Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/HnQUzsHGqdLWhe9eJs25T-3zS14.roa
File:                     HnQUzsHGqdLWhe9eJs25T-3zS14.roa (raw, json)
Hash identifier:          YP146by7eQkbB1DmmOOCpv5/ycsCOlnjnTQYlXQrPFY=
Subject key identifier:   1E:74:14:CE:C1:C6:A9:D2:D6:85:EF:5E:26:CD:B9:4F:ED:F3:4B:5E
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019A0093364F4092CBCF4C35F117012C05B6
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/HnQUzsHGqdLWhe9eJs25T-3zS14.roa
Signing time:             Mon 20 Oct 2025 07:43:58 +0000
ROA not before:           Mon 20 Oct 2025 07:43:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401937
IP address blocks:        62.72.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:00:93:36:4f:40:92:cb:cf:4c:35:f1:17:01:2c:05:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Oct 20 07:43:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e7414cec1c6a9d2d685ef5e26cdb94fedf34b5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d1:d1:3d:c5:1a:d6:bd:98:b4:5a:0d:e3:01:
                    69:4d:1e:1d:4f:b3:fe:c6:46:11:fb:86:24:48:1a:
                    ec:9a:c3:a8:f3:d1:47:b7:ab:64:fc:0a:a9:4d:b6:
                    05:29:91:ed:ff:59:36:e5:7f:3c:5d:e4:eb:5b:d5:
                    cd:46:f2:1f:02:ff:61:df:4f:9a:a8:f0:b9:69:4b:
                    e2:1c:4b:38:79:0e:d5:69:81:92:cf:a3:b7:7c:cc:
                    9b:23:f9:f2:21:69:38:8a:0b:7b:be:85:2a:f4:e7:
                    cd:fd:37:2d:73:9a:33:8a:a5:19:29:55:4b:e7:cb:
                    b0:0e:db:9c:35:e0:6d:cf:27:52:19:6b:43:c5:24:
                    ee:b2:64:cf:30:72:df:c0:b0:02:ed:b7:00:7d:be:
                    50:ce:2e:34:74:75:05:eb:42:7b:fa:a6:34:12:60:
                    ee:de:26:8d:10:41:a6:14:39:8b:3e:dc:f8:61:99:
                    ff:85:bb:5b:7f:19:a4:8f:18:cc:a9:34:db:ae:be:
                    94:6a:b2:0a:8e:e7:6f:74:8f:fd:dd:0f:39:a9:ae:
                    58:19:64:82:03:3a:e4:66:c7:5b:f7:c0:d0:e2:71:
                    69:44:25:cf:7a:8a:75:aa:c9:59:6a:ad:85:2d:fb:
                    a6:cc:9a:c5:f8:e1:93:b8:96:23:43:00:61:b5:17:
                    a1:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:74:14:CE:C1:C6:A9:D2:D6:85:EF:5E:26:CD:B9:4F:ED:F3:4B:5E
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/HnQUzsHGqdLWhe9eJs25T-3zS14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:23:44:46:c8:d7:2e:98:77:be:00:69:96:21:6d:1e:6d:64:
         3a:56:5e:fc:56:90:31:99:43:e4:d3:28:63:1e:53:59:dd:85:
         80:0b:ae:b9:ba:6a:a6:d9:42:bf:82:f1:c5:b8:c8:5b:34:35:
         b8:e4:2a:f1:3e:dc:d8:80:5d:2c:2a:6f:8e:98:b3:f2:c8:5a:
         3e:e4:2a:a9:f9:61:6c:71:0b:f8:2a:ea:82:3d:25:d7:f4:a3:
         ee:28:32:be:b4:4d:12:a6:36:74:d6:85:e5:6b:a6:f9:86:6c:
         c9:c1:c8:84:72:ea:01:2c:9e:0f:f3:0c:53:34:d7:d3:62:40:
         7f:53:b9:6e:f1:54:e9:76:f2:cf:82:0b:4b:64:9d:f8:0c:ea:
         d2:bd:12:3f:69:c8:6a:6d:be:64:9a:91:46:71:7d:c1:f3:89:
         38:52:d2:b5:db:82:52:8f:0f:90:99:2f:cd:16:6b:d7:92:75:
         3c:09:d5:de:1c:d7:6a:18:6d:c9:8e:25:b7:9b:39:41:58:09:
         f1:bd:cc:a2:62:00:59:65:87:19:6c:9e:93:2f:f8:d5:50:7b:
         1e:bf:e6:b3:0e:e7:68:00:0e:f6:b5:38:0d:18:d7:e0:fa:17:
         07:81:34:72:8a:5a:4a:23:17:d9:6c:13:ba:a3:fa:99:83:ef:
         c0:d4:bd:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoAkzZPQJLLz0w18RcBLAW2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUxMDIwMDc0MzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTc0MTRjZWMxYzZhOWQyZDY4NWVmNWUyNmNkYjk0ZmVkZjM0YjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdHRPcUa1r2YtFoN4wFpTR4dT7P+
xkYR+4YkSBrsmsOo89FHt6tk/AqpTbYFKZHt/1k25X88XeTrW9XNRvIfAv9h30+a
qPC5aUviHEs4eQ7VaYGSz6O3fMybI/nyIWk4igt7voUq9OfN/Tctc5oziqUZKVVL
58uwDtucNeBtzydSGWtDxSTusmTPMHLfwLAC7bcAfb5Qzi40dHUF60J7+qY0EmDu
3iaNEEGmFDmLPtz4YZn/hbtbfxmkjxjMqTTbrr6UarIKjudvdI/93Q85qa5YGWSC
AzrkZsdb98DQ4nFpRCXPeop1qslZaq2FLfumzJrF+OGTuJYjQwBhtRehgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB50FM7BxqnS1oXvXibNuU/t80teMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvSG5RVXpzSEdxZExXaGU5ZUpzMjVULTN6UzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki3MA0G
CSqGSIb3DQEBCwUAA4IBAQACI0RGyNcumHe+AGmWIW0ebWQ6Vl78VpAxmUPk0yhj
HlNZ3YWAC665umqm2UK/gvHFuMhbNDW45CrxPtzYgF0sKm+OmLPyyFo+5Cqp+WFs
cQv4KuqCPSXX9KPuKDK+tE0SpjZ01oXla6b5hmzJwciEcuoBLJ4P8wxTNNfTYkB/
U7lu8VTpdvLPggtLZJ34DOrSvRI/achqbb5kmpFGcX3B84k4UtK124JSjw+QmS/N
FmvXknU8CdXeHNdqGG3JjiW3mzlBWAnxvcyiYgBZZYcZbJ6TL/jVUHsev+azDudo
AA72tTgNGNfg+hcHgTRyilpKIxfZbBO6o/qZg+/A1L2w
-----END CERTIFICATE-----
Generated at Wed Oct 22 01:22:57 2025 by rpki-client