Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/SEeFiz3tStXW9I-MWDoCbj05WJc.roa
File:                     SEeFiz3tStXW9I-MWDoCbj05WJc.roa (raw, json)
Hash identifier:          3Uw2Tnxk96aTwjIxD4+rHbo4Gs/ginuifw8bOJqsGy8=
Subject key identifier:   48:47:85:8B:3D:ED:4A:D5:D6:F4:8F:8C:58:3A:02:6E:3D:39:58:97
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019CF08BF53D4ADEE9D212DCDE265B09CAEC
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/SEeFiz3tStXW9I-MWDoCbj05WJc.roa
Signing time:             Sun 15 Mar 2026 08:10:29 +0000
ROA not before:           Sun 15 Mar 2026 08:10:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398465
IP address blocks:        62.72.172.0/24 maxlen: 24
                          62.72.173.0/24 maxlen: 24
                          81.21.5.0/24 maxlen: 24
                          81.21.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Mar 2026 15:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f0:8b:f5:3d:4a:de:e9:d2:12:dc:de:26:5b:09:ca:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Mar 15 08:10:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4847858b3ded4ad5d6f48f8c583a026e3d395897
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:96:aa:75:9a:8c:8c:48:e2:99:73:6f:14:d4:
                    2f:26:f6:f8:c2:8c:2a:50:6e:1a:ea:f1:bf:cd:f7:
                    85:59:93:65:65:e9:79:16:5e:6f:1c:26:fa:b2:1b:
                    92:a1:a3:65:72:ad:e9:9c:c9:9a:ed:08:9b:ce:db:
                    7c:e3:f6:9e:20:ef:19:11:4c:e3:38:1a:5b:11:2e:
                    b6:d2:79:79:92:45:b9:73:be:1f:ea:5e:bb:36:58:
                    ac:27:24:af:76:73:a1:fb:13:79:68:0b:f4:85:2a:
                    e1:76:74:2e:a1:f4:a9:1b:55:2c:5d:72:31:c0:e6:
                    58:51:92:9c:53:d2:a5:08:70:cd:c4:af:a9:2c:17:
                    bf:6b:e1:0d:b9:05:4d:ff:98:58:fa:d3:d4:2c:9a:
                    1b:3a:fc:59:8f:ec:37:c7:8c:fa:7d:e9:52:cc:78:
                    f1:b2:42:d4:f2:c4:35:f5:0d:23:1f:32:49:c6:2a:
                    c7:c8:ac:2e:37:4e:b6:c7:29:08:bb:37:f7:3a:66:
                    23:a2:8e:58:fd:39:a5:b3:bb:56:3f:16:c8:62:7c:
                    53:ae:00:8b:33:18:0f:c6:16:6d:b0:24:4c:12:68:
                    54:2d:ab:7b:ee:ef:e0:93:0a:0e:07:94:b2:81:3f:
                    44:3d:e6:ee:39:6a:b9:cf:3d:71:23:40:68:a7:21:
                    0c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:47:85:8B:3D:ED:4A:D5:D6:F4:8F:8C:58:3A:02:6E:3D:39:58:97
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/SEeFiz3tStXW9I-MWDoCbj05WJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.172.0/23
                  81.21.5.0-81.21.6.255

    Signature Algorithm: sha256WithRSAEncryption
         5b:72:e1:77:77:f7:b9:29:b6:06:c2:e4:1d:cf:9f:f5:4b:9f:
         63:53:07:df:85:4b:f9:f9:64:9a:e5:91:e6:ea:f8:4a:61:71:
         85:a6:ee:6a:3e:a6:0d:4b:43:29:d6:d9:20:72:5f:ee:75:27:
         f8:a8:09:0b:c1:9e:79:f9:ce:54:02:b7:2f:e7:88:2d:31:f9:
         04:b4:ab:ff:20:f8:4c:a5:10:db:7c:fe:94:ca:d6:4a:8c:fe:
         7d:ad:7d:6a:98:fe:d4:b4:51:0f:df:3e:0c:81:e5:79:b3:70:
         5a:d7:0b:04:4b:9a:7e:6a:11:56:63:20:57:e1:18:48:58:2d:
         a1:7e:4f:33:b4:31:f2:fc:74:c5:08:fc:29:a2:23:3c:d3:6c:
         ae:dd:f8:fa:be:f7:1b:12:74:11:32:c1:9e:e5:de:bd:bb:37:
         fc:d1:12:13:12:48:bd:65:f9:c6:db:0a:e0:2a:2e:92:e4:73:
         a2:0f:09:99:77:9d:80:5e:ff:ee:ef:02:78:34:16:f8:9b:fd:
         82:66:f0:8a:de:e9:12:35:81:1e:33:ca:fb:c6:c8:91:d9:05:
         9e:5a:8a:5f:47:cd:3b:51:8b:5b:f0:72:6c:51:d1:37:83:c7:
         a2:cc:0e:98:b7:33:69:be:b6:3e:81:00:49:cd:56:48:5f:9e:
         4d:1d:8f:fb
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZzwi/U9St7p0hLc3iZbCcrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwMzE1MDgxMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODQ3ODU4YjNkZWQ0YWQ1ZDZmNDhmOGM1ODNhMDI2ZTNkMzk1ODk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JaqdZqMjEjimXNvFNQvJvb4wowq
UG4a6vG/zfeFWZNlZel5Fl5vHCb6shuSoaNlcq3pnMma7Qibztt84/aeIO8ZEUzj
OBpbES620nl5kkW5c74f6l67NlisJySvdnOh+xN5aAv0hSrhdnQuofSpG1UsXXIx
wOZYUZKcU9KlCHDNxK+pLBe/a+ENuQVN/5hY+tPULJobOvxZj+w3x4z6felSzHjx
skLU8sQ19Q0jHzJJxirHyKwuN062xykIuzf3OmYjoo5Y/Tmls7tWPxbIYnxTrgCL
MxgPxhZtsCRMEmhULat77u/gkwoOB5SygT9EPebuOWq5zz1xI0BopyEMfQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEhHhYs97UrV1vSPjFg6Am49OViXMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvU0VlRml6M3RTdFhXOUktTVdEb0NiajA1V0pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBPkisMAwD
BABRFQUDBABRFQYwDQYJKoZIhvcNAQELBQADggEBAFty4Xd397kptgbC5B3Pn/VL
n2NTB9+FS/n5ZJrlkebq+EphcYWm7mo+pg1LQynW2SByX+51J/ioCQvBnnn5zlQC
ty/niC0x+QS0q/8g+EylENt8/pTK1kqM/n2tfWqY/tS0UQ/fPgyB5XmzcFrXCwRL
mn5qEVZjIFfhGEhYLaF+TzO0MfL8dMUI/CmiIzzTbK7d+Pq+9xsSdBEywZ7l3r27
N/zREhMSSL1l+cbbCuAqLpLkc6IPCZl3nYBe/+7vAng0Fvib/YJm8Ire6RI1gR4z
yvvGyJHZBZ5ail9HzTtRi1vwcmxR0TeDx6LMDpi3M2m+tj6BAEnNVkhfnk0dj/s=
-----END CERTIFICATE-----