Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/fT0aDsRX1FkJnwKv0ypSuPvcY0U.roa
File:                     fT0aDsRX1FkJnwKv0ypSuPvcY0U.roa (raw, json)
Hash identifier:          H7e2sDX2zNZvfwgxj4gUwpuxzOl6AcYbj5ok62GbZ70=
Subject key identifier:   7D:3D:1A:0E:C4:57:D4:59:09:9F:02:AF:D3:2A:52:B8:FB:DC:63:45
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0197E45CE6499558ED1847766825C202D39F
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/fT0aDsRX1FkJnwKv0ypSuPvcY0U.roa
Signing time:             Mon 07 Jul 2025 10:09:42 +0000
ROA not before:           Mon 07 Jul 2025 10:09:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        62.72.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 15:09:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:5c:e6:49:95:58:ed:18:47:76:68:25:c2:02:d3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jul  7 10:09:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d3d1a0ec457d459099f02afd32a52b8fbdc6345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ab:8a:c4:2d:21:6c:f5:b7:33:ef:85:d9:c4:
                    a3:44:3a:85:a0:c7:f1:ff:cd:b5:eb:bb:6d:8a:dd:
                    01:d1:74:a9:88:ee:fb:f1:87:da:43:65:91:f6:c5:
                    b6:b4:bb:0f:9b:3e:8c:b7:1f:aa:d0:36:b5:e5:d9:
                    70:39:93:08:8c:c7:4f:e7:2a:c5:98:5a:ac:c9:d9:
                    24:ec:b1:09:9f:f4:ff:15:e6:c3:fc:04:cb:7b:cd:
                    35:88:31:fe:57:54:bd:bc:b7:b7:0a:64:0f:dd:89:
                    13:ca:bc:ce:09:4b:c5:6d:86:fc:34:3b:12:52:94:
                    9e:77:ee:de:85:84:3f:2d:a8:d8:d0:7f:63:a3:57:
                    c7:7b:7a:91:e3:79:e3:c0:cd:e1:fb:db:0f:4c:b7:
                    ae:c0:57:e2:f1:16:15:68:e8:f1:a1:36:97:ad:52:
                    83:97:ec:ff:33:6e:72:96:cd:c5:c5:e5:eb:02:85:
                    c2:de:12:34:bf:44:e8:2a:09:34:b5:87:dd:d7:1c:
                    3d:82:4d:d1:57:d7:ad:89:f7:75:06:c1:f4:bd:53:
                    ff:21:ba:6f:42:1a:e9:bf:0a:2a:d8:1f:88:c2:15:
                    5b:6d:74:b6:f5:2f:4a:9c:3b:15:11:78:15:e4:92:
                    5a:d4:ea:c2:99:f9:2c:f9:eb:f7:7a:e7:f3:06:d7:
                    3a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:3D:1A:0E:C4:57:D4:59:09:9F:02:AF:D3:2A:52:B8:FB:DC:63:45
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/fT0aDsRX1FkJnwKv0ypSuPvcY0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:34:c2:05:f3:60:ac:e2:71:7f:69:44:b7:67:86:f2:b4:a2:
         a8:82:dd:8f:36:c1:ee:4a:4d:80:fe:1a:e7:e1:c1:e7:a5:4f:
         67:eb:70:f5:98:ed:1b:fc:fd:97:eb:1a:59:6f:12:98:f8:cb:
         56:c1:9a:98:46:90:00:12:ad:78:1b:0a:2a:a5:29:ea:42:e3:
         f8:1a:10:d7:ee:0d:bb:53:a2:f8:3f:35:98:8f:af:9b:e0:b3:
         71:7b:57:67:3b:ca:82:17:78:be:cc:35:01:fc:9b:b5:b2:81:
         47:86:f8:ec:fc:eb:44:81:77:e4:63:e2:3e:a3:db:c6:5d:e2:
         ec:f4:bf:7f:91:fc:2e:5c:66:9b:a2:64:9a:ef:cf:f2:20:a7:
         ce:53:d7:5d:cd:90:7c:e9:02:8a:2a:ac:1d:43:04:74:f5:36:
         fb:45:b1:6b:f9:d5:36:1f:b7:99:50:cd:dd:07:cb:c9:25:5d:
         33:37:02:fd:9e:1f:f7:41:93:3d:99:80:b8:39:f2:64:e4:9f:
         b2:60:94:1d:00:8b:94:ad:f0:f7:d4:4f:97:15:56:84:20:23:
         73:3b:52:18:36:b7:83:80:5d:e4:3f:c4:4c:bc:32:2f:51:e6:
         e2:52:4b:fa:2f:ae:5f:7a:98:36:6d:62:5d:06:2c:30:a7:08:
         9c:c9:9c:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfkXOZJlVjtGEd2aCXCAtOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwNzA3MTAwOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDNkMWEwZWM0NTdkNDU5MDk5ZjAyYWZkMzJhNTJiOGZiZGM2MzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnauKxC0hbPW3M++F2cSjRDqFoMfx
/82167ttit0B0XSpiO778YfaQ2WR9sW2tLsPmz6Mtx+q0Da15dlwOZMIjMdP5yrF
mFqsydkk7LEJn/T/FebD/ATLe801iDH+V1S9vLe3CmQP3YkTyrzOCUvFbYb8NDsS
UpSed+7ehYQ/LajY0H9jo1fHe3qR43njwM3h+9sPTLeuwFfi8RYVaOjxoTaXrVKD
l+z/M25yls3FxeXrAoXC3hI0v0ToKgk0tYfd1xw9gk3RV9etifd1BsH0vVP/Ibpv
Qhrpvwoq2B+IwhVbbXS29S9KnDsVEXgV5JJa1OrCmfks+ev3eufzBtc6QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH09Gg7EV9RZCZ8Cr9MqUrj73GNFMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvZlQwYURzUlgxRmtKbndLdjB5cFN1UHZjWTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki7MA0G
CSqGSIb3DQEBCwUAA4IBAQCENMIF82Cs4nF/aUS3Z4bytKKogt2PNsHuSk2A/hrn
4cHnpU9n63D1mO0b/P2X6xpZbxKY+MtWwZqYRpAAEq14GwoqpSnqQuP4GhDX7g27
U6L4PzWYj6+b4LNxe1dnO8qCF3i+zDUB/Ju1soFHhvjs/OtEgXfkY+I+o9vGXeLs
9L9/kfwuXGabomSa78/yIKfOU9ddzZB86QKKKqwdQwR09Tb7RbFr+dU2H7eZUM3d
B8vJJV0zNwL9nh/3QZM9mYC4OfJk5J+yYJQdAIuUrfD31E+XFVaEICNzO1IYNreD
gF3kP8RMvDIvUebiUkv6L65fepg2bWJdBiwwpwicyZz2
-----END CERTIFICATE-----