Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/40a276-8515-442c-816e-38eed6df053b/1/ImNYtfmA17VPvuzFmVELDdKaFPo.roa
File:                     ImNYtfmA17VPvuzFmVELDdKaFPo.roa (raw, json)
Hash identifier:          qTcKtkAu4/tozlJ7sg/B8RXSaVxn+Vv1tRQIyPPwO20=
Subject key identifier:   22:63:58:B5:F9:80:D7:B5:4F:BE:EC:C5:99:51:0B:0D:D2:9A:14:FA
Certificate issuer:       /CN=2ae2bf4ba47d715e53e2eb3d012d3fcbcd1b0ec0
Certificate serial:       0197CC1CC466218363E5FA8DF4E28FBB67C6
Authority key identifier: 2A:E2:BF:4B:A4:7D:71:5E:53:E2:EB:3D:01:2D:3F:CB:CD:1B:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KuK_S6R9cV5T4us9AS0_y80bDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/40a276-8515-442c-816e-38eed6df053b/1/ImNYtfmA17VPvuzFmVELDdKaFPo.roa
Signing time:             Wed 02 Jul 2025 17:08:46 +0000
ROA not before:           Wed 02 Jul 2025 17:08:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201703
IP address blocks:        195.62.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/40a276-8515-442c-816e-38eed6df053b/1/KuK_S6R9cV5T4us9AS0_y80bDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/40a276-8515-442c-816e-38eed6df053b/1/KuK_S6R9cV5T4us9AS0_y80bDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KuK_S6R9cV5T4us9AS0_y80bDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cc:1c:c4:66:21:83:63:e5:fa:8d:f4:e2:8f:bb:67:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ae2bf4ba47d715e53e2eb3d012d3fcbcd1b0ec0
        Validity
            Not Before: Jul  2 17:08:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=226358b5f980d7b54fbeecc599510b0dd29a14fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c6:c5:8d:98:60:5d:01:b9:54:8f:77:90:da:
                    50:e5:7c:80:e1:58:23:b2:27:2a:1b:87:ba:52:c6:
                    01:fa:f6:4b:57:17:68:ad:83:76:4b:1b:87:29:1b:
                    79:f0:21:cc:ee:09:8a:b7:37:6c:c7:b1:72:e4:b9:
                    8c:e7:92:92:b3:4b:bc:3e:65:d9:11:26:e8:55:41:
                    36:4a:12:0d:21:61:46:a6:c9:6a:4f:50:ae:54:dc:
                    27:8c:47:e4:0a:e0:b5:f6:1e:97:b8:28:dd:f6:e5:
                    ad:b5:1a:d4:2a:2d:6a:3c:81:5e:6c:e4:8c:08:42:
                    20:2c:10:63:87:b8:9c:79:90:21:0a:d7:e0:05:95:
                    86:c2:ed:1d:de:08:f8:ab:f6:70:9b:70:33:61:73:
                    b4:a1:40:a3:5c:f3:00:38:16:73:36:64:e3:71:e2:
                    de:c2:c1:15:d8:ef:66:2d:31:28:8a:89:34:ec:d9:
                    78:1a:3e:b9:7b:3b:bc:67:e0:bf:a7:88:61:0b:76:
                    52:a9:5e:c1:9d:49:99:45:9d:10:97:99:92:4a:75:
                    a9:bd:d8:43:d0:ea:02:b2:93:dc:64:41:d1:96:80:
                    3d:5c:18:c0:39:7a:7d:c8:99:93:e0:cf:2e:2e:55:
                    c5:0c:f7:85:99:88:a4:5a:80:4d:5d:80:5e:17:88:
                    e3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:63:58:B5:F9:80:D7:B5:4F:BE:EC:C5:99:51:0B:0D:D2:9A:14:FA
            X509v3 Authority Key Identifier:
