Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/H5fCqBpm_f7hXygoIa8xLisQf4o.roa
File:                     H5fCqBpm_f7hXygoIa8xLisQf4o.roa (raw, json)
Hash identifier:          NKYGYeat86NvKM0eWJwmhRu9GEV6wXY2dnHdfl8Rsog=
Subject key identifier:   1F:97:C2:A8:1A:66:FD:FE:E1:5F:28:28:21:AF:31:2E:2B:10:7F:8A
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0196FB64E224E64CFA56F5FB8A82FDA10D63
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/H5fCqBpm_f7hXygoIa8xLisQf4o.roa
Signing time:             Fri 23 May 2025 04:26:54 +0000
ROA not before:           Fri 23 May 2025 04:26:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214357
IP address blocks:        62.60.189.0/24 maxlen: 24
                          62.60.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 10:17:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fb:64:e2:24:e6:4c:fa:56:f5:fb:8a:82:fd:a1:0d:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: May 23 04:26:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f97c2a81a66fdfee15f282821af312e2b107f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:60:8f:e6:0f:2f:66:b0:8e:c7:0b:4e:62:b7:
                    72:65:09:3f:78:f5:c4:2a:28:09:b6:96:85:7e:4e:
                    b5:08:6d:7c:96:89:f9:0a:b3:6f:ae:eb:bf:b2:9a:
                    da:06:87:a8:e7:c9:03:9b:50:63:72:df:02:88:7d:
                    79:de:f8:4b:05:ca:80:fb:21:81:ec:d1:2b:11:d3:
                    d2:55:87:b1:0f:05:9b:57:ca:61:c2:54:25:b9:f8:
                    23:b4:74:3a:94:d4:95:e4:60:13:71:86:bc:d1:4b:
                    90:de:0e:72:79:e7:b9:c8:1d:b7:3c:f0:32:68:14:
                    9e:44:4c:f0:a8:d2:21:b1:7d:09:f0:05:0b:44:1a:
                    78:06:af:82:11:00:6e:b6:ac:c7:46:50:d0:bf:7d:
                    4f:30:42:30:a9:e4:05:c9:4e:b5:16:7b:5f:d0:19:
                    13:e1:55:de:a9:ea:5c:46:4a:28:ca:71:08:81:2a:
                    37:ad:dd:c7:f2:02:bf:08:6b:3f:65:f3:ff:a9:e5:
                    88:21:41:54:22:3e:67:62:49:8a:f4:93:42:2b:f6:
                    84:f4:84:6f:11:93:be:c6:35:79:d7:e2:54:47:2d:
                    83:b5:79:bf:12:d4:6b:ab:e4:77:af:63:b8:c0:3a:
                    2c:37:82:15:b5:e8:ae:73:b3:6f:36:bb:5a:28:98:
                    07:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:97:C2:A8:1A:66:FD:FE:E1:5F:28:28:21:AF:31:2E:2B:10:7F:8A
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/H5fCqBpm_f7hXygoIa8xLisQf4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.189.0/24
                  62.60.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:77:7d:3e:4d:1c:8a:ad:03:82:a0:e7:0b:2d:0c:10:3d:5e:
         c3:32:92:ae:63:bd:8b:cd:31:59:d4:af:4c:e1:a6:18:c6:dc:
         56:cd:7a:e9:63:5d:2b:da:06:3f:35:57:de:9d:45:d1:f4:e6:
         50:7e:66:83:59:42:87:e0:07:23:ec:c7:3a:f5:f1:fc:11:dc:
         9c:e6:24:db:0a:69:f1:a1:77:6d:3c:32:75:7d:5d:15:48:d3:
         cb:a0:b6:b8:89:dd:54:ed:50:84:b7:4e:df:dd:93:45:d2:38:
         3e:e1:c3:4f:49:33:6b:6c:d2:a0:ac:8d:ed:09:19:08:56:9f:
         e9:dd:b9:b8:b6:80:09:03:f6:35:2e:bd:26:e4:7a:50:83:8a:
         69:4c:f5:27:cc:56:ee:70:5b:1c:03:b7:8c:04:a1:b4:90:cd:
         80:84:3b:46:49:99:d4:cd:30:b3:f6:14:22:42:a5:d1:3e:77:
         8d:d3:c9:0b:18:f7:e4:9a:c8:bc:4d:53:94:82:70:00:f4:2c:
         fb:20:b6:6a:b0:51:3e:27:81:e7:15:e4:ba:5b:8e:fa:40:45:
         f7:4a:c3:22:3b:f9:2a:a8:e5:52:ce:bb:64:6e:b1:b8:38:b3:
         be:90:59:64:7c:73:91:00:dd:c5:dd:83:50:eb:70:2f:b9:92:
         db:dc:5b:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZb7ZOIk5kz6VvX7ioL9oQ1jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwNTIzMDQyNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjk3YzJhODFhNjZmZGZlZTE1ZjI4MjgyMWFmMzEyZTJiMTA3ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8WCP5g8vZrCOxwtOYrdyZQk/ePXE
KigJtpaFfk61CG18lon5CrNvruu/spraBoeo58kDm1Bjct8CiH153vhLBcqA+yGB
7NErEdPSVYexDwWbV8phwlQlufgjtHQ6lNSV5GATcYa80UuQ3g5yeee5yB23PPAy
aBSeREzwqNIhsX0J8AULRBp4Bq+CEQButqzHRlDQv31PMEIwqeQFyU61Fntf0BkT
4VXeqepcRkooynEIgSo3rd3H8gK/CGs/ZfP/qeWIIUFUIj5nYkmK9JNCK/aE9IRv
EZO+xjV51+JURy2DtXm/EtRrq+R3r2O4wDosN4IVteiuc7NvNrtaKJgHQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB+XwqgaZv3+4V8oKCGvMS4rEH+KMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvSDVmQ3FCcG1fZjdoWHlnb0lhOHhMaXNRZjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPjy9AwQA
Pjy/MA0GCSqGSIb3DQEBCwUAA4IBAQAJd30+TRyKrQOCoOcLLQwQPV7DMpKuY72L
zTFZ1K9M4aYYxtxWzXrpY10r2gY/NVfenUXR9OZQfmaDWUKH4Acj7Mc69fH8Edyc
5iTbCmnxoXdtPDJ1fV0VSNPLoLa4id1U7VCEt07f3ZNF0jg+4cNPSTNrbNKgrI3t
CRkIVp/p3bm4toAJA/Y1Lr0m5HpQg4ppTPUnzFbucFscA7eMBKG0kM2AhDtGSZnU
zTCz9hQiQqXRPneN08kLGPfkmsi8TVOUgnAA9Cz7ILZqsFE+J4HnFeS6W476QEX3
SsMiO/kqqOVSzrtkbrG4OLO+kFlkfHORAN3F3YNQ63AvuZLb3Fvo
-----END CERTIFICATE-----