Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/R7xnYizQsFSikcxzzr8DCMORKAY.roa
File:                     R7xnYizQsFSikcxzzr8DCMORKAY.roa (raw, json)
Hash identifier:          h4gnOCI4VFc+498pf/ktuDMrXkfB3nRKCIJGerac/N8=
Subject key identifier:   47:BC:67:62:2C:D0:B0:54:A2:91:CC:73:CE:BF:03:08:C3:91:28:06
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       019E20CAB81CDA4FFA735C9B40174415EFE1
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/R7xnYizQsFSikcxzzr8DCMORKAY.roa
Signing time:             Wed 13 May 2026 10:03:36 +0000
ROA not before:           Wed 13 May 2026 10:03:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        62.3.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:ca:b8:1c:da:4f:fa:73:5c:9b:40:17:44:15:ef:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: May 13 10:03:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47bc67622cd0b054a291cc73cebf0308c3912806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cf:e2:f5:33:c7:59:8f:40:e6:27:65:7d:e6:
                    af:b0:67:a4:a8:39:68:2e:3f:8e:6d:ea:2c:71:42:
                    32:1c:f5:15:73:4a:af:aa:26:de:31:64:36:f9:ad:
                    ab:e4:2d:fc:a3:40:6d:3a:bf:e1:93:f7:5e:85:3a:
                    35:05:f1:8c:0a:2c:e5:10:41:26:ce:ed:f1:d1:e9:
                    64:3c:da:f6:da:70:9f:ae:8d:61:a1:9a:1d:2d:07:
                    65:d4:9b:03:38:1a:b7:b9:fd:90:3b:b1:be:af:3d:
                    30:c5:92:fb:9c:2c:1e:7c:e5:c0:57:cf:81:c2:df:
                    ef:da:bf:85:35:65:78:b3:c5:06:e6:66:6e:da:ca:
                    d0:9d:19:6c:4d:1c:31:ca:a5:42:eb:51:23:86:6d:
                    0b:49:78:75:fc:85:bd:2d:b0:4d:4e:4c:60:3e:cc:
                    d6:b9:8b:34:9d:76:ab:05:d6:ba:40:18:1c:ef:78:
                    65:15:a8:2d:82:91:dc:a8:9f:42:cf:ba:32:32:29:
                    77:65:a6:5a:5d:2c:8b:4b:73:f0:68:87:ed:1d:41:
                    da:14:b1:9e:0c:f7:7c:e4:e5:1d:73:64:43:26:da:
                    a7:bd:ee:ec:2e:82:2b:1a:a3:95:3c:2d:ee:fe:9e:
                    77:05:01:0d:90:93:62:6a:39:0c:34:d8:bc:a6:81:
                    4e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BC:67:62:2C:D0:B0:54:A2:91:CC:73:CE:BF:03:08:C3:91:28:06
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/R7xnYizQsFSikcxzzr8DCMORKAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:55:f6:39:0d:a2:92:38:01:eb:33:4e:e8:51:05:41:52:1b:
         79:6f:60:26:62:73:15:08:54:e8:cd:07:2f:99:8c:85:78:81:
         9e:81:bb:6c:74:e6:3e:37:e6:e0:51:0f:30:a7:c8:22:3a:7e:
         81:94:c2:75:3d:fd:a4:74:2c:52:5f:93:84:4c:5f:e6:af:bc:
         98:57:43:cd:52:a0:8a:68:73:6b:2e:23:a4:59:46:1c:70:b8:
         1f:c8:2b:33:ec:4a:53:65:26:db:a8:f6:92:69:f7:bd:db:83:
         39:9e:09:45:ae:b5:68:cf:7f:57:73:54:b8:a5:79:80:eb:04:
         66:d1:e6:a9:0d:46:e7:9f:3e:f6:72:08:8e:0b:b7:a5:1b:c1:
         2d:ae:b3:74:5e:90:fc:31:33:94:2e:e6:23:b5:bf:61:0e:ff:
         e9:22:21:07:cb:aa:22:47:04:38:47:57:9c:55:f3:88:db:d9:
         74:e5:cf:50:12:99:87:45:a3:17:d3:2a:b3:67:9e:db:64:dc:
         9e:dd:58:a5:d5:77:a6:e8:23:1c:ae:d7:37:3b:73:a4:77:ac:
         e8:ae:17:a8:f8:76:be:f9:df:a0:81:ff:cf:68:2d:07:b9:70:
         60:9d:c1:70:82:50:ff:bc:fb:19:e4:14:15:58:32:8a:23:54:
         46:99:ec:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4gyrgc2k/6c1ybQBdEFe/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjYwNTEzMTAwMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JjNjc2MjJjZDBiMDU0YTI5MWNjNzNjZWJmMDMwOGMzOTEyODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos/i9TPHWY9A5idlfeavsGekqDlo
Lj+ObeoscUIyHPUVc0qvqibeMWQ2+a2r5C38o0BtOr/hk/dehTo1BfGMCizlEEEm
zu3x0elkPNr22nCfro1hoZodLQdl1JsDOBq3uf2QO7G+rz0wxZL7nCwefOXAV8+B
wt/v2r+FNWV4s8UG5mZu2srQnRlsTRwxyqVC61Ejhm0LSXh1/IW9LbBNTkxgPszW
uYs0nXarBda6QBgc73hlFagtgpHcqJ9Cz7oyMil3ZaZaXSyLS3PwaIftHUHaFLGe
DPd85OUdc2RDJtqnve7sLoIrGqOVPC3u/p53BQENkJNiajkMNNi8poFOTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEe8Z2Is0LBUopHMc86/AwjDkSgGMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvUjd4bllpelFzRlNpa2N4enpyOERDTU9SS0FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgM2MA0G
CSqGSIb3DQEBCwUAA4IBAQAVVfY5DaKSOAHrM07oUQVBUht5b2AmYnMVCFTozQcv
mYyFeIGegbtsdOY+N+bgUQ8wp8giOn6BlMJ1Pf2kdCxSX5OETF/mr7yYV0PNUqCK
aHNrLiOkWUYccLgfyCsz7EpTZSbbqPaSafe924M5nglFrrVoz39Xc1S4pXmA6wRm
0eapDUbnnz72cgiOC7elG8EtrrN0XpD8MTOULuYjtb9hDv/pIiEHy6oiRwQ4R1ec
VfOI29l05c9QEpmHRaMX0yqzZ57bZNye3Vil1Xem6CMcrtc3O3Okd6zorheo+Ha+
+d+ggf/PaC0HuXBgncFwglD/vPsZ5BQVWDKKI1RGmexA
-----END CERTIFICATE-----