Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/GeIOKXkutG8FXC6S0uhqDuR2Oyc.roa
File:                     GeIOKXkutG8FXC6S0uhqDuR2Oyc.roa (raw, json)
Hash identifier:          L2U7GDQy2AVnBc0bV7pGyVkcsqpiDhD1aFrAWYtZCHA=
Subject key identifier:   19:E2:0E:29:79:2E:B4:6F:05:5C:2E:92:D2:E8:6A:0E:E4:76:3B:27
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019EDEA57FA57D53E450904D19805ABA76AD
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/GeIOKXkutG8FXC6S0uhqDuR2Oyc.roa
Signing time:             Fri 19 Jun 2026 06:50:48 +0000
ROA not before:           Fri 19 Jun 2026 06:50:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        62.72.185.0/24 maxlen: 24
                          176.57.50.0/24 maxlen: 24
                          176.57.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:de:a5:7f:a5:7d:53:e4:50:90:4d:19:80:5a:ba:76:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 19 06:50:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19e20e29792eb46f055c2e92d2e86a0ee4763b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ce:7b:cd:de:30:7f:f0:73:6e:82:0a:86:ea:
                    8d:4e:7c:04:4b:70:b6:51:c2:92:71:28:bb:92:a8:
                    a5:74:8d:1b:45:00:1e:c2:ae:bb:56:ed:ff:62:e8:
                    f3:ac:f7:33:a0:5b:be:f8:d0:71:e9:45:52:f3:7e:
                    6a:8d:94:d5:85:92:c3:10:a6:83:10:2c:c3:e0:78:
                    59:e9:09:c9:8f:68:d4:88:68:44:c1:dd:eb:c2:24:
                    04:a9:f0:2c:95:0c:9b:bd:e2:b3:0b:e6:26:be:2f:
                    a9:54:b8:e7:10:71:1b:69:47:2a:c9:10:28:c0:88:
                    bf:7c:5f:20:df:ff:ea:2c:eb:21:86:60:5c:d5:bc:
                    96:6d:4e:50:db:d1:7b:a6:5b:4e:84:9c:74:46:b3:
                    c2:3a:e7:68:d7:82:fe:58:3b:3e:59:60:d6:11:91:
                    a4:b2:28:3f:f7:0d:37:d5:9e:fa:40:30:bd:35:8c:
                    5d:ed:45:29:27:cf:4a:a7:38:26:c6:25:bf:4d:22:
                    a6:3a:03:f3:e7:7d:0e:96:87:f7:f1:21:9f:9f:52:
                    fe:ec:99:d6:3c:ab:aa:2a:c0:9a:4c:98:c4:f6:c8:
                    76:2b:c3:76:7b:2b:90:16:d2:1a:bf:43:8a:6a:b5:
                    e5:2f:c0:f3:6e:2b:b2:b6:4b:3a:d7:55:df:ae:1b:
                    09:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E2:0E:29:79:2E:B4:6F:05:5C:2E:92:D2:E8:6A:0E:E4:76:3B:27
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/GeIOKXkutG8FXC6S0uhqDuR2Oyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.185.0/24
                  176.57.50.0/24
                  176.57.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:cf:76:ee:39:16:03:64:3d:f1:97:66:f0:0a:5a:86:77:94:
         5e:e9:6e:e1:fb:7c:a8:42:fa:a4:8e:b0:21:26:15:f7:94:d7:
         d1:b3:65:7e:d3:f3:56:82:fc:cc:b2:55:26:7e:79:2d:29:8c:
         23:06:46:3c:2e:f3:99:8d:fe:66:71:d5:a5:9a:e1:f9:70:c3:
         bd:1f:7c:2c:a0:8a:c4:b0:bc:9c:17:29:de:4b:22:77:05:13:
         02:c4:fc:69:3d:a8:54:8b:d9:1e:20:ef:91:d0:d3:6e:69:6d:
         30:5b:68:21:33:13:10:ee:95:d5:4c:bb:64:03:70:06:2a:72:
         31:7c:70:11:2f:7e:39:94:03:4d:99:eb:92:17:84:87:88:93:
         1a:c2:65:4e:86:91:d6:b8:e6:d7:99:03:1c:aa:a4:22:ab:40:
         95:76:df:84:71:e6:fa:55:0d:18:6a:9f:18:5f:86:25:ac:d9:
         3e:2b:f0:d6:e4:15:79:c4:95:80:b8:e5:ba:96:42:bc:18:3b:
         dc:74:f4:be:d9:71:33:ac:61:1c:f4:35:2c:99:60:4e:0b:12:
         94:07:42:68:a0:37:53:ab:15:9e:18:09:13:b8:9f:59:a7:7f:
         ef:ed:14:8b:1f:8e:fc:f8:80:bd:e0:2e:2f:cf:25:0b:97:0d:
         c5:c0:f7:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7epX+lfVPkUJBNGYBaunatMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwNjE5MDY1MDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWUyMGUyOTc5MmViNDZmMDU1YzJlOTJkMmU4NmEwZWU0NzYzYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp857zd4wf/BzboIKhuqNTnwES3C2
UcKScSi7kqildI0bRQAewq67Vu3/YujzrPczoFu++NBx6UVS835qjZTVhZLDEKaD
ECzD4HhZ6QnJj2jUiGhEwd3rwiQEqfAslQybveKzC+Ymvi+pVLjnEHEbaUcqyRAo
wIi/fF8g3//qLOshhmBc1byWbU5Q29F7pltOhJx0RrPCOudo14L+WDs+WWDWEZGk
sig/9w031Z76QDC9NYxd7UUpJ89KpzgmxiW/TSKmOgPz530Olof38SGfn1L+7JnW
PKuqKsCaTJjE9sh2K8N2eyuQFtIav0OKarXlL8Dzbiuytks611XfrhsJoQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBniDil5LrRvBVwuktLoag7kdjsnMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvR2VJT0tYa3V0RzhGWEM2UzB1aHFEdVIyT3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPki5AwQA
sDkyAwQAsDk3MA0GCSqGSIb3DQEBCwUAA4IBAQAOz3buORYDZD3xl2bwClqGd5Re
6W7h+3yoQvqkjrAhJhX3lNfRs2V+0/NWgvzMslUmfnktKYwjBkY8LvOZjf5mcdWl
muH5cMO9H3wsoIrEsLycFyneSyJ3BRMCxPxpPahUi9keIO+R0NNuaW0wW2ghMxMQ
7pXVTLtkA3AGKnIxfHARL345lANNmeuSF4SHiJMawmVOhpHWuObXmQMcqqQiq0CV
dt+Eceb6VQ0Yap8YX4YlrNk+K/DW5BV5xJWAuOW6lkK8GDvcdPS+2XEzrGEc9DUs
mWBOCxKUB0JooDdTqxWeGAkTuJ9Zp3/v7RSLH478+IC94C4vzyULlw3FwPfR
-----END CERTIFICATE-----