Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/qEBSULOSMZqvdv0jIfml2f7tabs.roa
File:                     qEBSULOSMZqvdv0jIfml2f7tabs.roa (raw, json)
Hash identifier:          nH9uGd3tMpksCUbkWl3JLVG6iE75o6qgmjF/U2MlHRI=
Subject key identifier:   A8:40:52:50:B3:92:31:9A:AF:76:FD:23:21:F9:A5:D9:FE:ED:69:BB
Certificate issuer:       /CN=5ae8c78f161397ae1dbd0ac322584f62fb740097
Certificate serial:       01972F797EEF253D632F6EE3C8CB067DEF9A
Authority key identifier: 5A:E8:C7:8F:16:13:97:AE:1D:BD:0A:C3:22:58:4F:62:FB:74:00:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WujHjxYTl64dvQrDIlhPYvt0AJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/qEBSULOSMZqvdv0jIfml2f7tabs.roa
Signing time:             Mon 02 Jun 2025 07:09:40 +0000
ROA not before:           Mon 02 Jun 2025 07:09:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207688
IP address blocks:        62.220.155.0/24 maxlen: 24
                          2001:78a:100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/WujHjxYTl64dvQrDIlhPYvt0AJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/WujHjxYTl64dvQrDIlhPYvt0AJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WujHjxYTl64dvQrDIlhPYvt0AJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2f:79:7e:ef:25:3d:63:2f:6e:e3:c8:cb:06:7d:ef:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae8c78f161397ae1dbd0ac322584f62fb740097
        Validity
            Not Before: Jun  2 07:09:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8405250b392319aaf76fd2321f9a5d9feed69bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ad:89:2d:3e:36:25:a2:76:a7:97:dc:5f:73:
                    d8:d5:b5:d6:14:ce:7b:d1:04:b9:b8:e3:6d:a2:fe:
                    b0:0f:5a:0c:94:4d:e1:80:f4:99:55:0c:36:e4:82:
                    51:0a:ca:75:a5:9c:c3:e3:ea:a6:4e:33:e0:a1:81:
                    e6:c6:05:62:2b:5d:9c:e5:1e:eb:02:e4:ab:8e:26:
                    57:4e:68:20:9a:ea:79:bd:5d:63:68:34:85:4f:f0:
                    09:c2:f0:9a:9f:f3:18:ab:cc:cb:b1:d8:62:53:20:
                    09:41:76:0a:f7:1b:08:7b:2d:c1:fb:0c:3e:91:e7:
                    04:51:13:c8:2a:f9:0c:16:a4:9b:76:a4:e2:51:38:
                    98:12:0e:a5:a3:22:40:c1:be:89:01:57:e6:e5:00:
                    d7:3e:00:2f:ea:79:ab:6b:db:1c:14:9e:99:43:66:
                    79:ed:ed:55:2f:09:92:8c:d1:99:ac:5d:66:73:06:
                    39:76:20:4c:3d:6d:0d:c3:a9:6f:7e:f1:e9:a8:b5:
                    00:fc:7e:c6:ac:85:6a:60:55:ea:5a:0d:f7:54:b9:
                    1e:10:86:d5:5c:58:f3:eb:dc:34:b6:fb:45:da:55:
                    7b:86:b6:89:41:f2:b9:b6:f7:e3:ab:48:53:a3:32:
                    53:22:82:7d:7a:57:16:ec:45:da:bc:ae:54:82:32:
                    1a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:40:52:50:B3:92:31:9A:AF:76:FD:23:21:F9:A5:D9:FE:ED:69:BB
            X509v3 Authority Key Identifier:
