Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/c83dce-2955-48e6-bd7c-5beafc86651b/1/IqlpwJ2xW0fAs8ZGPBfSTtIDhwE.roa
File:                     IqlpwJ2xW0fAs8ZGPBfSTtIDhwE.roa (raw, json)
Hash identifier:          qbO1Ww6u5GvjQ0O8Z6mDFqL7l1gHc63dxnum3Lg38lg=
Subject key identifier:   22:A9:69:C0:9D:B1:5B:47:C0:B3:C6:46:3C:17:D2:4E:D2:03:87:01
Certificate issuer:       /CN=caae3a54dd03895683eedbc379d1e0dbb06b9bdb
Certificate serial:       01973B599BE84613923AE86B34EF3ACD3043
Authority key identifier: CA:AE:3A:54:DD:03:89:56:83:EE:DB:C3:79:D1:E0:DB:B0:6B:9B:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yq46VN0DiVaD7tvDedHg27Brm9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/c83dce-2955-48e6-bd7c-5beafc86651b/1/IqlpwJ2xW0fAs8ZGPBfSTtIDhwE.roa
Signing time:             Wed 04 Jun 2025 14:30:17 +0000
ROA not before:           Wed 04 Jun 2025 14:30:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44747
IP address blocks:        62.205.0.0/19 maxlen: 19
                          185.158.188.0/22 maxlen: 22
                          2a07:7680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/c83dce-2955-48e6-bd7c-5beafc86651b/1/yq46VN0DiVaD7tvDedHg27Brm9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/c83dce-2955-48e6-bd7c-5beafc86651b/1/yq46VN0DiVaD7tvDedHg27Brm9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yq46VN0DiVaD7tvDedHg27Brm9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 14:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:59:9b:e8:46:13:92:3a:e8:6b:34:ef:3a:cd:30:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caae3a54dd03895683eedbc379d1e0dbb06b9bdb
        Validity
            Not Before: Jun  4 14:30:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22a969c09db15b47c0b3c6463c17d24ed2038701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f4:31:3f:ed:44:ae:4f:4b:81:9e:ee:46:5a:
                    fb:b4:2e:8a:35:71:be:d2:3e:b7:af:44:7f:99:51:
                    a7:5e:4a:5b:94:af:16:fa:ba:c1:9e:8c:0a:c1:83:
                    e4:3f:e3:e7:eb:3e:12:c1:ad:f2:de:1e:39:20:b6:
                    fd:69:63:9f:34:2e:98:8f:4d:83:2a:46:28:66:e7:
                    48:7f:dc:98:ae:56:e4:1b:45:f9:8b:01:d1:47:45:
                    5f:a3:f4:dd:6d:dd:e6:1b:56:1a:f9:02:36:5c:45:
                    4e:e0:77:d4:fd:4c:ac:79:34:66:e7:78:71:bb:86:
                    94:2a:05:f9:c2:d6:b0:03:bc:0d:8f:27:b7:46:aa:
                    14:df:bb:46:88:1c:f5:6d:85:7b:23:0e:d2:08:24:
                    46:9c:25:a2:0b:5c:31:0e:bb:76:6d:8c:e5:dd:a3:
                    4d:a5:fb:cb:16:79:d3:a4:b8:32:df:bc:45:bf:d4:
                    a3:96:5a:ab:bf:de:1c:78:95:f5:d5:c2:46:ea:5e:
                    f9:bf:ef:82:b0:03:01:d7:29:01:5d:01:ff:6d:3f:
                    97:9a:d5:40:ff:27:75:6b:6d:68:9c:07:c0:ed:45:
                    13:55:fc:26:9d:93:a6:ed:b9:6a:99:2a:53:4a:55:
                    6e:17:e8:ac:ec:09:64:9d:9d:ae:2f:56:62:a9:7d:
                    44:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A9:69:C0:9D:B1:5B:47:C0:B3:C6:46:3C:17:D2:4E:D2:03:87:01
            X509v3 Authority Key Identifier:
