Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/JnOiy8UkQHkCG0RahAeJ2Eecfr8.roa
File:                     JnOiy8UkQHkCG0RahAeJ2Eecfr8.roa (raw, json)
Hash identifier:          LhPopwf5cmxBm1x//5K1qz7bDWRefSQR0p+Dt9SAfWg=
Subject key identifier:   26:73:A2:CB:C5:24:40:79:02:1B:44:5A:84:07:89:D8:47:9C:7E:BF
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0197F892EFBA3CD248313B6704045B4C51C8
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/JnOiy8UkQHkCG0RahAeJ2Eecfr8.roa
Signing time:             Fri 11 Jul 2025 08:21:08 +0000
ROA not before:           Fri 11 Jul 2025 08:21:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213456
IP address blocks:        62.60.130.0/24 maxlen: 24
                          62.60.131.0/24 maxlen: 24
                          62.60.134.0/24 maxlen: 24
                          62.60.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f8:92:ef:ba:3c:d2:48:31:3b:67:04:04:5b:4c:51:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jul 11 08:21:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2673a2cbc5244079021b445a840789d8479c7ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:7e:72:fc:24:30:e8:c0:66:48:6a:2a:49:6c:
                    9b:da:58:ab:10:b5:90:49:4e:01:1d:0c:90:e6:be:
                    15:74:5f:e3:01:8d:83:01:16:47:6a:21:cf:fc:7f:
                    75:30:b3:90:a8:60:e8:ae:1f:5b:71:4f:64:ce:c7:
                    22:a6:55:f3:e5:db:85:76:30:6d:b3:d5:54:4f:ab:
                    f2:85:f9:17:af:d3:d4:9b:00:a3:22:4b:aa:27:72:
                    8c:89:8f:f4:2d:a6:98:86:f8:ea:9f:0c:3d:46:65:
                    71:84:92:72:04:4f:6d:d4:7c:3e:df:d4:6c:94:93:
                    e8:dd:c5:f5:f7:81:04:fc:4e:ed:12:86:90:2b:cd:
                    22:aa:6f:d7:f1:8e:6d:76:ed:69:d8:8b:65:92:a3:
                    54:38:08:eb:7b:fd:87:48:b9:4d:39:47:70:ee:f5:
                    19:31:9a:76:2f:fc:6f:83:3a:3e:92:cf:40:1f:51:
                    fd:4c:a8:64:c8:f4:67:16:1d:3e:d9:5d:ef:bc:69:
                    8b:af:4f:1e:ec:11:35:60:5d:2d:d4:e8:a2:75:72:
                    03:9b:0b:27:0d:52:33:4f:c2:fa:05:9a:63:70:85:
                    2e:93:8d:98:77:47:01:5e:24:f9:5b:d7:26:42:05:
                    b9:6d:9e:84:b8:f8:6a:3f:18:90:7a:86:38:d5:9f:
                    07:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:73:A2:CB:C5:24:40:79:02:1B:44:5A:84:07:89:D8:47:9C:7E:BF
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/JnOiy8UkQHkCG0RahAeJ2Eecfr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.130.0/23
                  62.60.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:26:41:1b:e6:56:70:6f:0a:e9:f7:8b:cc:61:c9:f6:e0:3e:
         98:83:29:07:4c:51:f3:1b:21:81:24:4f:51:98:52:17:20:d0:
         30:ee:7f:71:f6:01:54:88:43:99:d2:ce:34:34:1a:c2:25:a5:
         ac:45:a6:12:e0:44:52:9f:55:c7:dd:09:b3:c0:f4:4c:b9:74:
         17:a1:71:b0:77:22:94:d9:2a:29:31:36:cc:b4:a4:64:3c:d1:
         a5:56:1d:77:90:22:ed:f0:ce:02:67:01:a2:60:e2:34:17:1a:
         3e:32:c3:f2:f8:e8:cc:85:02:3a:be:c6:fd:71:b6:f2:4e:72:
         5d:8b:83:05:3b:b1:21:d8:4f:6d:ef:c3:ae:bb:2e:16:75:0d:
         3a:43:90:90:8e:65:99:7b:f2:61:c6:0f:f5:9c:9e:a2:55:73:
         b3:ac:3e:66:49:75:5a:02:a3:4c:9b:e2:94:ec:af:b2:13:48:
         d2:19:a9:85:7b:03:52:e1:68:c1:e0:fe:24:10:cf:e3:7f:7f:
         83:da:ad:ee:c7:20:1d:8c:cc:f9:90:83:7c:75:7d:6d:70:3f:
         71:61:15:03:f9:85:24:38:21:93:0b:fa:11:21:c1:43:50:2d:
         dd:e6:5a:03:1f:5e:0c:b9:4b:d3:eb:fb:38:c7:7d:3b:81:9f:
         0a:d7:4e:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZf4ku+6PNJIMTtnBARbTFHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwNzExMDgyMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjczYTJjYmM1MjQ0MDc5MDIxYjQ0NWE4NDA3ODlkODQ3OWM3ZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2n5y/CQw6MBmSGoqSWyb2lirELWQ
SU4BHQyQ5r4VdF/jAY2DARZHaiHP/H91MLOQqGDorh9bcU9kzsciplXz5duFdjBt
s9VUT6vyhfkXr9PUmwCjIkuqJ3KMiY/0LaaYhvjqnww9RmVxhJJyBE9t1Hw+39Rs
lJPo3cX194EE/E7tEoaQK80iqm/X8Y5tdu1p2ItlkqNUOAjre/2HSLlNOUdw7vUZ
MZp2L/xvgzo+ks9AH1H9TKhkyPRnFh0+2V3vvGmLr08e7BE1YF0t1OiidXIDmwsn
DVIzT8L6BZpjcIUuk42Yd0cBXiT5W9cmQgW5bZ6EuPhqPxiQeoY41Z8H1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCZzosvFJEB5AhtEWoQHidhHnH6/MB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvSm5PaXk4VWtRSGtDRzBSYWhBZUoyRWVjZnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBPjyCAwQB
PjyGMA0GCSqGSIb3DQEBCwUAA4IBAQAWJkEb5lZwbwrp94vMYcn24D6YgykHTFHz
GyGBJE9RmFIXINAw7n9x9gFUiEOZ0s40NBrCJaWsRaYS4ERSn1XH3QmzwPRMuXQX
oXGwdyKU2SopMTbMtKRkPNGlVh13kCLt8M4CZwGiYOI0Fxo+MsPy+OjMhQI6vsb9
cbbyTnJdi4MFO7Eh2E9t78Ouuy4WdQ06Q5CQjmWZe/Jhxg/1nJ6iVXOzrD5mSXVa
AqNMm+KU7K+yE0jSGamFewNS4WjB4P4kEM/jf3+D2q3uxyAdjMz5kIN8dX1tcD9x
YRUD+YUkOCGTC/oRIcFDUC3d5loDH14MuUvT6/s4x307gZ8K107v
-----END CERTIFICATE-----