Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/CaWXYpKvbSJzF_mYByH9muE8M1Y.roa
File:                     CaWXYpKvbSJzF_mYByH9muE8M1Y.roa (raw, json)
Hash identifier:          EeYUCquk5ABf/u1PAGxiO+fxjOU9b4kobfLQPidgSUo=
Subject key identifier:   09:A5:97:62:92:AF:6D:22:73:17:F9:98:07:21:FD:9A:E1:3C:33:56
Certificate issuer:       /CN=ce56360624cc1b4c49da72bc325f5bb6ab4d8300
Certificate serial:       019716F21B44444A5939DD49A9C5F53AF341
Authority key identifier: CE:56:36:06:24:CC:1B:4C:49:DA:72:BC:32:5F:5B:B6:AB:4D:83:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/CaWXYpKvbSJzF_mYByH9muE8M1Y.roa
Signing time:             Wed 28 May 2025 12:50:54 +0000
ROA not before:           Wed 28 May 2025 12:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28809
IP address blocks:        62.113.48.0/21 maxlen: 24
                          62.113.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 09:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:f2:1b:44:44:4a:59:39:dd:49:a9:c5:f5:3a:f3:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce56360624cc1b4c49da72bc325f5bb6ab4d8300
        Validity
            Not Before: May 28 12:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09a5976292af6d227317f9980721fd9ae13c3356
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ad:18:b8:b7:5a:97:0c:ff:ab:f7:ad:31:cd:
                    dc:86:5b:5a:a5:3e:36:f0:d2:7b:59:41:a1:90:73:
                    d9:81:45:ec:aa:64:a5:21:1d:30:6b:72:13:c1:c7:
                    02:16:77:d3:97:2e:cd:40:57:d0:28:5f:53:63:d4:
                    4b:83:59:ac:b1:17:e2:1a:ca:4a:72:9b:31:78:78:
                    56:1f:e8:e0:30:05:a5:8a:f5:a5:a9:9d:56:0d:e9:
                    10:f1:f2:a8:07:8e:fa:1d:50:3e:2b:4f:b2:f4:f7:
                    0d:25:a3:c7:e6:4e:ee:72:f0:85:d1:dd:80:50:89:
                    3b:4b:2f:0c:07:f1:be:9f:21:13:6d:51:46:a8:d7:
                    b6:6a:a2:d0:b0:1d:e2:d1:57:af:7f:51:2f:d6:9e:
                    46:d1:b4:cb:1e:43:b7:f1:23:8a:01:f9:48:f8:fb:
                    79:3f:fa:a9:7c:43:4c:2a:85:da:1f:13:1a:0c:c8:
                    41:3c:8b:be:75:29:05:b1:db:5c:0e:0b:c1:15:bd:
                    db:48:ed:54:d6:dc:4c:b2:db:4d:d7:08:ad:9f:59:
                    00:6f:fa:a0:eb:10:fe:00:d0:e1:a4:ab:a1:15:21:
                    5d:e9:cf:8f:e7:6c:f5:32:07:04:1a:61:30:ab:47:
                    38:79:4c:b0:8c:54:c3:0b:d6:8d:dd:11:b2:75:a0:
                    3d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:A5:97:62:92:AF:6D:22:73:17:F9:98:07:21:FD:9A:E1:3C:33:56
            X509v3 Authority Key Identifier:
                keyid:CE:56:36:06:24:CC:1B:4C:49:DA:72:BC:32:5F:5B:B6:AB:4D:83:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/CaWXYpKvbSJzF_mYByH9muE8M1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.113.48.0-62.113.57.255

