Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/ZZHa3B2vDiatqWBi2tEDKV0gImw.roa
File:                     ZZHa3B2vDiatqWBi2tEDKV0gImw.roa (raw, json)
Hash identifier:          umPrB29FpLkve01nKipglkcLKOaJtGMVXwoyXB3BjP4=
Subject key identifier:   65:91:DA:DC:1D:AF:0E:26:AD:A9:60:62:DA:D1:03:29:5D:20:22:6C
Certificate issuer:       /CN=8dbed2dfc60987092a07a0edcb46ab14cbf74312
Certificate serial:       01982D3A816FA0DC694361C15590E442CD93
Authority key identifier: 8D:BE:D2:DF:C6:09:87:09:2A:07:A0:ED:CB:46:AB:14:CB:F7:43:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jb7S38YJhwkqB6Dty0arFMv3QxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/ZZHa3B2vDiatqWBi2tEDKV0gImw.roa
Signing time:             Mon 21 Jul 2025 13:44:25 +0000
ROA not before:           Mon 21 Jul 2025 13:44:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24703
IP address blocks:        62.122.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/jb7S38YJhwkqB6Dty0arFMv3QxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/jb7S38YJhwkqB6Dty0arFMv3QxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jb7S38YJhwkqB6Dty0arFMv3QxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 10:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:3a:81:6f:a0:dc:69:43:61:c1:55:90:e4:42:cd:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dbed2dfc60987092a07a0edcb46ab14cbf74312
        Validity
            Not Before: Jul 21 13:44:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6591dadc1daf0e26ada96062dad103295d20226c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c8:86:d6:b6:5d:d0:ad:f6:7d:c6:37:ce:db:
                    30:13:5a:e6:ad:0e:06:6b:8c:bb:ac:92:f8:ea:90:
                    7a:1e:73:b0:1e:a4:81:75:66:a4:c9:1b:37:00:ce:
                    ee:90:e4:c3:c2:e7:2f:fa:25:f3:50:12:68:05:41:
                    a0:1c:e0:9a:9c:d9:a1:0a:29:c3:9c:55:78:ed:47:
                    1a:4b:f8:ff:18:1e:e0:df:f9:4a:e7:9c:cf:62:fc:
                    24:e1:16:de:3d:12:b1:79:6f:d8:90:63:41:4d:3a:
                    c9:c3:28:24:45:f1:26:ef:58:96:78:0b:16:dd:74:
                    13:02:aa:ec:fe:7a:a7:e2:06:9f:e8:e8:b5:fe:dc:
                    d7:74:f0:bb:ed:60:1b:0f:49:01:bd:01:ad:53:fb:
                    7c:42:c5:d0:b9:93:a1:44:c8:b7:72:9f:e7:9e:36:
                    7f:c6:1e:6f:b6:5a:61:1e:b9:68:c9:15:49:76:47:
                    fa:8d:63:bc:d0:20:0d:44:e5:bd:76:5c:c5:bb:aa:
                    e4:48:ab:30:da:64:4d:8f:3c:6a:93:35:90:6d:f7:
                    6a:0e:09:7a:1f:01:76:ed:a9:9d:f3:54:e2:81:c7:
                    6b:50:9d:4b:f9:8b:fc:bc:fe:6c:93:ad:4b:f6:de:
                    85:91:7f:10:7f:18:80:93:90:4b:d3:cc:6d:34:24:
                    cb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:91:DA:DC:1D:AF:0E:26:AD:A9:60:62:DA:D1:03:29:5D:20:22:6C
            X509v3 Authority Key Identifier:
