Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/aEuO7f3JtpWyu2f1MPnzErrljgU.roa
File:                     aEuO7f3JtpWyu2f1MPnzErrljgU.roa (raw, json)
Hash identifier:          YH8NEIJKb+pPrmGWzPR+jhBeuD5w3MtFJDL2dbR+PwQ=
Subject key identifier:   68:4B:8E:ED:FD:C9:B6:95:B2:BB:67:F5:30:F9:F3:12:BA:E5:8E:05
Certificate issuer:       /CN=3a4945e46764029d2581d820c3373fa445855539
Certificate serial:       01990A135A48AE1A9EEE1FE4C6EA32B41A43
Authority key identifier: 3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/aEuO7f3JtpWyu2f1MPnzErrljgU.roa
Signing time:             Tue 02 Sep 2025 10:57:44 +0000
ROA not before:           Tue 02 Sep 2025 10:57:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18811
IP address blocks:        62.244.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:13:5a:48:ae:1a:9e:ee:1f:e4:c6:ea:32:b4:1a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a4945e46764029d2581d820c3373fa445855539
        Validity
            Not Before: Sep  2 10:57:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=684b8eedfdc9b695b2bb67f530f9f312bae58e05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:aa:33:65:63:13:8a:78:03:35:cb:59:17:12:
                    75:b2:81:4f:ef:34:17:bd:d0:18:56:62:84:3b:d9:
                    24:2e:18:70:22:2c:62:81:5b:88:76:ee:cc:04:55:
                    f4:55:ba:52:75:e4:30:e8:b0:46:0e:a3:4a:d4:21:
                    8b:39:c9:57:ce:7d:fc:4b:4d:3a:8c:c4:ea:65:fe:
                    86:e2:6e:81:2c:9d:47:43:e6:fd:45:7f:2a:62:47:
                    a2:68:33:a7:e3:d6:90:0a:54:c8:57:cc:b3:6e:fc:
                    cf:2d:9d:6c:26:89:88:c2:e3:49:a1:d0:fd:15:14:
                    42:f8:2a:28:1a:19:19:8c:fd:46:b1:f5:c2:68:b1:
                    4a:27:7f:72:c5:49:c9:bb:4b:db:09:4a:f5:ce:ed:
                    6f:3d:7a:10:a1:66:a1:4a:c4:90:60:52:63:99:41:
                    10:7f:c4:cf:e4:4a:8e:3f:f7:fe:21:c4:a4:cd:27:
                    5a:5c:08:8d:89:de:f2:99:d8:d3:88:7c:3a:62:f0:
                    49:32:59:fa:da:26:c7:a8:e4:a5:06:9e:d6:15:db:
                    26:92:c4:a1:c8:4c:56:3c:3f:2f:ca:69:70:27:d0:
                    96:a6:c9:a9:e2:9f:22:1d:3d:1a:99:54:22:d2:2a:
                    2b:9d:df:80:38:38:c3:b8:8f:40:c1:2e:97:fb:4a:
                    f3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:4B:8E:ED:FD:C9:B6:95:B2:BB:67:F5:30:F9:F3:12:BA:E5:8E:05
            X509v3 Authority Key Identifier:
                keyid:3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/aEuO7f3JtpWyu2f1MPnzErrljgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:68:ed:59:19:32:56:dd:31:c7:60:5b:bd:42:83:9f:aa:16:
         49:26:2c:85:af:16:9c:43:1d:ca:2b:32:87:58:e9:59:59:82:
         14:7a:a5:d8:df:62:f0:b3:95:a6:eb:67:c1:39:d5:f7:38:77:
         2c:f7:ab:c8:10:9e:79:55:fb:77:d7:cc:b5:57:5c:2e:2d:fb:
         dd:e2:17:48:e1:26:bf:b1:61:48:5c:72:34:d8:83:a3:87:c9:
         ad:cd:9b:8b:4d:5a:48:80:0f:0e:c1:ca:c9:2f:13:af:c6:25:
         b3:3d:e1:76:ce:19:25:83:e3:0b:c8:d6:ad:90:25:c6:d1:a8:
         84:ce:b5:cd:b6:1d:e5:8b:d2:e6:72:10:71:57:b4:c7:d5:f2:
         c1:e6:22:f4:6b:c2:0b:42:47:0a:dd:27:55:80:d8:6e:bf:0f:
         d7:b9:a6:c2:36:2c:a5:09:5f:70:2d:90:75:f2:51:78:e7:55:
         3e:53:19:65:db:e4:42:b5:75:ad:b6:2b:77:19:4f:2b:11:f0:
         72:e6:c8:2f:c7:c5:0c:d6:89:64:57:cb:b2:e5:1d:65:cd:3b:
         a5:d4:71:fc:d7:57:b3:77:dd:76:cd:47:7a:8f:f6:dc:0a:40:
         dd:13:f6:fe:cc:b7:c9:24:dc:b1:20:1a:02:98:d0:41:e1:d4:
         83:4d:1c:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkKE1pIrhqe7h/kxuoytBpDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDk0NWU0Njc2NDAyOWQyNTgxZDgyMGMzMzczZmE0NDU4
NTU1MzkwHhcNMjUwOTAyMTA1NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODRiOGVlZGZkYzliNjk1YjJiYjY3ZjUzMGY5ZjMxMmJhZTU4ZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36ozZWMTingDNctZFxJ1soFP7zQX
vdAYVmKEO9kkLhhwIixigVuIdu7MBFX0VbpSdeQw6LBGDqNK1CGLOclXzn38S006
jMTqZf6G4m6BLJ1HQ+b9RX8qYkeiaDOn49aQClTIV8yzbvzPLZ1sJomIwuNJodD9
FRRC+CooGhkZjP1GsfXCaLFKJ39yxUnJu0vbCUr1zu1vPXoQoWahSsSQYFJjmUEQ
f8TP5EqOP/f+IcSkzSdaXAiNid7ymdjTiHw6YvBJMln62ibHqOSlBp7WFdsmksSh
yExWPD8vymlwJ9CWpsmp4p8iHT0amVQi0iornd+AODjDuI9AwS6X+0rzqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhLju39ybaVsrtn9TD58xK65Y4FMB8GA1UdIwQY
MBaAFDpJReRnZAKdJYHYIMM3P6RFhVU5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1Njgt
MzM2YWM5NDU2NDY0LzEvYUV1TzdmM0p0cFd5dTJmMU1QbnpFcnJsamdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1NjgtMzM2YWM5NDU2NDY0
LzEvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPvQlMA0G
CSqGSIb3DQEBCwUAA4IBAQB7aO1ZGTJW3THHYFu9QoOfqhZJJiyFrxacQx3KKzKH
WOlZWYIUeqXY32Lws5Wm62fBOdX3OHcs96vIEJ55Vft318y1V1wuLfvd4hdI4Sa/
sWFIXHI02IOjh8mtzZuLTVpIgA8OwcrJLxOvxiWzPeF2zhklg+MLyNatkCXG0aiE
zrXNth3li9LmchBxV7TH1fLB5iL0a8ILQkcK3SdVgNhuvw/XuabCNiylCV9wLZB1
8lF451U+Uxll2+RCtXWttit3GU8rEfBy5sgvx8UM1olkV8uy5R1lzTul1HH811ez
d912zUd6j/bcCkDdE/b+zLfJJNyxIBoCmNBB4dSDTRyg
-----END CERTIFICATE-----