Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/2srkxS73h-4v9aRkWalUGPvLyjs.roa
File:                     2srkxS73h-4v9aRkWalUGPvLyjs.roa (raw, json)
Hash identifier:          EI7l3gXPaRFMaWNVF840VfKAOeEz4HogCxejSxfT79I=
Subject key identifier:   DA:CA:E4:C5:2E:F7:87:EE:2F:F5:A4:64:59:A9:54:18:FB:CB:CA:3B
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0197BF968702CB0ACEDA1DDAE1A670C580A6
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/2srkxS73h-4v9aRkWalUGPvLyjs.roa
Signing time:             Mon 30 Jun 2025 06:46:42 +0000
ROA not before:           Mon 30 Jun 2025 06:46:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152672
IP address blocks:        62.72.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 07:43:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:96:87:02:cb:0a:ce:da:1d:da:e1:a6:70:c5:80:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 30 06:46:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dacae4c52ef787ee2ff5a46459a95418fbcbca3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:72:9f:d6:52:97:41:00:83:8d:d2:46:df:91:
                    e2:0e:79:77:9d:db:28:4a:5c:60:fc:b9:97:54:70:
                    f5:97:dc:76:02:73:88:ec:02:e9:ba:85:d8:33:49:
                    b5:88:1d:a8:81:04:74:9e:c6:95:e5:e7:bf:7e:37:
                    d6:a8:19:7a:d8:91:e7:8c:50:c5:8c:1c:2f:cb:e7:
                    66:db:a1:91:29:37:71:1d:04:09:14:a0:19:0a:c5:
                    30:10:7a:1c:f1:03:0b:77:75:a1:36:84:a6:e8:0f:
                    55:04:f7:2f:22:40:e7:84:1c:a7:5f:c4:eb:83:9f:
                    32:a1:f3:bc:99:ec:f2:9b:8e:7f:dc:ef:66:76:48:
                    fd:f3:ef:ec:57:bf:88:b7:f1:0d:d7:e3:de:64:86:
                    a8:19:c7:48:9b:c3:16:43:41:b1:14:19:24:fc:6f:
                    d8:e4:82:2d:3a:5f:09:57:f5:db:67:ce:46:8a:ff:
                    4d:23:ad:37:9b:9f:89:4d:36:d4:27:1d:43:37:b9:
                    3a:cb:8e:5f:77:39:39:2a:e5:1f:83:19:6f:cb:d7:
                    5f:0c:af:d2:e5:1f:31:94:e2:56:63:d0:aa:cc:7b:
                    5a:c3:c2:3d:8f:1d:92:6f:8a:f0:2a:4c:c3:40:97:
                    b4:c1:7c:cd:29:72:64:84:6e:41:d7:1d:61:07:f3:
                    22:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:CA:E4:C5:2E:F7:87:EE:2F:F5:A4:64:59:A9:54:18:FB:CB:CA:3B
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/2srkxS73h-4v9aRkWalUGPvLyjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:da:c9:45:8f:ae:5e:0a:42:4f:c2:b7:71:7f:53:6c:21:99:
         bf:ea:c1:65:18:04:9a:59:37:5e:94:f5:64:16:08:b2:02:cd:
         35:61:90:ff:18:4f:e6:67:f2:e0:a6:63:81:c6:7c:af:30:53:
         9c:51:82:2e:74:6b:41:75:30:bf:44:0c:cb:4d:07:ed:64:29:
         e0:6b:41:92:ff:33:c0:f3:9f:ae:c6:be:a7:4c:2b:c7:3b:e9:
         c8:ff:ce:12:7f:02:32:79:14:31:49:50:ee:8a:ea:08:a7:d9:
         24:f1:91:c9:f2:02:f5:7d:56:2e:d1:d7:e6:6e:dd:26:71:6d:
         a5:2d:a2:9e:1b:8d:a3:6d:9f:dd:8b:77:48:9b:8d:e8:46:f5:
         68:a9:11:cf:0b:08:28:8a:5c:b8:3d:cd:c7:5a:22:74:55:32:
         73:9d:cb:02:45:3b:26:b7:83:0d:72:0e:ef:b4:a1:5e:a1:4d:
         ea:07:4a:6b:6e:02:45:9c:64:f6:56:13:9f:5a:f8:3f:cf:a6:
         05:1f:d3:ff:66:e3:ed:81:9b:90:16:66:4e:72:b5:b5:1f:d5:
         0d:c5:94:83:32:e9:01:fc:26:21:95:42:b9:f3:45:68:6e:03:
         6c:77:fb:fd:d5:ed:6c:0b:d3:c5:07:32:90:45:78:a3:f6:ff:
         8b:0f:f6:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe/locCywrO2h3a4aZwxYCmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwNjMwMDY0NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWNhZTRjNTJlZjc4N2VlMmZmNWE0NjQ1OWE5NTQxOGZiY2JjYTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXKf1lKXQQCDjdJG35HiDnl3ndso
Slxg/LmXVHD1l9x2AnOI7ALpuoXYM0m1iB2ogQR0nsaV5ee/fjfWqBl62JHnjFDF
jBwvy+dm26GRKTdxHQQJFKAZCsUwEHoc8QMLd3WhNoSm6A9VBPcvIkDnhBynX8Tr
g58yofO8mezym45/3O9mdkj98+/sV7+It/EN1+PeZIaoGcdIm8MWQ0GxFBkk/G/Y
5IItOl8JV/XbZ85Giv9NI603m5+JTTbUJx1DN7k6y45fdzk5KuUfgxlvy9dfDK/S
5R8xlOJWY9CqzHtaw8I9jx2Sb4rwKkzDQJe0wXzNKXJkhG5B1x1hB/MigQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrK5MUu94fuL/WkZFmpVBj7y8o7MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvMnNya3hTNzNoLTR2OWFSa1dhbFVHUHZMeWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkirMA0G
CSqGSIb3DQEBCwUAA4IBAQAD2slFj65eCkJPwrdxf1NsIZm/6sFlGASaWTdelPVk
FgiyAs01YZD/GE/mZ/LgpmOBxnyvMFOcUYIudGtBdTC/RAzLTQftZCnga0GS/zPA
85+uxr6nTCvHO+nI/84SfwIyeRQxSVDuiuoIp9kk8ZHJ8gL1fVYu0dfmbt0mcW2l
LaKeG42jbZ/di3dIm43oRvVoqRHPCwgoily4Pc3HWiJ0VTJzncsCRTsmt4MNcg7v
tKFeoU3qB0prbgJFnGT2VhOfWvg/z6YFH9P/ZuPtgZuQFmZOcrW1H9UNxZSDMukB
/CYhlUK580VobgNsd/v91e1sC9PFBzKQRXij9v+LD/bj
-----END CERTIFICATE-----