                keyid:8D:BE:D2:DF:C6:09:87:09:2A:07:A0:ED:CB:46:AB:14:CB:F7:43:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jb7S38YJhwkqB6Dty0arFMv3QxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/ZZHa3B2vDiatqWBi2tEDKV0gImw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0cc712-a665-48d7-b3d4-f0f8b0775523/1/jb7S38YJhwkqB6Dty0arFMv3QxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:8b:6a:65:65:0f:c9:36:ce:96:54:60:ef:d1:c8:14:22:99:
         61:2f:1b:a5:d5:64:91:e6:48:76:11:8a:99:fd:bf:33:19:cf:
         9f:f2:cb:f3:af:40:ef:cb:2c:07:40:b9:bf:79:ce:78:8d:19:
         82:34:06:f7:84:9a:cb:b8:e6:01:d4:bb:c1:99:03:df:af:93:
         76:af:0a:6d:40:da:95:a8:ee:68:79:d0:da:26:4e:ab:b1:fe:
         9e:3d:95:66:29:2b:56:f3:ce:2e:ac:e1:a5:31:57:74:e5:2b:
         2a:b6:c7:8a:55:6e:0c:19:9e:a5:dc:33:20:05:8f:94:d5:bc:
         8e:0c:b3:bc:24:ac:b9:11:06:11:84:ab:af:88:d8:e0:e8:34:
         aa:1f:a0:5a:aa:72:cc:d8:d1:6e:ef:92:98:bf:49:90:b9:29:
         f6:3c:5e:24:fa:d9:13:76:d1:b4:e6:28:e3:0f:6e:fe:40:33:
         4c:01:c2:65:da:b9:77:70:ab:20:a3:34:81:ba:ad:61:f1:78:
         a6:04:80:fa:8b:c5:25:d5:14:ab:e6:73:64:dd:46:1a:f2:9a:
         dd:8b:4f:f7:5f:23:9d:9c:10:ee:e5:c3:ea:25:33:39:19:f4:
         48:93:85:37:db:4b:9b:3e:a4:8d:53:5a:16:5f:98:d5:a2:c6:
         09:2f:bc:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgtOoFvoNxpQ2HBVZDkQs2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYmVkMmRmYzYwOTg3MDkyYTA3YTBlZGNiNDZhYjE0Y2Jm
NzQzMTIwHhcNMjUwNzIxMTM0NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTkxZGFkYzFkYWYwZTI2YWRhOTYwNjJkYWQxMDMyOTVkMjAyMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMiG1rZd0K32fcY3ztswE1rmrQ4G
a4y7rJL46pB6HnOwHqSBdWakyRs3AM7ukOTDwucv+iXzUBJoBUGgHOCanNmhCinD
nFV47UcaS/j/GB7g3/lK55zPYvwk4RbePRKxeW/YkGNBTTrJwygkRfEm71iWeAsW
3XQTAqrs/nqn4gaf6Oi1/tzXdPC77WAbD0kBvQGtU/t8QsXQuZOhRMi3cp/nnjZ/
xh5vtlphHrloyRVJdkf6jWO80CANROW9dlzFu6rkSKsw2mRNjzxqkzWQbfdqDgl6
HwF27amd81TigcdrUJ1L+Yv8vP5sk61L9t6FkX8QfxiAk5BL08xtNCTLmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWR2twdrw4mralgYtrRAyldICJsMB8GA1UdIwQY
MBaAFI2+0t/GCYcJKgeg7ctGqxTL90MSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamI3UzM4WUpod2txQjZEdHkwYXJGTXYzUXhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8wY2M3MTItYTY2NS00OGQ3LWIzZDQt
ZjBmOGIwNzc1NTIzLzEvWlpIYTNCMnZEaWF0cVdCaTJ0RURLVjBnSW13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8wY2M3MTItYTY2NS00OGQ3LWIzZDQtZjBmOGIwNzc1NTIz
LzEvamI3UzM4WUpod2txQjZEdHkwYXJGTXYzUXhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnpHMA0G
CSqGSIb3DQEBCwUAA4IBAQDDi2plZQ/JNs6WVGDv0cgUIplhLxul1WSR5kh2EYqZ
/b8zGc+f8svzr0DvyywHQLm/ec54jRmCNAb3hJrLuOYB1LvBmQPfr5N2rwptQNqV
qO5oedDaJk6rsf6ePZVmKStW884urOGlMVd05SsqtseKVW4MGZ6l3DMgBY+U1byO
DLO8JKy5EQYRhKuviNjg6DSqH6BaqnLM2NFu75KYv0mQuSn2PF4k+tkTdtG05ijj
D27+QDNMAcJl2rl3cKsgozSBuq1h8XimBID6i8Ul1RSr5nNk3UYa8prdi0/3XyOd
nBDu5cPqJTM5GfRIk4U320ubPqSNU1oWX5jVosYJL7zc
-----END CERTIFICATE-----