:4d:
         61:ed:8c:7c:e2:b4:55:aa:88:e6:a1:03:ea:33:0d:59:39:ae:
         17:f0:b4:57:ba:79:26:df:f4:c4:bf:c8:85:cd:10:bd:1b:5e:
         3a:7e:4e:43:0b:2d:ee:ff:2d:51:4f:e1:8a:83:fe:42:4d:de:
         52:6e:57:b2:cd:36:a8:38:f5:c4:2f:b7:07:80:91:3d:9c:05:
         a0:15:f6:ba:2d:93:ad:0b:5f:6c:90:37:81:42:b4:b1:62:25:
         cf:d5:aa:20:10:3c:3e:bb:5f:4f:9a:f6:66:c0:31:c4:7e:f1:
         1d:7c:ba:91:45:5e:55:0a:21:95:97:83:ea:d3:73:e4:20:09:
         19:5e:03:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0Kc/Vw4YKZqkahvhL8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmY4NzU1YWRkZjA2ZjVlOGRjNjkzMDNlMTdmMGJiMTk3ZDI2MGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/T9iJyHR09rB+z+GiiO3g+mj4gS
xLzCgTtKbrHLkbM2SLD3+lWuyOBZv/f+ZEN9Q0LKHbISc3FqbKkeTGJ9Onu5KvcJ
CDnxzMYSAZLjA4fG2/Kbw8H4AnFsPn3ZAylNBLXvx5tiTi8ATBhms1/j/usaTste
eedTEPVzEaFbWAjavhOsOntergkgFvEv6ZKVGPobG5G6AYOvQ1WEDVSGeYue/VkD
4mKlBcH+2dg9OFl8UMgLt4uUTwc9haoQy4OO74O7RG1JQ+2LXsLLGDOvNxEIfMlu
O3wDA1jdiNlM0aAKRsqCCOi3yJP2IM9pnUcvBBBuq/DyxJOnRQtw/EVDTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJv4dVrd8G9ejcaTA+F/C7GX0mC4MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbV9oMVd0M3diMTZOeHBNRDRYOExzWmZTWUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TzGMA0G
CSqGSIb3DQEBCwUAA4IBAQCv+bi2WPZBgenwIPYD3P/d/WNfluurmk5f/UcJH3gT
BsuaQalMb+c/j1bQ02O1DmTzDCA3B6tHGpHz6EBYGa591Mj2WuB5Cqtpe++k/Zjs
fKaIrAgaw0vBsegW7G1V2aFbmhkRXYLpur7bQ+3Ujqq5/RnKOcs8Uejd3U30uU1h
7Yx84rRVqojmoQPqMw1ZOa4X8LRXunkm3/TEv8iFzRC9G146fk5DCy3u/y1RT+GK
g/5CTd5SbleyzTaoOPXEL7cHgJE9nAWgFfa6LZOtC19skDeBQrSxYiXP1aogEDw+
u19PmvZmwDHEfvEdfLqRRV5VCiGVl4Pq03PkIAkZXgNt
-----END CERTIFICATE-----