Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/gf12Uu8Akz7O6ocdD8ZlwFJTd4Q.roa
File:                     gf12Uu8Akz7O6ocdD8ZlwFJTd4Q.roa (raw, json)
Hash identifier:          PyCccM/pMp7WT5yknxMOUGo05NWlo29hqiredCgcI0I=
Subject key identifier:   81:FD:76:52:EF:00:93:3E:CE:EA:87:1D:0F:C6:65:C0:52:53:77:84
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019CB8060132F52409365892F977F61DCBD1
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/gf12Uu8Akz7O6ocdD8ZlwFJTd4Q.roa
Signing time:             Wed 04 Mar 2026 08:45:27 +0000
ROA not before:           Wed 04 Mar 2026 08:45:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60949
IP address blocks:        62.72.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Mar 2026 15:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:06:01:32:f5:24:09:36:58:92:f9:77:f6:1d:cb:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Mar  4 08:45:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81fd7652ef00933eceea871d0fc665c052537784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e9:f0:9f:46:a9:95:23:d3:4c:de:52:ca:57:
                    0e:11:ac:d3:9c:01:75:24:ca:14:60:a1:fd:a4:5d:
                    4a:5b:1f:cd:59:c8:1a:7b:c3:1c:b5:28:57:8c:e9:
                    ba:9b:7d:52:d1:92:76:7f:94:5a:66:7b:63:3c:e0:
                    fe:1e:2b:45:98:85:b0:1a:21:b6:29:a7:42:82:68:
                    10:15:2b:e7:39:df:5e:3d:15:6f:43:ce:5d:25:de:
                    81:70:63:ac:c4:97:1f:ab:43:e2:fe:d5:19:21:72:
                    92:4a:7b:fb:2c:91:fa:39:85:18:b9:70:4a:9b:fa:
                    a8:6c:1a:3f:ff:3e:60:cb:38:08:24:d1:bc:3d:ae:
                    8d:a5:3c:ce:76:75:73:98:c2:29:35:f9:0c:dc:37:
                    79:40:e5:d2:77:a0:c2:c4:0a:aa:20:6f:05:b9:b9:
                    04:72:79:a3:1a:7a:f8:25:1e:a6:cb:e7:8c:18:ac:
                    03:0c:f9:68:af:58:f8:b3:6d:0e:27:00:09:e6:a0:
                    08:34:5f:c7:1a:fb:a6:df:40:f9:b7:0e:80:bf:a4:
                    4b:a9:03:34:19:f3:81:67:b1:9a:66:09:52:93:a3:
                    0d:4a:6d:f0:4d:47:bb:6c:97:33:d3:5c:93:38:42:
                    1a:63:81:ab:1c:a7:d5:91:d8:67:b2:c0:02:49:bf:
                    0b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:FD:76:52:EF:00:93:3E:CE:EA:87:1D:0F:C6:65:C0:52:53:77:84
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/gf12Uu8Akz7O6ocdD8ZlwFJTd4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:09:98:6b:60:f2:11:20:7d:74:18:f6:aa:57:6c:70:47:d2:
         5a:61:75:0f:41:b8:f0:e5:49:da:b4:f0:2e:24:f5:18:e8:89:
         fa:cc:09:49:a3:83:c1:b0:58:f9:37:cf:72:95:fa:c9:b9:0f:
         17:99:98:45:ef:46:26:e7:dd:54:98:b5:b1:12:42:7d:72:f6:
         ce:a6:b4:73:64:78:fa:e0:0a:d3:5b:be:d7:23:a1:db:f5:ff:
         69:ec:d2:fd:3b:31:16:da:2f:75:fe:e4:df:b9:7b:db:d9:26:
         9d:ab:07:c8:14:41:a3:c7:7f:9f:16:16:74:33:0c:4f:88:6b:
         12:24:50:fc:01:13:55:a2:82:cf:76:00:3a:3e:0a:8b:0c:81:
         8f:aa:6b:91:1c:06:2e:c7:cd:f3:00:be:2b:c3:d9:c7:99:c3:
         36:69:d7:58:c4:89:ed:e6:b5:65:b1:a1:bd:db:48:22:88:6a:
         c3:3f:63:d6:dd:3a:f9:8b:20:24:87:21:09:38:30:2d:d4:d6:
         34:00:ef:16:48:81:eb:a6:e6:e4:fc:35:b9:a1:cf:dd:dd:cb:
         7d:4d:fc:20:a0:94:54:47:b7:f5:e3:9f:d9:4b:ca:3e:a7:cc:
         11:db:23:00:98:2f:84:39:e4:e3:be:4f:14:b7:0d:59:f0:50:
         29:3e:07:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy4BgEy9SQJNliS+Xf2HcvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwMzA0MDg0NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWZkNzY1MmVmMDA5MzNlY2VlYTg3MWQwZmM2NjVjMDUyNTM3Nzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApunwn0aplSPTTN5SylcOEazTnAF1
JMoUYKH9pF1KWx/NWcgae8MctShXjOm6m31S0ZJ2f5RaZntjPOD+HitFmIWwGiG2
KadCgmgQFSvnOd9ePRVvQ85dJd6BcGOsxJcfq0Pi/tUZIXKSSnv7LJH6OYUYuXBK
m/qobBo//z5gyzgIJNG8Pa6NpTzOdnVzmMIpNfkM3Dd5QOXSd6DCxAqqIG8FubkE
cnmjGnr4JR6my+eMGKwDDPlor1j4s20OJwAJ5qAINF/HGvum30D5tw6Av6RLqQM0
GfOBZ7GaZglSk6MNSm3wTUe7bJcz01yTOEIaY4GrHKfVkdhnssACSb8LEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIH9dlLvAJM+zuqHHQ/GZcBSU3eEMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvZ2YxMlV1OEFrejdPNm9jZEQ4Wmx3RkpUZDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkipMA0G
CSqGSIb3DQEBCwUAA4IBAQBPCZhrYPIRIH10GPaqV2xwR9JaYXUPQbjw5UnatPAu
JPUY6In6zAlJo4PBsFj5N89ylfrJuQ8XmZhF70Ym591UmLWxEkJ9cvbOprRzZHj6
4ArTW77XI6Hb9f9p7NL9OzEW2i91/uTfuXvb2SadqwfIFEGjx3+fFhZ0MwxPiGsS
JFD8ARNVooLPdgA6PgqLDIGPqmuRHAYux83zAL4rw9nHmcM2addYxInt5rVlsaG9
20giiGrDP2PW3Tr5iyAkhyEJODAt1NY0AO8WSIHrpubk/DW5oc/d3ct9TfwgoJRU
R7f145/ZS8o+p8wR2yMAmC+EOeTjvk8Utw1Z8FApPgdf
-----END CERTIFICATE-----