                keyid:2A:E2:BF:4B:A4:7D:71:5E:53:E2:EB:3D:01:2D:3F:CB:CD:1B:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KuK_S6R9cV5T4us9AS0_y80bDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/40a276-8515-442c-816e-38eed6df053b/1/ImNYtfmA17VPvuzFmVELDdKaFPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/40a276-8515-442c-816e-38eed6df053b/1/KuK_S6R9cV5T4us9AS0_y80bDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:49:38:f0:5e:d7:62:c4:2b:40:6b:9b:9d:30:c9:b5:5a:9a:
         d4:d6:bf:ae:19:b4:a9:62:64:02:bd:aa:2c:dc:34:3e:97:42:
         15:36:ec:e7:c7:cd:23:6a:6f:c6:fd:ab:91:58:e9:c8:aa:be:
         26:1e:19:da:8c:5d:46:0f:a9:f8:d2:a5:ed:db:31:4c:d6:14:
         97:e0:0b:25:90:af:76:65:be:26:7b:d3:73:a0:5f:7a:01:c7:
         06:ed:65:e1:d5:a7:d4:cc:b7:e0:3d:df:f2:d6:8a:65:c5:44:
         7d:bd:76:50:4e:1f:9b:66:a4:e3:78:b5:ff:09:d8:e9:6a:f2:
         bb:b8:d5:bb:6b:81:9a:7c:4d:d3:2e:f7:6b:7c:8c:53:1f:16:
         47:9c:8e:99:4b:ea:9a:a3:cf:05:7d:0a:fe:44:5e:9b:e1:42:
         b6:53:bb:10:cb:56:2b:15:09:b1:d4:d0:f1:13:bf:98:3f:aa:
         9b:53:10:8f:41:7d:d3:71:0b:f9:4d:a2:1d:08:09:43:22:5c:
         2f:ae:28:7d:ca:05:8a:5b:9c:a8:1a:f6:82:a3:fc:94:09:65:
         62:66:5d:7c:11:60:5a:7f:40:18:07:d4:8b:50:5e:14:60:85:
         b8:56:9a:23:5e:ae:61:5a:ed:11:74:30:61:15:c9:1f:a6:12:
         0c:c7:e2:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfMHMRmIYNj5fqN9OKPu2fGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZTJiZjRiYTQ3ZDcxNWU1M2UyZWIzZDAxMmQzZmNiY2Qx
YjBlYzAwHhcNMjUwNzAyMTcwODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjYzNThiNWY5ODBkN2I1NGZiZWVjYzU5OTUxMGIwZGQyOWExNGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8bFjZhgXQG5VI93kNpQ5XyA4Vgj
sicqG4e6UsYB+vZLVxdorYN2SxuHKRt58CHM7gmKtzdsx7Fy5LmM55KSs0u8PmXZ
ESboVUE2ShINIWFGpslqT1CuVNwnjEfkCuC19h6XuCjd9uWttRrUKi1qPIFebOSM
CEIgLBBjh7iceZAhCtfgBZWGwu0d3gj4q/Zwm3AzYXO0oUCjXPMAOBZzNmTjceLe
wsEV2O9mLTEoiok07Nl4Gj65ezu8Z+C/p4hhC3ZSqV7BnUmZRZ0Ql5mSSnWpvdhD
0OoCspPcZEHRloA9XBjAOXp9yJmT4M8uLlXFDPeFmYikWoBNXYBeF4jjpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJjWLX5gNe1T77sxZlRCw3SmhT6MB8GA1UdIwQY
MBaAFCriv0ukfXFeU+LrPQEtP8vNGw7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3VLX1M2UjljVjVUNHVzOUFTMF95ODBiRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy80MGEyNzYtODUxNS00NDJjLTgxNmUt
MzhlZWQ2ZGYwNTNiLzEvSW1OWXRmbUExN1ZQdnV6Rm1WRUxEZEthRlBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy80MGEyNzYtODUxNS00NDJjLTgxNmUtMzhlZWQ2ZGYwNTNi
LzEvS3VLX1M2UjljVjVUNHVzOUFTMF95ODBiRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwz4EMA0G
CSqGSIb3DQEBCwUAA4IBAQABSTjwXtdixCtAa5udMMm1WprU1r+uGbSpYmQCvaos
3DQ+l0IVNuznx80jam/G/auRWOnIqr4mHhnajF1GD6n40qXt2zFM1hSX4AslkK92
Zb4me9NzoF96AccG7WXh1afUzLfgPd/y1oplxUR9vXZQTh+bZqTjeLX/CdjpavK7
uNW7a4GafE3TLvdrfIxTHxZHnI6ZS+qao88FfQr+RF6b4UK2U7sQy1YrFQmx1NDx
E7+YP6qbUxCPQX3TcQv5TaIdCAlDIlwvrih9ygWKW5yoGvaCo/yUCWViZl18EWBa
f0AYB9SLUF4UYIW4VpojXq5hWu0RdDBhFckfphIMx+Kn
-----END CERTIFICATE-----