Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/D8XaxT7I5JFRJkvo3J2dhv_ELuY.roa
File:                     D8XaxT7I5JFRJkvo3J2dhv_ELuY.roa (raw, json)
Hash identifier:          C/8xNeqRzXC3cmESXdioUHl9JoWebCZTdFUNWemwOfY=
Subject key identifier:   0F:C5:DA:C5:3E:C8:E4:91:51:26:4B:E8:DC:9D:9D:86:FF:C4:2E:E6
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01992E17A8156E618C3516CB051FD284CFB0
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/D8XaxT7I5JFRJkvo3J2dhv_ELuY.roa
Signing time:             Tue 09 Sep 2025 10:48:46 +0000
ROA not before:           Tue 09 Sep 2025 10:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        62.72.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2e:17:a8:15:6e:61:8c:35:16:cb:05:1f:d2:84:cf:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Sep  9 10:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fc5dac53ec8e49151264be8dc9d9d86ffc42ee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c5:56:60:8d:7c:9f:a7:48:47:2c:db:d0:a6:
                    e9:d1:f5:bd:22:67:77:4f:b3:70:41:51:9c:74:1b:
                    6a:cc:b9:7d:7f:74:99:6d:d5:d6:62:9a:46:79:85:
                    b3:43:0e:4a:2d:fc:b4:f8:bb:75:73:20:be:00:c8:
                    c0:f9:b7:31:fa:dd:68:20:98:d3:b5:0c:48:50:2d:
                    c3:08:cd:c5:87:85:47:6a:10:fb:93:d2:9c:79:66:
                    75:af:d9:01:4d:37:c4:4c:a3:9e:ac:4a:da:80:26:
                    cb:cf:8b:13:41:ae:d6:57:ef:36:07:d0:e5:e6:87:
                    ee:40:fb:b3:df:23:61:54:91:1f:31:ab:88:c5:5e:
                    52:82:ea:c4:6a:a0:d8:55:60:f6:38:10:6b:c7:74:
                    7b:f7:96:9f:75:b3:23:ad:78:54:a3:e9:9e:3e:83:
                    69:ce:d7:4d:eb:2e:ca:38:34:03:d1:6c:ec:ef:05:
                    b1:4e:71:da:90:a3:cb:09:6b:f0:04:23:47:cb:6c:
                    2b:5d:31:41:36:c5:d1:4f:b0:d6:d4:bd:bd:d6:bd:
                    6a:48:d3:7f:ca:c2:f7:d7:40:b4:76:d2:43:89:37:
                    40:fd:0d:18:3c:a7:e7:c6:ea:39:5b:fe:8b:1a:09:
                    49:33:a0:6b:c1:de:ff:f0:d3:03:ee:69:8a:e6:3f:
                    02:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C5:DA:C5:3E:C8:E4:91:51:26:4B:E8:DC:9D:9D:86:FF:C4:2E:E6
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/D8XaxT7I5JFRJkvo3J2dhv_ELuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:c1:27:af:b7:44:6f:a2:f7:31:3b:7f:6a:33:29:f6:ba:ee:
         db:da:89:6f:af:18:e1:0e:bd:90:05:eb:a1:2a:4e:b8:3a:59:
         f0:05:2d:5b:d4:6e:56:59:49:53:cd:87:44:db:e1:60:d4:6e:
         1b:c8:cb:49:fc:71:69:9d:ad:44:6a:eb:fb:04:67:50:cd:ed:
         b6:b7:9f:32:86:50:87:c4:db:fd:f5:99:95:87:81:fc:2b:b0:
         4c:1b:22:88:3e:85:b1:6c:29:61:81:dd:36:8f:10:12:aa:81:
         8b:88:63:55:a0:7c:e6:52:93:67:b8:40:52:73:e5:84:f3:82:
         9b:75:f6:a5:7a:17:61:a0:88:8c:e7:f3:6b:21:d2:7a:06:d0:
         83:a0:c7:9e:57:18:f6:88:24:fe:37:ba:93:cd:92:c7:3e:c8:
         b4:83:2c:bd:c9:6b:8c:a7:3c:4e:94:28:2b:4e:08:ab:8c:e1:
         de:95:50:4e:ae:08:97:d3:7b:13:f7:0f:98:cf:58:15:78:ff:
         98:ba:75:60:4f:9e:03:4f:4e:ad:74:57:aa:c7:00:b3:64:57:
         ba:5e:45:23:3e:ff:4a:d4:86:5f:0e:29:36:4d:57:de:ec:f2:
         1b:43:ce:b4:a5:37:ee:63:10:99:5c:93:a2:41:c3:16:01:b2:
         83:bd:79:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkuF6gVbmGMNRbLBR/ShM+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwOTA5MTA0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmM1ZGFjNTNlYzhlNDkxNTEyNjRiZThkYzlkOWQ4NmZmYzQyZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusVWYI18n6dIRyzb0Kbp0fW9Imd3
T7NwQVGcdBtqzLl9f3SZbdXWYppGeYWzQw5KLfy0+Lt1cyC+AMjA+bcx+t1oIJjT
tQxIUC3DCM3Fh4VHahD7k9KceWZ1r9kBTTfETKOerEragCbLz4sTQa7WV+82B9Dl
5ofuQPuz3yNhVJEfMauIxV5SgurEaqDYVWD2OBBrx3R795afdbMjrXhUo+mePoNp
ztdN6y7KODQD0Wzs7wWxTnHakKPLCWvwBCNHy2wrXTFBNsXRT7DW1L291r1qSNN/
ysL310C0dtJDiTdA/Q0YPKfnxuo5W/6LGglJM6Brwd7/8NMD7mmK5j8C/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/F2sU+yOSRUSZL6NydnYb/xC7mMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvRDhYYXhUN0k1SkZSSmt2bzNKMmRodl9FTHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki7MA0G
CSqGSIb3DQEBCwUAA4IBAQCowSevt0RvovcxO39qMyn2uu7b2olvrxjhDr2QBeuh
Kk64OlnwBS1b1G5WWUlTzYdE2+Fg1G4byMtJ/HFpna1Eauv7BGdQze22t58yhlCH
xNv99ZmVh4H8K7BMGyKIPoWxbClhgd02jxASqoGLiGNVoHzmUpNnuEBSc+WE84Kb
dfalehdhoIiM5/NrIdJ6BtCDoMeeVxj2iCT+N7qTzZLHPsi0gyy9yWuMpzxOlCgr
TgirjOHelVBOrgiX03sT9w+Yz1gVeP+YunVgT54DT06tdFeqxwCzZFe6XkUjPv9K
1IZfDik2TVfe7PIbQ860pTfuYxCZXJOiQcMWAbKDvXmr
-----END CERTIFICATE-----