Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/vI4OFivT89O9243mI_1fzU94Pao.roa
File:                     vI4OFivT89O9243mI_1fzU94Pao.roa (raw, json)
Hash identifier:          vkj2cXgQH1KS/H+As5+qw6+hxQEc0denm5Wi71uvRzE=
Subject key identifier:   BC:8E:0E:16:2B:D3:F3:D3:BD:DB:8D:E6:23:FD:5F:CD:4F:78:3D:AA
Certificate issuer:       /CN=3a4945e46764029d2581d820c3373fa445855539
Certificate serial:       019CBDC36C36A88A2DA4640F7CDDC681E7BF
Authority key identifier: 3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/vI4OFivT89O9243mI_1fzU94Pao.roa
Signing time:             Thu 05 Mar 2026 11:30:26 +0000
ROA not before:           Thu 05 Mar 2026 11:30:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202656
IP address blocks:        62.244.39.0/24 maxlen: 24
                          62.244.47.0/24 maxlen: 24
                          62.244.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 11:30:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:c3:6c:36:a8:8a:2d:a4:64:0f:7c:dd:c6:81:e7:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a4945e46764029d2581d820c3373fa445855539
        Validity
            Not Before: Mar  5 11:30:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc8e0e162bd3f3d3bddb8de623fd5fcd4f783daa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c8:a3:b8:04:d3:b4:78:b9:11:47:e5:c1:9d:
                    43:70:9a:8c:fe:2e:0d:3c:e5:ee:fc:11:28:ac:3d:
                    3f:7b:9c:34:dd:b5:b4:29:3a:b0:6d:2d:48:f2:ee:
                    40:4c:02:bd:e7:5a:44:9c:c2:b7:2f:c1:df:6e:31:
                    57:75:a7:0c:f7:4b:b3:69:4e:68:a7:80:c9:72:3a:
                    0a:d2:a9:fb:04:94:74:b5:6a:40:9d:b6:6f:32:4a:
                    d5:d9:a7:71:ef:6f:51:54:ca:04:d3:ec:f2:87:80:
                    fe:ef:cf:05:96:b9:14:14:fd:d6:58:4c:d8:19:11:
                    77:65:de:d4:8b:0f:96:ea:46:30:ca:f9:ca:14:77:
                    53:47:8b:84:88:29:d9:0f:9f:75:95:9f:08:b4:90:
                    5b:b7:33:a6:cd:bb:62:b2:a8:20:f2:73:9a:a0:fa:
                    30:01:95:51:90:8b:f6:b2:3f:48:88:c0:25:72:86:
                    d2:77:ca:98:76:6e:30:ec:8c:06:30:d7:b6:89:7e:
                    f1:71:df:fc:c7:00:de:88:aa:e7:ca:c3:37:45:4b:
                    65:39:84:6c:7d:a5:7b:68:0c:ee:d2:a2:8f:e7:60:
                    47:6c:ba:d0:76:fe:ee:a9:37:df:35:f5:7f:f4:a7:
                    f3:87:57:05:6d:b6:38:50:24:ce:b5:d3:e1:7e:db:
                    6c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8E:0E:16:2B:D3:F3:D3:BD:DB:8D:E6:23:FD:5F:CD:4F:78:3D:AA
            X509v3 Authority Key Identifier:
                keyid:3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/vI4OFivT89O9243mI_1fzU94Pao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.39.0/24
                  62.244.47.0/24
                  62.244.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ca:c5:1c:3c:53:f6:3c:b9:c2:c6:38:ee:d8:6a:96:05:4f:
         5f:4e:d4:90:30:30:0c:5a:ed:41:e6:30:2b:a0:6d:f9:cf:a8:
         af:77:f5:82:43:a6:e4:44:12:02:89:43:f5:10:17:76:33:35:
         fc:e2:d5:c8:23:f2:7e:93:75:d9:79:ba:07:a1:d6:19:25:9b:
         5d:82:0d:1b:10:05:dd:75:53:8e:c9:ef:b3:30:fe:c9:a4:77:
         b7:58:0d:85:24:9f:06:0b:22:6f:12:7d:98:f4:67:2a:2d:1f:
         bf:df:99:9e:65:dc:e2:89:ae:a9:ad:51:66:2d:b7:bf:be:80:
         bd:7b:ce:0b:b6:9b:39:e4:c4:d6:da:42:aa:d7:2d:8d:60:5d:
         db:64:e4:b0:45:c4:73:25:dd:24:1c:00:f8:a9:3e:4e:29:a7:
         53:d8:9c:0c:27:d9:ae:19:1a:15:88:4f:b4:bc:41:d9:89:62:
         d8:08:46:a7:d3:51:58:d4:e3:95:37:d2:b1:be:8f:fc:16:a9:
         d0:79:9b:ff:e6:b0:a3:79:49:6e:83:a9:b4:2c:84:db:0c:f9:
         39:b3:74:59:f2:1f:21:8f:a9:b5:49:bd:65:19:3e:29:90:12:
         44:52:26:ea:a8:79:95:44:69:a5:e4:a8:f5:b6:b9:09:7b:bf:
         f7:48:a7:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy9w2w2qIotpGQPfN3Ggee/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDk0NWU0Njc2NDAyOWQyNTgxZDgyMGMzMzczZmE0NDU4
NTU1MzkwHhcNMjYwMzA1MTEzMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzhlMGUxNjJiZDNmM2QzYmRkYjhkZTYyM2ZkNWZjZDRmNzgzZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosijuATTtHi5EUflwZ1DcJqM/i4N
POXu/BEorD0/e5w03bW0KTqwbS1I8u5ATAK951pEnMK3L8HfbjFXdacM90uzaU5o
p4DJcjoK0qn7BJR0tWpAnbZvMkrV2adx729RVMoE0+zyh4D+788FlrkUFP3WWEzY
GRF3Zd7Uiw+W6kYwyvnKFHdTR4uEiCnZD591lZ8ItJBbtzOmzbtisqgg8nOaoPow
AZVRkIv2sj9IiMAlcobSd8qYdm4w7IwGMNe2iX7xcd/8xwDeiKrnysM3RUtlOYRs
faV7aAzu0qKP52BHbLrQdv7uqTffNfV/9Kfzh1cFbbY4UCTOtdPhftts6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLyODhYr0/PTvduN5iP9X81PeD2qMB8GA1UdIwQY
MBaAFDpJReRnZAKdJYHYIMM3P6RFhVU5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1Njgt
MzM2YWM5NDU2NDY0LzEvdkk0T0ZpdlQ4OU85MjQzbUlfMWZ6VTk0UGFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1NjgtMzM2YWM5NDU2NDY0
LzEvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPvQnAwQA
PvQvAwQAPvQ2MA0GCSqGSIb3DQEBCwUAA4IBAQA1ysUcPFP2PLnCxjju2GqWBU9f
TtSQMDAMWu1B5jAroG35z6ivd/WCQ6bkRBICiUP1EBd2MzX84tXII/J+k3XZeboH
odYZJZtdgg0bEAXddVOOye+zMP7JpHe3WA2FJJ8GCyJvEn2Y9GcqLR+/35meZdzi
ia6prVFmLbe/voC9e84Ltps55MTW2kKq1y2NYF3bZOSwRcRzJd0kHAD4qT5OKadT
2JwMJ9muGRoViE+0vEHZiWLYCEan01FY1OOVN9Kxvo/8FqnQeZv/5rCjeUlug6m0
LITbDPk5s3RZ8h8hj6m1Sb1lGT4pkBJEUibqqHmVRGml5Kj1trkJe7/3SKdu
-----END CERTIFICATE-----