Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/wF8FIDPGJ7tPDC93JVsz45qMgTg.roa
File:                     wF8FIDPGJ7tPDC93JVsz45qMgTg.roa (raw, json)
Hash identifier:          n2UHfP/KhNZ+ztEQHVgA4uYFqjEfJjs05GQWErjnkeE=
Subject key identifier:   C0:5F:05:20:33:C6:27:BB:4F:0C:2F:77:25:5B:33:E3:9A:8C:81:38
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019A2038C6C0AAC790BCDD8A5332A25DD6D0
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/wF8FIDPGJ7tPDC93JVsz45qMgTg.roa
Signing time:             Sun 26 Oct 2025 11:13:03 +0000
ROA not before:           Sun 26 Oct 2025 11:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209186
IP address blocks:        62.60.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Nov 2025 09:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:20:38:c6:c0:aa:c7:90:bc:dd:8a:53:32:a2:5d:d6:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Oct 26 11:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c05f052033c627bb4f0c2f77255b33e39a8c8138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f0:24:60:1c:61:78:c4:d9:96:94:a7:a4:1c:
                    e4:b5:52:8c:c7:d2:30:b9:52:19:58:99:78:a8:16:
                    c1:25:ef:63:d7:03:b4:ee:7b:c9:aa:f1:c2:cf:48:
                    76:8e:7e:e7:f6:e0:ef:4a:d6:e0:9b:80:59:69:4c:
                    11:f7:87:c6:c0:13:66:ce:dc:e0:db:15:0f:21:9f:
                    64:d9:bd:ae:fc:67:13:bf:e6:db:d0:0d:d2:31:a3:
                    26:a3:c9:79:51:9a:64:67:6e:f6:87:83:ee:1d:be:
                    f4:c7:4f:45:32:53:96:e3:dc:85:af:3a:cc:3c:92:
                    9b:77:b7:eb:64:33:7b:7d:d6:f9:fc:dc:a0:62:97:
                    ca:3f:f1:97:2d:53:84:10:b9:bc:7a:39:72:a7:18:
                    49:c5:5d:54:20:10:9c:7d:7f:64:c5:41:b1:30:08:
                    ea:52:16:d7:6c:2d:05:05:30:5f:c0:a9:0f:d0:a3:
                    6b:29:00:cb:4d:94:fa:f1:f0:62:26:17:0d:50:94:
                    7a:53:91:6b:7b:1a:ff:5a:0c:9c:a0:7c:a2:b0:63:
                    38:5d:31:d3:60:9a:4f:42:a9:37:fc:1f:e3:10:7a:
                    f9:4f:85:e7:e8:c3:8f:47:41:a8:c9:0a:2e:8b:12:
                    61:ff:b0:a9:2d:b4:d9:ee:b8:5e:96:db:66:f8:a1:
                    89:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:5F:05:20:33:C6:27:BB:4F:0C:2F:77:25:5B:33:E3:9A:8C:81:38
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/wF8FIDPGJ7tPDC93JVsz45qMgTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:ce:c4:82:a7:50:fd:9e:9c:8f:79:c6:1b:17:24:2e:4a:6c:
         c5:79:0f:51:ee:90:32:a9:0b:43:a0:00:74:90:af:bf:3f:1c:
         08:0d:5e:ad:9c:68:ba:d1:f0:89:22:6a:76:2a:cb:87:a9:95:
         0b:af:c4:e3:23:c1:7c:3e:8e:fa:4e:0c:01:3e:64:c2:58:af:
         37:1b:25:3a:d0:ab:c6:ba:97:7a:8c:2d:f9:d8:4a:d1:af:9b:
         1b:75:66:4d:af:f4:52:c2:c5:7f:fa:48:59:d7:37:4b:3d:df:
         99:1e:38:76:ff:5f:78:ac:83:a4:55:0c:3f:f5:3c:73:57:22:
         d3:84:d5:d6:6f:58:4f:bc:8f:94:2f:a0:b9:30:1a:74:25:80:
         7f:de:29:ce:e2:bb:a9:e2:8e:96:fa:06:f3:b1:97:85:5b:4e:
         45:76:b2:52:bb:7a:c5:4d:c2:f6:16:ce:9a:c4:e4:e3:77:d7:
         82:28:15:66:91:77:65:ff:78:05:31:d6:f3:7a:0e:8d:a9:66:
         67:70:da:c1:f1:ee:cb:21:2b:d3:d3:e0:1f:12:6a:43:c2:08:
         4b:97:eb:b6:cc:5d:35:c4:a3:f9:84:60:97:1c:77:5b:56:60:
         d5:d1:be:96:bf:fc:71:33:1f:f6:fd:39:4d:56:be:8b:dc:7e:
         2c:c3:77:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZogOMbAqseQvN2KUzKiXdbQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUxMDI2MTExMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDVmMDUyMDMzYzYyN2JiNGYwYzJmNzcyNTViMzNlMzlhOGM4MTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPAkYBxheMTZlpSnpBzktVKMx9Iw
uVIZWJl4qBbBJe9j1wO07nvJqvHCz0h2jn7n9uDvStbgm4BZaUwR94fGwBNmztzg
2xUPIZ9k2b2u/GcTv+bb0A3SMaMmo8l5UZpkZ272h4PuHb70x09FMlOW49yFrzrM
PJKbd7frZDN7fdb5/NygYpfKP/GXLVOEELm8ejlypxhJxV1UIBCcfX9kxUGxMAjq
UhbXbC0FBTBfwKkP0KNrKQDLTZT68fBiJhcNUJR6U5Frexr/WgycoHyisGM4XTHT
YJpPQqk3/B/jEHr5T4Xn6MOPR0GoyQouixJh/7CpLbTZ7rhelttm+KGJowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBfBSAzxie7TwwvdyVbM+OajIE4MB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvd0Y4RklEUEdKN3RQREM5M0pWc3o0NXFNZ1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjzjMA0G
CSqGSIb3DQEBCwUAA4IBAQA8zsSCp1D9npyPecYbFyQuSmzFeQ9R7pAyqQtDoAB0
kK+/PxwIDV6tnGi60fCJImp2KsuHqZULr8TjI8F8Po76TgwBPmTCWK83GyU60KvG
upd6jC352ErRr5sbdWZNr/RSwsV/+khZ1zdLPd+ZHjh2/194rIOkVQw/9TxzVyLT
hNXWb1hPvI+UL6C5MBp0JYB/3inO4rup4o6W+gbzsZeFW05FdrJSu3rFTcL2Fs6a
xOTjd9eCKBVmkXdl/3gFMdbzeg6NqWZncNrB8e7LISvT0+AfEmpDwghLl+u2zF01
xKP5hGCXHHdbVmDV0b6Wv/xxMx/2/TlNVr6L3H4sw3cp
-----END CERTIFICATE-----