    Signature Algorithm: sha256WithRSAEncryption
         bd:e1:f0:72:1b:49:0d:aa:20:6f:aa:12:5a:d6:47:58:81:fd:
         36:3b:65:ae:44:43:03:8a:b2:c1:1a:53:f7:ac:6a:9a:60:97:
         71:0e:e4:73:6b:b7:5d:50:4e:02:31:65:3f:e2:24:f9:27:48:
         ea:7b:10:6b:6b:18:fe:bd:8f:74:09:39:24:f6:71:1f:5a:13:
         b6:c7:66:49:53:df:16:95:9b:bf:eb:29:d6:7f:4b:6d:f6:4e:
         bb:cc:fb:36:3e:c9:aa:97:9e:3a:6f:4e:97:76:64:47:06:d3:
         19:69:03:e7:4e:85:d0:8c:d8:bc:7c:89:5d:38:c3:b7:18:20:
         c1:97:aa:93:2d:9f:89:11:ba:0e:1d:f3:93:b4:62:a3:f6:e4:
         11:d2:cf:4b:4c:b3:cb:7e:41:24:6a:63:29:ad:b6:77:49:28:
         c9:1a:e0:ed:8e:2c:45:61:4c:40:72:f8:94:5e:68:0e:4f:3f:
         3b:26:29:b7:fa:1f:ab:e8:3c:8f:e6:c2:57:1e:c0:c6:e3:2e:
         11:51:a5:f0:c4:40:9d:dc:ef:bf:df:f1:25:38:88:94:a8:db:
         70:82:e8:fc:2c:e2:2c:20:ed:13:8e:0f:17:c0:e7:d7:1d:6d:
         a4:61:f2:08:5f:f5:75:2f:40:9b:08:34:99:bc:26:dd:d6:ea:
         ea:d4:bd:e6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcW8htEREpZOd1JqcX1OvNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNTYzNjA2MjRjYzFiNGM0OWRhNzJiYzMyNWY1YmI2YWI0
ZDgzMDAwHhcNMjUwNTI4MTI1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWE1OTc2MjkyYWY2ZDIyNzMxN2Y5OTgwNzIxZmQ5YWUxM2MzMzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmK0YuLdalwz/q/etMc3chltapT42
8NJ7WUGhkHPZgUXsqmSlIR0wa3ITwccCFnfTly7NQFfQKF9TY9RLg1mssRfiGspK
cpsxeHhWH+jgMAWlivWlqZ1WDekQ8fKoB476HVA+K0+y9PcNJaPH5k7ucvCF0d2A
UIk7Sy8MB/G+nyETbVFGqNe2aqLQsB3i0Vevf1Ev1p5G0bTLHkO38SOKAflI+Pt5
P/qpfENMKoXaHxMaDMhBPIu+dSkFsdtcDgvBFb3bSO1U1txMsttN1witn1kAb/qg
6xD+ANDhpKuhFSFd6c+P52z1MgcEGmEwq0c4eUywjFTDC9aN3RGydaA9zQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAmll2KSr20icxf5mAch/ZrhPDNWMB8GA1UdIwQY
MBaAFM5WNgYkzBtMSdpyvDJfW7arTYMAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemxZMkJpVE1HMHhKMm5LOE1sOWJ0cXROZ3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85NTc3ZjgtYjhiOC00OTk0LWI4NTUt
YTk4ZWYzMDA4NTgwLzEvQ2FXWFlwS3ZiU0p6Rl9tWUJ5SDltdUU4TTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85NTc3ZjgtYjhiOC00OTk0LWI4NTUtYTk4ZWYzMDA4NTgw
LzEvemxZMkJpVE1HMHhKMm5LOE1sOWJ0cXROZ3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAQ+cTAD
BAE+cTgwDQYJKoZIhvcNAQELBQADggEBAL3h8HIbSQ2qIG+qElrWR1iB/TY7Za5E
QwOKssEaU/esappgl3EO5HNrt11QTgIxZT/iJPknSOp7EGtrGP69j3QJOST2cR9a
E7bHZklT3xaVm7/rKdZ/S232TrvM+zY+yaqXnjpvTpd2ZEcG0xlpA+dOhdCM2Lx8
iV04w7cYIMGXqpMtn4kRug4d85O0YqP25BHSz0tMs8t+QSRqYymttndJKMka4O2O
LEVhTEBy+JReaA5PPzsmKbf6H6voPI/mwlcewMbjLhFRpfDEQJ3c77/f8SU4iJSo
23CC6Pws4iwg7ROODxfA59cdbaRh8ghf9XUvQJsINJm8Jt3W6urUveY=
-----END CERTIFICATE-----