Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/D1LkEB76VO4TLiVLSutG1j50Ggs.roa
File:                     D1LkEB76VO4TLiVLSutG1j50Ggs.roa (raw, json)
Hash identifier:          wwoXITC/7x+4MXqvSXJJWdJx8U8mmbANamql/OwPaLA=
Subject key identifier:   0F:52:E4:10:1E:FA:54:EE:13:2E:25:4B:4A:EB:46:D6:3E:74:1A:0B
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019A11D1F2E08E68857C0A4EDE6DF30AA433
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/D1LkEB76VO4TLiVLSutG1j50Ggs.roa
Signing time:             Thu 23 Oct 2025 16:06:03 +0000
ROA not before:           Thu 23 Oct 2025 16:06:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44090
IP address blocks:        62.60.147.0/24 maxlen: 24
                          213.176.7.0/24 maxlen: 24
                          213.176.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:11:d1:f2:e0:8e:68:85:7c:0a:4e:de:6d:f3:0a:a4:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Oct 23 16:06:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f52e4101efa54ee132e254b4aeb46d63e741a0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7b:0f:c0:26:a8:2e:29:5f:1d:f8:24:ec:4c:
                    8f:7a:d3:af:51:cd:9f:c3:73:3c:b5:4c:cd:18:84:
                    bb:7a:d5:a3:ba:2c:74:99:e7:9b:39:b7:b4:9d:90:
                    c8:66:48:3a:a9:9d:f1:31:89:9b:72:a9:a8:28:b5:
                    18:1c:73:fa:65:1d:04:ea:e1:dc:7a:cd:3b:58:7b:
                    ca:2f:fb:60:75:f8:10:5c:d7:a5:fb:90:32:57:4c:
                    1a:36:f4:d3:7e:be:aa:5e:98:74:d2:ff:47:64:cc:
                    f0:28:42:e6:a0:eb:6f:6c:37:f5:a3:04:ff:0b:e8:
                    37:88:f4:02:19:cf:13:d5:56:f9:51:eb:2b:f0:cf:
                    15:1a:43:c8:02:82:09:e8:91:63:fd:25:d9:a4:ca:
                    cc:9d:d2:76:47:49:6a:31:bb:c2:a2:75:b6:12:6e:
                    d2:9a:39:14:61:4c:c9:4e:60:66:32:e5:e0:43:39:
                    72:4a:ac:27:7e:b8:06:06:84:35:a1:d2:dc:91:0a:
                    9e:2f:e0:1e:a2:92:55:62:6b:05:b2:c0:36:0d:b1:
                    ca:3e:40:d5:fd:6c:12:86:89:89:b9:fc:0b:e9:24:
                    8c:4f:5c:9e:75:32:2d:5d:f1:8d:22:f3:1c:cd:7b:
                    e7:c0:e9:a1:4b:d9:15:ae:70:c9:74:fc:45:8d:54:
                    f2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:52:E4:10:1E:FA:54:EE:13:2E:25:4B:4A:EB:46:D6:3E:74:1A:0B
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/D1LkEB76VO4TLiVLSutG1j50Ggs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.147.0/24
                  213.176.7.0/24
                  213.176.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:de:8c:40:d2:57:93:b2:08:52:e3:c7:0a:f4:4a:4c:af:f7:
         13:54:fe:5a:e9:1a:30:5c:95:37:80:2d:5b:08:1a:d9:2c:2e:
         dd:d5:8b:71:4e:cf:62:eb:b4:70:3f:59:1b:7b:56:8c:4f:2c:
         74:8b:24:c4:18:56:ca:a7:c6:2b:a5:0e:c2:f0:2b:7a:df:ab:
         ff:18:e3:db:e9:15:81:74:27:79:7f:b2:bb:61:37:c7:7d:10:
         aa:5a:8e:81:61:f2:ea:e3:9a:a1:d7:b3:d3:70:da:97:4b:dc:
         c1:c2:49:bd:6b:d4:a8:7f:c6:ab:b9:97:fb:e3:75:1d:0a:b6:
         4a:67:2d:ba:7d:1d:72:1f:18:c9:b7:ac:80:10:57:5f:f0:a6:
         e8:f7:45:cc:f9:a2:c9:35:98:85:7e:48:e6:fc:3e:11:f3:4e:
         a8:56:22:ff:f0:9f:c8:b0:a7:cd:c3:b7:08:bf:70:68:25:db:
         28:8f:56:3c:35:f7:3f:6e:a6:2e:55:aa:4d:74:d1:22:30:b8:
         52:de:55:e7:aa:80:b3:62:b6:e7:ba:1b:02:7b:33:87:3f:f1:
         83:12:e5:cf:f6:c7:a3:86:b2:c2:55:2b:05:81:a7:06:81:18:
         a5:a0:7c:e2:ae:18:09:15:0d:a5:31:b8:39:2f:2e:2d:12:a7:
         5c:b1:ee:f7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoR0fLgjmiFfApO3m3zCqQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUxMDIzMTYwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjUyZTQxMDFlZmE1NGVlMTMyZTI1NGI0YWViNDZkNjNlNzQxYTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHsPwCaoLilfHfgk7EyPetOvUc2f
w3M8tUzNGIS7etWjuix0meebObe0nZDIZkg6qZ3xMYmbcqmoKLUYHHP6ZR0E6uHc
es07WHvKL/tgdfgQXNel+5AyV0waNvTTfr6qXph00v9HZMzwKELmoOtvbDf1owT/
C+g3iPQCGc8T1Vb5Uesr8M8VGkPIAoIJ6JFj/SXZpMrMndJ2R0lqMbvConW2Em7S
mjkUYUzJTmBmMuXgQzlySqwnfrgGBoQ1odLckQqeL+AeopJVYmsFssA2DbHKPkDV
/WwShomJufwL6SSMT1yedTItXfGNIvMczXvnwOmhS9kVrnDJdPxFjVTy1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA9S5BAe+lTuEy4lS0rrRtY+dBoLMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvRDFMa0VCNzZWTzRUTGlWTFN1dEcxajUwR2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPjyTAwQA
1bAHAwQA1bB/MA0GCSqGSIb3DQEBCwUAA4IBAQB/3oxA0leTsghS48cK9EpMr/cT
VP5a6RowXJU3gC1bCBrZLC7d1YtxTs9i67RwP1kbe1aMTyx0iyTEGFbKp8YrpQ7C
8Ct636v/GOPb6RWBdCd5f7K7YTfHfRCqWo6BYfLq45qh17PTcNqXS9zBwkm9a9So
f8aruZf743UdCrZKZy26fR1yHxjJt6yAEFdf8Kbo90XM+aLJNZiFfkjm/D4R806o
ViL/8J/IsKfNw7cIv3BoJdsoj1Y8Nfc/bqYuVapNdNEiMLhS3lXnqoCzYrbnuhsC
ezOHP/GDEuXP9sejhrLCVSsFgacGgRiloHzirhgJFQ2lMbg5Ly4tEqdcse73
-----END CERTIFICATE-----