                keyid:5A:E8:C7:8F:16:13:97:AE:1D:BD:0A:C3:22:58:4F:62:FB:74:00:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WujHjxYTl64dvQrDIlhPYvt0AJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/qEBSULOSMZqvdv0jIfml2f7tabs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/WujHjxYTl64dvQrDIlhPYvt0AJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.220.155.0/24
                IPv6:
                  2001:78a:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         65:8a:c9:d0:61:94:bb:f2:02:bc:4c:e8:6d:96:72:ae:fe:a7:
         75:53:8e:02:6c:db:1c:a4:0c:8d:2f:d3:1c:71:6b:e8:9d:d0:
         84:86:03:3b:c3:c9:c9:6c:a5:cb:42:f1:97:0c:a7:0f:5a:f3:
         cf:df:ab:fc:5a:b8:99:f0:87:7e:39:19:45:c0:32:51:26:ec:
         ff:c2:fe:e3:c9:6d:0d:de:c2:27:df:ec:94:05:38:f9:42:ae:
         d7:09:24:cb:91:37:07:79:d9:ec:f4:ef:74:e5:18:3c:a3:fd:
         9a:43:3d:94:62:7a:3c:54:f6:fe:1f:8e:05:72:57:3e:bf:0d:
         b5:68:9f:82:dc:66:0d:1a:5c:a2:05:7e:e2:4a:9b:5c:da:d5:
         b3:73:83:f5:e9:ae:35:db:b5:01:7b:f7:5d:f9:93:f1:7e:1a:
         22:8f:c3:2f:f6:af:56:63:94:d7:fc:6a:53:18:b0:9d:22:0b:
         cf:34:18:8a:ad:b1:c5:66:08:f3:8a:6d:59:ad:87:ba:61:66:
         ac:9b:ed:be:9d:bc:ec:bf:e7:3f:4f:13:12:d3:b8:50:e1:66:
         e9:58:97:ae:f5:b9:1e:dc:e3:97:44:35:39:96:bb:a9:f0:dd:
         cf:40:e8:94:b2:13:39:f0:96:f0:95:3d:0b:26:a3:e9:8b:00:
         e4:c5:20:c6
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZcveX7vJT1jL27jyMsGfe+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZThjNzhmMTYxMzk3YWUxZGJkMGFjMzIyNTg0ZjYyZmI3
NDAwOTcwHhcNMjUwNjAyMDcwOTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQwNTI1MGIzOTIzMTlhYWY3NmZkMjMyMWY5YTVkOWZlZWQ2OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq2JLT42JaJ2p5fcX3PY1bXWFM57
0QS5uONtov6wD1oMlE3hgPSZVQw25IJRCsp1pZzD4+qmTjPgoYHmxgViK12c5R7r
AuSrjiZXTmggmup5vV1jaDSFT/AJwvCan/MYq8zLsdhiUyAJQXYK9xsIey3B+ww+
kecEURPIKvkMFqSbdqTiUTiYEg6loyJAwb6JAVfm5QDXPgAv6nmra9scFJ6ZQ2Z5
7e1VLwmSjNGZrF1mcwY5diBMPW0Nw6lvfvHpqLUA/H7GrIVqYFXqWg33VLkeEIbV
XFjz69w0tvtF2lV7hraJQfK5tvfjq0hTozJTIoJ9elcW7EXavK5UgjIaLwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKhAUlCzkjGar3b9IyH5pdn+7Wm7MB8GA1UdIwQY
MBaAFFrox48WE5euHb0KwyJYT2L7dACXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3VqSGp4WVRsNjRkdlFyRElsaFBZdnQwQUpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni80ZDI3YmItZjg1Yy00YmZkLWIxYzMt
NDdiY2QzOWMzZDg2LzEvcUVCU1VMT1NNWnF2ZHYwaklmbWwyZjd0YWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni80ZDI3YmItZjg1Yy00YmZkLWIxYzMtNDdiY2QzOWMzZDg2
LzEvV3VqSGp4WVRsNjRkdlFyRElsaFBZdnQwQUpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAPtybMA4E
AgACMAgDBgAgAQeKATANBgkqhkiG9w0BAQsFAAOCAQEAZYrJ0GGUu/ICvEzobZZy
rv6ndVOOAmzbHKQMjS/THHFr6J3QhIYDO8PJyWyly0LxlwynD1rzz9+r/Fq4mfCH
fjkZRcAyUSbs/8L+48ltDd7CJ9/slAU4+UKu1wkky5E3B3nZ7PTvdOUYPKP9mkM9
lGJ6PFT2/h+OBXJXPr8NtWifgtxmDRpcogV+4kqbXNrVs3OD9emuNdu1AXv3XfmT
8X4aIo/DL/avVmOU1/xqUxiwnSILzzQYiq2xxWYI84ptWa2HumFmrJvtvp287L/n
P08TEtO4UOFm6ViXrvW5Htzjl0Q1OZa7qfDdz0DolLITOfCW8JU9Cyaj6YsA5MUg
xg==
-----END CERTIFICATE-----