Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/pGVWe0w8lugoUQZ-979xl_-B-3I.roa
File:                     pGVWe0w8lugoUQZ-979xl_-B-3I.roa (raw, json)
Hash identifier:          LbElaUnKCk9Bg+fLyXmgBn+O2zSzwnYHINbqbS5NZdI=
Subject key identifier:   A4:65:56:7B:4C:3C:96:E8:28:51:06:7E:F7:BF:71:97:FF:81:FB:72
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0199CD21F2BC2AC81B0F22CFF6DFD48FE1A3
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/pGVWe0w8lugoUQZ-979xl_-B-3I.roa
Signing time:             Fri 10 Oct 2025 07:59:38 +0000
ROA not before:           Fri 10 Oct 2025 07:59:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401443
IP address blocks:        62.72.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Oct 2025 20:33:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:21:f2:bc:2a:c8:1b:0f:22:cf:f6:df:d4:8f:e1:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Oct 10 07:59:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a465567b4c3c96e82851067ef7bf7197ff81fb72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:62:b0:4a:7c:fc:3f:38:d9:94:33:2b:92:1e:
                    9d:d2:1c:0c:fe:e0:a4:f3:a7:45:16:36:0d:5c:a7:
                    47:5d:3a:6d:3c:40:64:87:3c:82:f3:f5:f2:ba:28:
                    3a:98:64:66:f7:9d:7c:58:4f:e7:4e:ae:fe:04:86:
                    ac:dc:0b:ad:54:39:b4:3b:7c:e7:1c:60:88:e3:b0:
                    fa:f8:2b:98:48:d3:79:b9:88:cc:f2:00:57:80:14:
                    aa:c9:4c:71:ce:35:f3:6f:9a:cf:8a:ee:cf:c5:f2:
                    9e:1a:38:78:39:fa:de:30:1a:4a:60:8b:4b:42:56:
                    6c:7b:e4:52:26:f9:7f:e9:e4:81:f6:ab:6b:5b:dc:
                    da:38:55:c0:6a:58:d0:5e:36:44:f2:5c:31:95:33:
                    05:4e:09:a0:3b:dd:64:ee:53:fb:66:e2:be:33:9e:
                    22:35:fd:fe:ba:2a:6d:dc:63:4f:f1:fb:62:92:73:
                    f6:89:49:84:47:0e:8b:df:34:8c:39:c4:53:1f:24:
                    ec:ed:0b:28:8c:ca:83:65:9c:8d:a5:d9:e6:a1:7f:
                    f7:f9:4f:76:98:30:c6:fa:45:b3:0f:2f:d3:e3:1e:
                    ec:5b:d0:e7:2d:61:d8:b0:d4:48:c2:d8:48:9a:50:
                    97:99:56:e2:ab:57:ae:78:32:58:5d:b7:d5:79:1e:
                    b9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:65:56:7B:4C:3C:96:E8:28:51:06:7E:F7:BF:71:97:FF:81:FB:72
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/pGVWe0w8lugoUQZ-979xl_-B-3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:ea:83:39:1b:0a:e4:22:d7:86:4d:48:2a:92:ad:c8:86:6e:
         6d:13:18:b5:f2:d5:49:4a:50:b3:81:8a:5e:e9:b7:32:29:d4:
         ee:a8:62:a5:80:d0:8c:c1:58:12:c7:7c:6f:ea:75:ff:d3:09:
         0c:32:3d:13:0b:50:f1:cb:eb:cc:44:af:58:02:6e:77:e4:b1:
         4a:cf:f6:02:be:6e:2c:a3:72:52:f8:de:e1:c4:33:c4:3d:86:
         7a:21:a3:68:c5:de:4e:d3:c0:62:bd:80:20:9b:81:f3:f3:c3:
         d9:fc:c4:05:8b:dc:21:ed:fe:4c:31:74:df:8f:00:00:67:1a:
         db:4a:ae:c7:98:b7:28:18:bb:3a:d9:ec:2c:f9:fa:98:3b:22:
         62:73:f6:d2:30:2d:98:b6:66:a7:49:c8:bb:bf:95:be:ff:16:
         ec:30:4a:e5:9a:bb:18:0a:d4:19:53:65:18:4b:2c:c8:02:f2:
         4d:9d:3f:58:e1:b9:e3:aa:bf:5d:f2:d0:68:24:fa:6d:e8:90:
         56:e7:7d:d1:34:07:05:5d:6c:7f:91:c5:fd:0e:90:7b:5c:22:
         b1:8b:72:45:3f:21:c8:0b:a1:14:07:01:36:37:53:ea:c5:47:
         ef:33:80:c5:d1:5c:bb:1e:9c:00:ba:b8:61:81:79:93:c3:af:
         32:a9:d5:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnNIfK8KsgbDyLP9t/Uj+GjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUxMDEwMDc1OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDY1NTY3YjRjM2M5NmU4Mjg1MTA2N2VmN2JmNzE5N2ZmODFmYjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmKwSnz8PzjZlDMrkh6d0hwM/uCk
86dFFjYNXKdHXTptPEBkhzyC8/Xyuig6mGRm9518WE/nTq7+BIas3AutVDm0O3zn
HGCI47D6+CuYSNN5uYjM8gBXgBSqyUxxzjXzb5rPiu7PxfKeGjh4OfreMBpKYItL
QlZse+RSJvl/6eSB9qtrW9zaOFXAaljQXjZE8lwxlTMFTgmgO91k7lP7ZuK+M54i
Nf3+uipt3GNP8ftiknP2iUmERw6L3zSMOcRTHyTs7QsojMqDZZyNpdnmoX/3+U92
mDDG+kWzDy/T4x7sW9DnLWHYsNRIwthImlCXmVbiq1eueDJYXbfVeR65mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRlVntMPJboKFEGfve/cZf/gftyMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvcEdWV2UwdzhsdWdvVVFaLTk3OXhsXy1CLTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkijMA0G
CSqGSIb3DQEBCwUAA4IBAQDF6oM5GwrkIteGTUgqkq3Ihm5tExi18tVJSlCzgYpe
6bcyKdTuqGKlgNCMwVgSx3xv6nX/0wkMMj0TC1Dxy+vMRK9YAm535LFKz/YCvm4s
o3JS+N7hxDPEPYZ6IaNoxd5O08BivYAgm4Hz88PZ/MQFi9wh7f5MMXTfjwAAZxrb
Sq7HmLcoGLs62ews+fqYOyJic/bSMC2YtmanSci7v5W+/xbsMErlmrsYCtQZU2UY
SyzIAvJNnT9Y4bnjqr9d8tBoJPpt6JBW533RNAcFXWx/kcX9DpB7XCKxi3JFPyHI
C6EUBwE2N1PqxUfvM4DF0Vy7HpwAurhhgXmTw68yqdXj
-----END CERTIFICATE-----