Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/VDJUY-bEZOrE2WX3z3d6PtIM26E.roa
File:                     VDJUY-bEZOrE2WX3z3d6PtIM26E.roa (raw, json)
Hash identifier:          iDW0DThQvCt2R2cKVGK+w9aT0FJJO22Pn5/lB1HACYc=
Subject key identifier:   54:32:54:63:E6:C4:64:EA:C4:D9:65:F7:CF:77:7A:3E:D2:0C:DB:A1
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0196FB79F16638032F52536AE0C798EF1DAC
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/VDJUY-bEZOrE2WX3z3d6PtIM26E.roa
Signing time:             Fri 23 May 2025 04:49:54 +0000
ROA not before:           Fri 23 May 2025 04:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57391
IP address blocks:        62.60.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fb:79:f1:66:38:03:2f:52:53:6a:e0:c7:98:ef:1d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: May 23 04:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54325463e6c464eac4d965f7cf777a3ed20cdba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8f:8d:ba:67:4f:12:e6:b4:c7:f8:a2:5a:10:
                    8d:41:99:ee:31:f4:93:75:b8:f9:f8:06:ba:b3:a1:
                    e5:ee:08:92:2a:33:18:8a:66:86:f8:02:74:38:4d:
                    4f:52:f9:b5:89:81:ef:a9:32:e1:45:90:15:08:54:
                    e6:0f:f7:f9:f4:ff:48:d0:52:96:c6:67:73:bf:d2:
                    7a:20:45:4b:6b:82:70:f5:0a:7e:38:9f:90:9f:82:
                    bc:4b:b2:8f:56:45:c2:b0:d7:4d:e4:b9:17:0f:03:
                    ed:12:48:bb:2d:1a:5d:5e:16:f3:26:a3:22:e8:e8:
                    ab:8d:30:3c:52:90:95:76:01:4a:5e:42:0d:0f:59:
                    54:2a:34:a4:e7:b0:fd:aa:ec:90:19:8c:7c:68:e6:
                    c4:19:f7:89:1e:aa:8c:a8:f7:07:53:0c:00:90:1f:
                    e0:17:31:33:03:59:67:fa:5e:cc:7d:04:25:b1:ef:
                    57:01:bb:f2:57:f2:8c:1e:47:71:0c:5e:bd:ec:52:
                    b4:c9:6f:e6:2c:26:54:a1:6b:bd:b6:3b:ae:91:7b:
                    3e:75:a7:94:1b:5c:18:ab:7d:ff:81:db:0b:d8:83:
                    6e:38:3f:a1:6c:eb:44:a1:36:13:1c:2a:b2:02:e5:
                    3b:b1:7a:07:67:42:53:d3:a4:9a:d5:42:14:e9:e2:
                    af:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:32:54:63:E6:C4:64:EA:C4:D9:65:F7:CF:77:7A:3E:D2:0C:DB:A1
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/VDJUY-bEZOrE2WX3z3d6PtIM26E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:20:ca:b5:aa:39:fe:d3:af:93:be:9a:87:fd:bf:d6:9d:91:
         1d:62:fa:79:79:ef:bc:75:7f:2f:b1:50:79:a7:8b:49:14:21:
         fa:9c:c9:35:65:38:11:32:de:b9:3b:30:f2:1e:bb:20:d3:4c:
         48:79:9d:bf:fe:6c:b1:6b:8e:13:1f:e7:ae:6f:56:7e:9c:33:
         c9:b1:0d:7e:95:28:55:73:ca:99:01:13:bb:cf:43:b0:a7:20:
         ef:11:72:1a:aa:3c:ca:21:29:c3:2a:03:0c:2c:89:2d:e1:00:
         67:8f:43:74:03:03:ba:53:d2:26:18:2c:a0:e5:01:c3:72:ae:
         85:c0:a9:46:53:cd:62:ec:6d:3b:77:4b:99:3f:98:68:29:5f:
         43:ed:96:ae:4a:2e:a8:5d:67:44:d0:17:ac:b8:16:6c:9f:f3:
         35:3c:39:3d:46:76:5c:e9:3b:7d:95:85:d7:62:0f:d5:90:65:
         17:90:78:77:c9:f1:f1:f3:7a:0d:ea:a0:60:10:4a:e3:36:75:
         b4:d1:f6:bc:cc:1e:8d:5f:4c:f0:78:04:96:fc:3e:59:b7:eb:
         98:17:e6:c0:dc:c7:8d:a5:e4:62:d4:70:e7:bd:e0:6e:06:e2:
         da:ba:d3:0a:d3:64:03:f8:ab:b1:fb:68:65:71:39:ea:d5:1a:
         f6:dd:b0:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb7efFmOAMvUlNq4MeY7x2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwNTIzMDQ0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDMyNTQ2M2U2YzQ2NGVhYzRkOTY1ZjdjZjc3N2EzZWQyMGNkYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAno+NumdPEua0x/iiWhCNQZnuMfST
dbj5+Aa6s6Hl7giSKjMYimaG+AJ0OE1PUvm1iYHvqTLhRZAVCFTmD/f59P9I0FKW
xmdzv9J6IEVLa4Jw9Qp+OJ+Qn4K8S7KPVkXCsNdN5LkXDwPtEki7LRpdXhbzJqMi
6OirjTA8UpCVdgFKXkIND1lUKjSk57D9quyQGYx8aObEGfeJHqqMqPcHUwwAkB/g
FzEzA1ln+l7MfQQlse9XAbvyV/KMHkdxDF697FK0yW/mLCZUoWu9tjuukXs+daeU
G1wYq33/gdsL2INuOD+hbOtEoTYTHCqyAuU7sXoHZ0JT06Sa1UIU6eKvJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQyVGPmxGTqxNll9893ej7SDNuhMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvVkRKVVktYkVaT3JFMldYM3ozZDZQdElNMjZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPjysMA0G
CSqGSIb3DQEBCwUAA4IBAQC3IMq1qjn+06+TvpqH/b/WnZEdYvp5ee+8dX8vsVB5
p4tJFCH6nMk1ZTgRMt65OzDyHrsg00xIeZ2//myxa44TH+eub1Z+nDPJsQ1+lShV
c8qZARO7z0OwpyDvEXIaqjzKISnDKgMMLIkt4QBnj0N0AwO6U9ImGCyg5QHDcq6F
wKlGU81i7G07d0uZP5hoKV9D7ZauSi6oXWdE0BesuBZsn/M1PDk9RnZc6Tt9lYXX
Yg/VkGUXkHh3yfHx83oN6qBgEErjNnW00fa8zB6NX0zweASW/D5Zt+uYF+bA3MeN
peRi1HDnveBuBuLautMK02QD+Kux+2hlcTnq1Rr23bAp
-----END CERTIFICATE-----