Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-L-Pf2v2N01voRXjrUR7SgUdyT0.roa
File:                     1-L-Pf2v2N01voRXjrUR7SgUdyT0.roa (raw, json)
Hash identifier:          0CEPTFLbBCgOo9e94/o/jmYhu0BxTE1+MQ9cme2MSrQ=
Subject key identifier:   F8:BF:8F:7F:6B:F6:37:4D:6F:A1:15:E3:AD:44:7B:4A:05:1D:C9:3D
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       0197C2CF6A72AC7D2105D040E8C2C2577394
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-L-Pf2v2N01voRXjrUR7SgUdyT0.roa
Signing time:             Mon 30 Jun 2025 21:47:42 +0000
ROA not before:           Mon 30 Jun 2025 21:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142111
IP address blocks:        45.86.73.0/24 maxlen: 24
                          45.89.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 09:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c2:cf:6a:72:ac:7d:21:05:d0:40:e8:c2:c2:57:73:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jun 30 21:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8bf8f7f6bf6374d6fa115e3ad447b4a051dc93d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9b:59:34:f9:21:92:6c:c5:55:cd:c5:88:c0:
                    01:56:4b:92:16:de:b3:9b:e1:68:15:29:ef:e8:8e:
                    3b:53:ae:cf:3f:e5:a2:45:de:78:34:9d:11:da:38:
                    5c:8d:32:7a:87:7f:3b:cf:27:d3:7f:02:4c:b4:8a:
                    36:fc:99:1d:6a:29:11:c5:93:45:a3:97:d2:7b:04:
                    8b:7c:f9:eb:f7:91:62:90:b3:a7:fc:ff:55:16:30:
                    79:c7:60:21:9b:0f:84:65:b2:b3:b7:c7:d2:1f:3a:
                    a2:f7:8d:bd:71:93:f8:f9:38:1d:23:e9:61:f7:a4:
                    3f:90:c1:8f:3e:4b:c4:22:4d:d9:8f:f6:da:46:6d:
                    77:d7:74:ce:de:87:c2:67:da:bc:01:7c:07:fc:25:
                    ba:3f:7a:a4:93:53:c4:82:7b:90:f6:ed:de:69:7d:
                    28:41:f0:81:1b:1f:74:11:b8:21:8b:45:4f:ff:63:
                    dd:f7:41:46:ed:7e:c7:0c:8c:bf:ad:39:70:5f:c5:
                    71:8f:e5:79:4c:df:23:3a:84:a2:5e:18:b8:1c:c0:
                    cc:9e:53:29:3e:48:3d:1e:01:70:7a:f8:08:49:6b:
                    2c:36:2d:23:bf:10:d0:86:19:4e:4e:1a:ca:84:59:
                    25:dc:9e:4f:fe:71:79:52:e3:59:bf:fc:56:80:7d:
                    42:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:BF:8F:7F:6B:F6:37:4D:6F:A1:15:E3:AD:44:7B:4A:05:1D:C9:3D
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-L-Pf2v2N01voRXjrUR7SgUdyT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.73.0/24
                  45.89.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:38:37:6b:73:27:23:a0:50:5d:83:b3:d2:0e:25:44:62:db:
         e0:e1:a6:6e:02:f9:82:72:65:9a:38:57:89:a7:c3:4f:bb:53:
         25:7c:d9:5b:a1:db:99:06:22:7a:22:2b:79:77:48:da:af:02:
         ab:bf:98:2c:68:da:d1:21:e3:de:07:7e:f7:82:59:a4:8c:d7:
         b1:18:50:a7:8b:67:9d:76:91:24:25:ff:54:94:60:aa:fa:28:
         db:d5:c8:ff:a3:35:ac:2f:1e:4d:e2:0e:84:eb:cc:80:14:40:
         5d:9f:8a:a4:de:87:e9:97:86:43:01:8b:3b:f3:5c:b3:64:3f:
         32:fe:ef:03:dd:78:48:32:73:4d:6c:3a:73:6b:2a:e6:0e:a9:
         ae:63:8d:e1:43:7d:78:99:0c:f4:81:ea:a8:35:4a:43:e1:18:
         be:ab:d9:b3:66:00:82:8a:79:b9:01:d2:ba:71:10:13:59:a3:
         38:b0:68:5a:a0:f8:96:7b:9e:26:4f:90:37:03:e2:9f:f4:18:
         51:88:50:8a:ea:b5:e9:2c:2d:f7:e2:2c:06:64:1c:2a:3c:58:
         d1:28:c7:4c:ed:ca:43:3e:30:b0:9f:a5:bf:54:9a:0a:57:03:
         9b:45:3a:52:6a:16:d9:32:3c:03:03:bf:61:f9:29:9f:e2:39:
         37:f5:c9:b2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZfCz2pyrH0hBdBA6MLCV3OUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwNjMwMjE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGJmOGY3ZjZiZjYzNzRkNmZhMTE1ZTNhZDQ0N2I0YTA1MWRjOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJtZNPkhkmzFVc3FiMABVkuSFt6z
m+FoFSnv6I47U67PP+WiRd54NJ0R2jhcjTJ6h387zyfTfwJMtIo2/JkdaikRxZNF
o5fSewSLfPnr95FikLOn/P9VFjB5x2Ahmw+EZbKzt8fSHzqi9429cZP4+TgdI+lh
96Q/kMGPPkvEIk3Zj/baRm1313TO3ofCZ9q8AXwH/CW6P3qkk1PEgnuQ9u3eaX0o
QfCBGx90Ebghi0VP/2Pd90FG7X7HDIy/rTlwX8Vxj+V5TN8jOoSiXhi4HMDMnlMp
Pkg9HgFwevgISWssNi0jvxDQhhlOThrKhFkl3J5P/nF5UuNZv/xWgH1CmQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPi/j39r9jdNb6EV461Ee0oFHck9MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvMS1MLVBmMnYyTjAxdm9SWGpyVVI3U2dVZHlUMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvNzA0MDcxLThkYzAtNGVkNi05NDU3LWU4NjEyMWM1OTRk
Zi8xL1l2MjJkbFRmWVlUbjFneEJVT3FWTThMUGx3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAC1WSQME
AC1ZaDANBgkqhkiG9w0BAQsFAAOCAQEAUDg3a3MnI6BQXYOz0g4lRGLb4OGmbgL5
gnJlmjhXiafDT7tTJXzZW6HbmQYieiIreXdI2q8Cq7+YLGja0SHj3gd+94JZpIzX
sRhQp4tnnXaRJCX/VJRgqvoo29XI/6M1rC8eTeIOhOvMgBRAXZ+KpN6H6ZeGQwGL
O/Ncs2Q/Mv7vA914SDJzTWw6c2sq5g6prmON4UN9eJkM9IHqqDVKQ+EYvqvZs2YA
gop5uQHSunEQE1mjOLBoWqD4lnueJk+QNwPin/QYUYhQiuq16Swt9+IsBmQcKjxY
0SjHTO3KQz4wsJ+lv1SaClcDm0U6UmoW2TI8AwO/Yfkpn+I5N/XJsg==
-----END CERTIFICATE-----