Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/iFmiq63DpNDN4v2AMY1a-Fu_CP8.roa
File:                     iFmiq63DpNDN4v2AMY1a-Fu_CP8.roa (raw, json)
Hash identifier:          UdHd1vnfza4zALuCMm6OPNt72FMsCuyAC6PdzT1+mlQ=
Subject key identifier:   88:59:A2:AB:AD:C3:A4:D0:CD:E2:FD:80:31:8D:5A:F8:5B:BF:08:FF
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019903C353CE0970BB7F2560EE14C78709F6
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/iFmiq63DpNDN4v2AMY1a-Fu_CP8.roa
Signing time:             Mon 01 Sep 2025 05:32:36 +0000
ROA not before:           Mon 01 Sep 2025 05:32:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211904
IP address blocks:        62.60.163.0/24 maxlen: 24
                          213.176.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:03:c3:53:ce:09:70:bb:7f:25:60:ee:14:c7:87:09:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Sep  1 05:32:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8859a2abadc3a4d0cde2fd80318d5af85bbf08ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:31:9c:d4:be:76:e2:d4:49:9b:e0:4a:68:02:
                    e4:10:f5:4e:b0:56:6e:18:4e:23:ca:d8:88:31:84:
                    d0:b3:10:34:19:1f:81:8b:56:8a:99:a0:e7:0f:1b:
                    fb:50:48:b9:fa:d0:53:08:96:a4:44:b8:17:62:22:
                    9b:61:c1:22:ac:36:25:33:f5:d6:d9:62:58:3d:d0:
                    03:a9:5f:bd:b7:5d:56:05:18:83:6d:4a:9a:ce:c2:
                    5c:fe:c0:b2:05:74:4a:dc:9b:c8:e8:d5:94:4a:93:
                    9f:3b:ad:4e:fb:93:c9:0c:2b:8e:0f:75:b2:2f:b3:
                    11:c5:bc:7f:0d:a5:95:bd:2f:d2:b3:b0:a4:3a:65:
                    a7:97:0e:24:31:c5:33:18:9b:71:d0:f8:34:4b:fc:
                    02:a9:7f:22:09:52:f8:76:93:16:8c:40:f8:a6:3a:
                    44:96:c0:1c:59:25:9c:b0:39:87:dd:65:10:72:37:
                    df:b4:dc:9b:26:43:5d:44:d4:4a:cd:76:11:ed:33:
                    e5:66:59:b3:a5:48:d6:e4:ba:51:b3:ee:c3:dd:a5:
                    63:cf:c3:fd:13:73:3a:2b:f9:0a:5d:32:ec:6f:4e:
                    32:93:37:2c:d9:be:a0:6f:b3:4b:b7:fb:70:ba:9f:
                    5f:c4:67:dd:03:a1:a6:0c:cf:eb:71:a3:33:ab:d2:
                    ef:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:59:A2:AB:AD:C3:A4:D0:CD:E2:FD:80:31:8D:5A:F8:5B:BF:08:FF
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/iFmiq63DpNDN4v2AMY1a-Fu_CP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.163.0/24
                  213.176.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:83:e5:8f:03:2b:6f:15:8f:c7:8f:5f:0d:17:45:20:51:ff:
         6a:cf:1f:65:a2:d8:a7:b1:3b:f0:f7:8c:44:30:3c:98:46:e1:
         34:b4:cc:88:0d:e8:00:81:e0:03:1b:81:71:bf:b8:d7:e3:a0:
         5e:d0:7b:b5:3a:d0:fc:cb:07:e0:b4:d3:d8:25:1b:0e:ca:fc:
         3c:e8:16:f3:94:92:f4:8f:17:d7:0a:7d:0f:3a:32:2d:f6:6a:
         7f:63:66:b2:b8:e9:b2:4e:d5:63:40:c9:68:37:0b:4f:be:fb:
         3b:90:ee:af:a1:e1:9e:b3:90:12:7f:d0:a3:26:64:d1:b9:a6:
         37:8e:30:a4:08:67:a1:66:d6:ca:2c:e2:5d:30:69:95:0f:4e:
         97:3d:52:9b:a7:d2:07:fa:a4:54:6c:4a:84:ad:d7:0a:16:75:
         f3:4f:ec:a4:b3:65:7d:ab:b0:db:34:50:43:a0:c2:a1:c6:6c:
         96:64:ea:4c:aa:d1:bc:19:7e:14:7e:35:44:92:02:0c:ce:d5:
         ad:bb:c0:6f:4c:cf:d7:47:17:45:69:f7:0a:83:7f:ce:87:35:
         ec:e1:30:e4:56:49:10:b3:a9:c2:c8:09:09:af:8a:97:a7:ad:
         9f:28:b9:95:42:2d:4f:71:9c:c0:97:5f:b5:21:b0:47:e9:c4:
         ae:2d:7b:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkDw1POCXC7fyVg7hTHhwn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwOTAxMDUzMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODU5YTJhYmFkYzNhNGQwY2RlMmZkODAzMThkNWFmODViYmYwOGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jGc1L524tRJm+BKaALkEPVOsFZu
GE4jytiIMYTQsxA0GR+Bi1aKmaDnDxv7UEi5+tBTCJakRLgXYiKbYcEirDYlM/XW
2WJYPdADqV+9t11WBRiDbUqazsJc/sCyBXRK3JvI6NWUSpOfO61O+5PJDCuOD3Wy
L7MRxbx/DaWVvS/Ss7CkOmWnlw4kMcUzGJtx0Pg0S/wCqX8iCVL4dpMWjED4pjpE
lsAcWSWcsDmH3WUQcjfftNybJkNdRNRKzXYR7TPlZlmzpUjW5LpRs+7D3aVjz8P9
E3M6K/kKXTLsb04ykzcs2b6gb7NLt/twup9fxGfdA6GmDM/rcaMzq9LvuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIhZoqutw6TQzeL9gDGNWvhbvwj/MB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvaUZtaXE2M0RwTkRONHYyQU1ZMWEtRnVfQ1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPjyjAwQA
1bABMA0GCSqGSIb3DQEBCwUAA4IBAQDIg+WPAytvFY/Hj18NF0UgUf9qzx9lotin
sTvw94xEMDyYRuE0tMyIDegAgeADG4Fxv7jX46Be0Hu1OtD8ywfgtNPYJRsOyvw8
6BbzlJL0jxfXCn0POjIt9mp/Y2ayuOmyTtVjQMloNwtPvvs7kO6voeGes5ASf9Cj
JmTRuaY3jjCkCGehZtbKLOJdMGmVD06XPVKbp9IH+qRUbEqErdcKFnXzT+yks2V9
q7DbNFBDoMKhxmyWZOpMqtG8GX4UfjVEkgIMztWtu8BvTM/XRxdFafcKg3/OhzXs
4TDkVkkQs6nCyAkJr4qXp62fKLmVQi1PcZzAl1+1IbBH6cSuLXvQ
-----END CERTIFICATE-----