Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u9Amlv3-tY2wHXg8hSvgXqywXMg.roa
File:                     u9Amlv3-tY2wHXg8hSvgXqywXMg.roa (raw, json)
Hash identifier:          dhyLqv7DeJgu6EvrWD0LkVEUX8yxTy0w2SAW15Gx3Lg=
Subject key identifier:   BB:D0:26:96:FD:FE:B5:8D:B0:1D:78:3C:85:2B:E0:5E:AC:B0:5C:C8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A57F19D93670C7B2260D629FEACA0C01A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u9Amlv3-tY2wHXg8hSvgXqywXMg.roa
Signing time:             Thu 06 Nov 2025 06:54:03 +0000
ROA not before:           Thu 06 Nov 2025 06:54:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214431
IP address blocks:        94.183.156.0/24 maxlen: 24
                          94.183.157.0/24 maxlen: 24
                          94.183.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:57:f1:9d:93:67:0c:7b:22:60:d6:29:fe:ac:a0:c0:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  6 06:54:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbd02696fdfeb58db01d783c852be05eacb05cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:51:04:aa:e1:a1:6d:96:0b:a5:c4:36:6a:d3:
                    fa:9e:a3:88:bf:53:da:48:88:f9:d4:61:67:02:f0:
                    77:15:e2:ba:8c:09:cc:22:50:95:25:4d:20:32:1c:
                    0e:c8:ee:ee:67:91:fe:41:ea:7d:76:ed:a2:3b:b2:
                    04:02:76:91:b2:89:3f:c2:6f:69:16:5d:36:08:4d:
                    64:06:79:fa:82:6d:ad:a3:66:3f:fb:0b:3d:46:fb:
                    70:c9:97:62:24:2b:18:78:13:6a:d2:e2:c5:44:5f:
                    ff:63:c6:83:95:c0:26:34:5a:c4:f8:e5:de:a6:78:
                    6a:b8:1c:b0:af:85:d3:4a:1a:6c:64:86:2a:55:ca:
                    10:90:4d:ac:6e:94:ce:9f:ec:e5:85:a7:70:fe:22:
                    c5:1f:a6:c7:88:f3:b0:57:fb:b8:09:d2:58:3a:7b:
                    3d:6d:aa:49:fa:9d:f2:62:1b:30:30:f9:5a:7c:81:
                    5d:a0:a8:01:cf:4d:b5:8e:e1:34:51:cd:61:a7:a1:
                    a4:fb:76:e7:14:91:f9:fc:09:b3:87:9b:84:c7:0f:
                    05:26:d4:63:51:74:1e:7d:55:0b:af:05:d6:7e:24:
                    48:06:d1:b7:62:8f:51:a8:a8:eb:35:94:10:89:18:
                    d4:a2:2f:56:ab:9c:15:4e:1c:a7:f8:02:2d:e4:95:
                    ee:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D0:26:96:FD:FE:B5:8D:B0:1D:78:3C:85:2B:E0:5E:AC:B0:5C:C8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u9Amlv3-tY2wHXg8hSvgXqywXMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.156.0-94.183.158.255

    Signature Algorithm: sha256WithRSAEncryption
         94:34:2e:ca:3a:12:ce:cc:88:1b:99:92:65:b6:3f:52:c4:27:
         55:36:de:26:68:fc:d0:c7:d3:44:f4:67:5d:b7:43:71:de:64:
         2e:ed:3a:1c:a2:ec:55:46:26:32:55:c6:87:e9:de:f3:c8:8a:
         f4:df:55:97:05:eb:c9:9d:09:f2:02:b1:a7:11:b9:c9:a4:1c:
         3b:18:a8:12:2a:19:e8:d3:29:eb:f5:a2:43:01:c3:46:ce:41:
         62:b7:76:37:3f:84:45:ea:2c:bc:44:ce:b1:a8:57:27:b0:43:
         e2:ac:5c:bc:45:de:1a:a3:a3:dc:73:36:92:1b:9d:8f:a1:80:
         cc:c8:9c:ef:c7:1b:74:36:00:cb:a9:9d:c2:a0:86:4b:25:99:
         4f:1d:88:0e:d8:8b:2b:10:c1:24:25:f5:e2:40:2c:5c:15:25:
         ab:d6:89:53:cf:60:f5:d9:11:1f:2b:3b:24:4d:44:21:b5:2c:
         75:cc:5c:bd:9f:b4:48:5a:f4:9a:92:63:7a:6f:b9:28:f0:79:
         27:cb:08:ea:6f:83:6a:01:70:9d:73:8a:40:d3:3f:9e:9e:e3:
         2b:6c:b1:a4:68:89:ad:88:e4:aa:91:ae:11:85:29:76:0a:7e:
         8a:1d:1d:b3:55:ce:49:5b:09:4e:6b:65:2c:d8:ee:93:60:1f:
         34:b5:9b:73
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZpX8Z2TZwx7ImDWKf6soMAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTA2MDY1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmQwMjY5NmZkZmViNThkYjAxZDc4M2M4NTJiZTA1ZWFjYjA1Y2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FEEquGhbZYLpcQ2atP6nqOIv1Pa
SIj51GFnAvB3FeK6jAnMIlCVJU0gMhwOyO7uZ5H+Qep9du2iO7IEAnaRsok/wm9p
Fl02CE1kBnn6gm2to2Y/+ws9RvtwyZdiJCsYeBNq0uLFRF//Y8aDlcAmNFrE+OXe
pnhquBywr4XTShpsZIYqVcoQkE2sbpTOn+zlhadw/iLFH6bHiPOwV/u4CdJYOns9
bapJ+p3yYhswMPlafIFdoKgBz021juE0Uc1hp6Gk+3bnFJH5/Amzh5uExw8FJtRj
UXQefVULrwXWfiRIBtG3Yo9RqKjrNZQQiRjUoi9Wq5wVThyn+AIt5JXuWwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLvQJpb9/rWNsB14PIUr4F6ssFzIMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdTlBbWx2My10WTJ3SFhnOGhTdmdYcXl3WE1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJet5wD
BABet54wDQYJKoZIhvcNAQELBQADggEBAJQ0Lso6Es7MiBuZkmW2P1LEJ1U23iZo
/NDH00T0Z123Q3HeZC7tOhyi7FVGJjJVxofp3vPIivTfVZcF68mdCfICsacRucmk
HDsYqBIqGejTKev1okMBw0bOQWK3djc/hEXqLLxEzrGoVyewQ+KsXLxF3hqjo9xz
NpIbnY+hgMzInO/HG3Q2AMupncKghkslmU8diA7YiysQwSQl9eJALFwVJavWiVPP
YPXZER8rOyRNRCG1LHXMXL2ftEha9JqSY3pvuSjweSfLCOpvg2oBcJ1zikDTP56e
4ytssaRoia2I5KqRrhGFKXYKfoodHbNVzklbCU5rZSzY7pNgHzS1m3M=
-----END CERTIFICATE-----