                keyid:CA:AE:3A:54:DD:03:89:56:83:EE:DB:C3:79:D1:E0:DB:B0:6B:9B:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yq46VN0DiVaD7tvDedHg27Brm9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/c83dce-2955-48e6-bd7c-5beafc86651b/1/IqlpwJ2xW0fAs8ZGPBfSTtIDhwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/c83dce-2955-48e6-bd7c-5beafc86651b/1/yq46VN0DiVaD7tvDedHg27Brm9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.205.0.0/19
                  185.158.188.0/22
                IPv6:
                  2a07:7680::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:85:2e:49:60:cd:3f:72:cc:65:7e:0f:32:9d:35:bd:af:4d:
         69:3b:33:24:3a:17:67:a3:fe:fd:6c:cc:f8:d3:f2:9b:4e:6a:
         53:25:5a:d8:2a:17:f2:82:21:50:3c:be:a8:be:a2:e9:e8:e1:
         73:99:25:cf:b9:a0:34:82:61:54:2e:95:1b:72:e8:a7:b4:d9:
         65:f4:eb:8e:f4:43:8d:bc:50:4a:77:08:36:3c:64:9a:0e:1d:
         ca:9a:e5:45:a1:ad:37:dd:2a:6c:1f:44:8a:4c:dc:8a:f3:29:
         c9:bd:b5:2f:f1:45:ad:64:7a:c3:bb:0d:8c:14:92:86:c8:25:
         60:98:95:c5:21:03:17:ff:60:61:3e:43:57:95:a8:69:68:86:
         3a:79:81:7c:6b:8c:30:1f:ca:2d:46:74:e4:0c:e5:3d:14:f8:
         54:0c:68:ce:5b:57:34:3f:b0:df:fb:4f:3d:cf:a9:97:dd:96:
         1f:d5:30:10:dc:d1:a1:24:6c:fd:8f:41:46:29:2f:52:8a:83:
         ec:da:7a:f6:b5:e9:2d:08:40:47:df:e3:ce:9b:0a:ca:f8:d6:
         f5:ca:9a:b7:01:3d:50:4c:f8:c1:6b:86:ed:ad:1b:3c:21:0d:
         48:39:93:e4:cc:ec:83:cb:f1:60:0e:76:56:16:1b:56:81:59:
         fb:85:84:49
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZc7WZvoRhOSOuhrNO86zTBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYWUzYTU0ZGQwMzg5NTY4M2VlZGJjMzc5ZDFlMGRiYjA2
YjliZGIwHhcNMjUwNjA0MTQzMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmE5NjljMDlkYjE1YjQ3YzBiM2M2NDYzYzE3ZDI0ZWQyMDM4NzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvQxP+1Erk9LgZ7uRlr7tC6KNXG+
0j63r0R/mVGnXkpblK8W+rrBnowKwYPkP+Pn6z4Swa3y3h45ILb9aWOfNC6Yj02D
KkYoZudIf9yYrlbkG0X5iwHRR0Vfo/Tdbd3mG1Ya+QI2XEVO4HfU/UyseTRm53hx
u4aUKgX5wtawA7wNjye3RqoU37tGiBz1bYV7Iw7SCCRGnCWiC1wxDrt2bYzl3aNN
pfvLFnnTpLgy37xFv9Sjllqrv94ceJX11cJG6l75v++CsAMB1ykBXQH/bT+XmtVA
/yd1a21onAfA7UUTVfwmnZOm7blqmSpTSlVuF+is7AlknZ2uL1ZiqX1EiwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCKpacCdsVtHwLPGRjwX0k7SA4cBMB8GA1UdIwQY
MBaAFMquOlTdA4lWg+7bw3nR4Nuwa5vbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXE0NlZOMERpVmFEN3R2RGVkSGcyN0JybTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jODNkY2UtMjk1NS00OGU2LWJkN2Mt
NWJlYWZjODY2NTFiLzEvSXFscHdKMnhXMGZBczhaR1BCZlNUdElEaHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jODNkY2UtMjk1NS00OGU2LWJkN2MtNWJlYWZjODY2NTFi
LzEveXE0NlZOMERpVmFEN3R2RGVkSGcyN0JybTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFPs0AAwQC
uZ68MA0EAgACMAcDBQMqB3aAMA0GCSqGSIb3DQEBCwUAA4IBAQAahS5JYM0/csxl
fg8ynTW9r01pOzMkOhdno/79bMz40/KbTmpTJVrYKhfygiFQPL6ovqLp6OFzmSXP
uaA0gmFULpUbcuintNll9OuO9EONvFBKdwg2PGSaDh3KmuVFoa033SpsH0SKTNyK
8ynJvbUv8UWtZHrDuw2MFJKGyCVgmJXFIQMX/2BhPkNXlahpaIY6eYF8a4wwH8ot
RnTkDOU9FPhUDGjOW1c0P7Df+089z6mX3ZYf1TAQ3NGhJGz9j0FGKS9SioPs2nr2
tektCEBH3+POmwrK+Nb1ypq3AT1QTPjBa4btrRs8IQ1IOZPkzOyDy/FgDnZWFhtW
gVn7hYRJ
-----END CERTIFICATE-----