Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/HH8Kcpq8smSBgspza5cFmPN-h3c.roa
File:                     HH8Kcpq8smSBgspza5cFmPN-h3c.roa (raw, json)
Hash identifier:          b5fuu0JV/7NW/Qsb9kNDCFAwqgLsip8TnrJAwmOdepo=
Subject key identifier:   1C:7F:0A:72:9A:BC:B2:64:81:82:CA:73:6B:97:05:98:F3:7E:87:77
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       0196CE10CF678B131BF75D77E608D0033172
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/HH8Kcpq8smSBgspza5cFmPN-h3c.roa
Signing time:             Wed 14 May 2025 09:12:10 +0000
ROA not before:           Wed 14 May 2025 09:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216468
IP address blocks:        62.108.104.0/23 maxlen: 24
                          62.108.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 09:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:10:cf:67:8b:13:1b:f7:5d:77:e6:08:d0:03:31:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: May 14 09:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c7f0a729abcb2648182ca736b970598f37e8777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:18:65:a2:07:03:ba:e8:e2:01:c6:c3:0b:b3:
                    b9:6a:e5:8d:dd:d3:6d:8b:57:4c:a9:b1:7b:65:6f:
                    ef:13:1b:27:39:df:c7:0b:59:4e:d4:22:6b:0f:c6:
                    90:51:f5:5a:ee:21:d1:e6:7b:c4:1e:50:7b:98:13:
                    80:c1:ce:51:b1:fb:22:49:4b:c0:03:f0:8d:08:e5:
                    3b:81:82:94:89:0d:08:73:82:61:77:a8:1b:d4:aa:
                    00:cb:85:d4:ae:1f:e4:86:8c:87:94:20:1a:50:43:
                    f5:dc:73:64:09:50:54:63:a5:50:1d:58:8d:3b:df:
                    73:83:b7:83:63:7b:8a:98:58:e5:18:7f:7a:79:7f:
                    71:92:03:fb:5c:32:a2:9e:86:81:36:6b:63:27:d5:
                    6c:88:79:be:a0:8c:e7:68:76:ff:e3:fd:e2:2d:78:
                    66:b1:4b:81:b7:4b:4e:c1:b5:16:d4:00:70:a1:95:
                    3c:df:43:98:cf:e8:0e:02:55:0d:a6:4d:ea:1f:a1:
                    8b:b9:c7:f3:75:53:5a:8e:4b:47:44:7b:f1:44:28:
                    c8:a8:b2:eb:64:11:5a:00:4c:3e:3a:bf:84:11:da:
                    6d:9a:29:e0:bd:2d:a4:2c:31:ba:bf:45:67:51:19:
                    6e:33:b0:35:55:93:5c:be:51:a0:14:51:94:50:c7:
                    81:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:7F:0A:72:9A:BC:B2:64:81:82:CA:73:6B:97:05:98:F3:7E:87:77
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/HH8Kcpq8smSBgspza5cFmPN-h3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:d2:fd:5d:0e:9d:12:60:de:6d:f6:87:7f:d4:fc:21:91:bf:
         ac:3f:d1:34:0e:10:73:27:0b:6a:2e:cd:4e:95:e6:6e:5b:83:
         ab:83:7a:a4:40:33:12:a6:f7:0f:f7:30:a1:b6:5d:bf:f6:dc:
         f5:b3:bb:7f:a5:be:45:90:ae:aa:fd:1a:ca:c5:48:4a:94:17:
         db:29:fc:7a:59:e8:eb:7f:9f:5c:c2:d0:8d:31:a8:8b:19:d2:
         b4:76:90:da:13:52:6b:c2:21:bc:8d:03:c5:cd:b7:1d:d2:de:
         e4:22:9a:0f:96:cb:74:d3:db:6f:09:45:d0:c9:a3:ba:c2:64:
         42:cc:28:00:ff:08:3a:a4:af:fd:d6:51:7c:43:7a:2a:01:36:
         d2:4d:9e:98:0e:07:53:c4:83:14:78:4a:f4:42:c0:c4:78:fe:
         5c:6e:b2:7d:0a:90:49:14:2d:a7:9d:05:d3:fd:ba:3c:5f:68:
         ef:82:62:99:f7:30:50:42:5a:9e:79:35:5d:d1:ea:86:0d:2d:
         02:82:53:ff:a9:23:aa:06:f8:7b:ce:2d:3d:5b:09:45:fd:9b:
         b7:95:78:da:84:d4:79:0b:de:21:ef:c9:5b:7c:67:42:76:d3:
         8a:33:0b:bd:47:13:01:f6:25:b7:08:d6:ac:25:99:5c:74:1c:
         bb:66:f1:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbOEM9nixMb91135gjQAzFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjUwNTE0MDkxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzdmMGE3MjlhYmNiMjY0ODE4MmNhNzM2Yjk3MDU5OGYzN2U4Nzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxhlogcDuujiAcbDC7O5auWN3dNt
i1dMqbF7ZW/vExsnOd/HC1lO1CJrD8aQUfVa7iHR5nvEHlB7mBOAwc5RsfsiSUvA
A/CNCOU7gYKUiQ0Ic4Jhd6gb1KoAy4XUrh/khoyHlCAaUEP13HNkCVBUY6VQHViN
O99zg7eDY3uKmFjlGH96eX9xkgP7XDKinoaBNmtjJ9VsiHm+oIznaHb/4/3iLXhm
sUuBt0tOwbUW1ABwoZU830OYz+gOAlUNpk3qH6GLucfzdVNajktHRHvxRCjIqLLr
ZBFaAEw+Or+EEdptmingvS2kLDG6v0VnURluM7A1VZNcvlGgFFGUUMeBAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBx/CnKavLJkgYLKc2uXBZjzfod3MB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvSEg4S2NwcThzbVNCZ3NwemE1Y0ZtUE4taDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPmxoMA0G
CSqGSIb3DQEBCwUAA4IBAQBk0v1dDp0SYN5t9od/1Pwhkb+sP9E0DhBzJwtqLs1O
leZuW4Org3qkQDMSpvcP9zChtl2/9tz1s7t/pb5FkK6q/RrKxUhKlBfbKfx6Wejr
f59cwtCNMaiLGdK0dpDaE1JrwiG8jQPFzbcd0t7kIpoPlst009tvCUXQyaO6wmRC
zCgA/wg6pK/91lF8Q3oqATbSTZ6YDgdTxIMUeEr0QsDEeP5cbrJ9CpBJFC2nnQXT
/bo8X2jvgmKZ9zBQQlqeeTVd0eqGDS0CglP/qSOqBvh7zi09WwlF/Zu3lXjahNR5
C94h78lbfGdCdtOKMwu9RxMB9iW3CNasJZlcdBy7ZvFp
-----END CERTIFICATE-----