Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/bDYS4al9maBekHp3cZ5w3zMia7U.roa
File:                     bDYS4al9maBekHp3cZ5w3zMia7U.roa (raw, json)
Hash identifier:          pOCmKySw+Tb1sm3NtefhOmKXAvO+WJqWskvC+nl7KhQ=
Subject key identifier:   6C:36:12:E1:A9:7D:99:A0:5E:90:7A:77:71:9E:70:DF:33:22:6B:B5
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0198E61B49EDB30794C26F65359036E8FC83
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/bDYS4al9maBekHp3cZ5w3zMia7U.roa
Signing time:             Tue 26 Aug 2025 11:20:04 +0000
ROA not before:           Tue 26 Aug 2025 11:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        62.72.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 22:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e6:1b:49:ed:b3:07:94:c2:6f:65:35:90:36:e8:fc:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Aug 26 11:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c3612e1a97d99a05e907a77719e70df33226bb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:06:73:91:1e:3a:4d:cf:f4:e6:93:74:5f:22:
                    50:27:5b:6b:39:04:74:bc:d6:de:ea:da:8b:bb:6b:
                    89:e2:f6:a2:c2:b8:81:1a:d8:44:bc:04:b0:87:3f:
                    53:cb:5e:a9:99:23:90:5e:84:0b:2a:c8:1a:f1:49:
                    0f:05:8a:5b:ea:4e:36:89:9c:3b:7b:c0:8a:f0:9b:
                    e4:31:b8:15:1b:de:50:57:4e:ee:31:a0:a4:9f:7b:
                    b0:81:00:51:60:42:e9:fb:1d:6f:bd:1a:df:0c:65:
                    2d:79:ea:ca:81:c4:78:22:9e:3e:8b:0e:0e:c3:ea:
                    6a:d3:f8:a2:ef:e9:fa:c8:dc:05:8e:ee:55:4e:20:
                    30:53:fd:60:96:60:c5:7e:81:a8:a6:dc:d7:74:e5:
                    38:a0:03:93:13:39:dc:0f:34:0c:ab:d0:87:0d:41:
                    b7:fa:fa:58:b8:18:d7:00:7a:44:49:2b:fc:55:53:
                    d8:9a:72:29:e8:c2:bd:f4:6c:77:f0:c9:1a:1f:08:
                    83:ea:a0:1c:b4:b0:ef:1f:e8:31:ab:de:52:b5:37:
                    d4:36:03:72:11:d4:1e:f6:64:77:d1:a8:66:ad:fd:
                    6b:4d:f4:23:54:c6:0c:de:bb:18:ff:ad:9d:bd:6a:
                    c2:1b:bf:2f:1b:73:94:8e:23:b2:1e:ff:d0:cd:5e:
                    37:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:36:12:E1:A9:7D:99:A0:5E:90:7A:77:71:9E:70:DF:33:22:6B:B5
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/bDYS4al9maBekHp3cZ5w3zMia7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:bd:8e:10:76:52:90:95:99:43:3a:17:5f:b8:88:2a:88:b1:
         18:34:70:34:4d:ae:a7:00:97:bc:23:b2:0a:97:75:29:70:19:
         0c:9a:6f:4d:b1:0a:39:c0:a0:72:aa:ad:9f:23:0b:1a:46:36:
         83:6e:99:3b:d1:29:3e:f0:d5:20:ee:0d:fe:84:49:d0:51:3b:
         b8:e4:22:e2:b1:58:2f:76:ba:17:91:04:30:63:8e:1c:31:2a:
         3e:b2:9c:f7:37:2a:12:1d:b6:76:29:25:d3:17:2b:9e:65:4a:
         0b:f7:f7:4f:b3:e3:1e:0d:bb:31:00:17:5f:e1:e8:14:19:79:
         08:8f:2f:0e:c7:47:5d:75:ed:7e:9e:55:36:92:81:b3:f0:9a:
         b4:d2:4e:16:1c:8c:85:66:e2:2d:a7:33:3a:f0:d8:8c:69:45:
         5e:d6:31:77:86:34:a3:47:0e:0b:6f:47:26:71:8f:0c:dc:91:
         ad:21:3d:c1:2a:d2:f4:f2:5f:f4:a7:d2:6e:82:ac:bc:90:bf:
         de:eb:77:bd:21:e3:66:b3:e3:72:7a:bf:5c:3d:76:8e:04:17:
         97:62:fd:da:1c:bb:ca:42:67:a0:07:4b:e6:b2:07:46:3d:c3:
         d5:40:c1:1c:38:e7:93:ca:80:57:b7:89:e5:e3:14:70:25:8a:
         e3:b7:7c:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjmG0ntsweUwm9lNZA26PyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwODI2MTEyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzM2MTJlMWE5N2Q5OWEwNWU5MDdhNzc3MTllNzBkZjMzMjI2YmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAZzkR46Tc/05pN0XyJQJ1trOQR0
vNbe6tqLu2uJ4vaiwriBGthEvASwhz9Ty16pmSOQXoQLKsga8UkPBYpb6k42iZw7
e8CK8JvkMbgVG95QV07uMaCkn3uwgQBRYELp+x1vvRrfDGUteerKgcR4Ip4+iw4O
w+pq0/ii7+n6yNwFju5VTiAwU/1glmDFfoGoptzXdOU4oAOTEzncDzQMq9CHDUG3
+vpYuBjXAHpESSv8VVPYmnIp6MK99Gx38MkaHwiD6qActLDvH+gxq95StTfUNgNy
EdQe9mR30ahmrf1rTfQjVMYM3rsY/62dvWrCG78vG3OUjiOyHv/QzV43CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGw2EuGpfZmgXpB6d3GecN8zImu1MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvYkRZUzRhbDltYUJla0hwM2NaNXczek1pYTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki0MA0G
CSqGSIb3DQEBCwUAA4IBAQBRvY4QdlKQlZlDOhdfuIgqiLEYNHA0Ta6nAJe8I7IK
l3UpcBkMmm9NsQo5wKByqq2fIwsaRjaDbpk70Sk+8NUg7g3+hEnQUTu45CLisVgv
droXkQQwY44cMSo+spz3NyoSHbZ2KSXTFyueZUoL9/dPs+MeDbsxABdf4egUGXkI
jy8Ox0ddde1+nlU2koGz8Jq00k4WHIyFZuItpzM68NiMaUVe1jF3hjSjRw4Lb0cm
cY8M3JGtIT3BKtL08l/0p9Jugqy8kL/e63e9IeNms+Nyer9cPXaOBBeXYv3aHLvK
QmegB0vmsgdGPcPVQMEcOOeTyoBXt4nl4xRwJYrjt3z3
-----END CERTIFICATE-----