Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/7438dd-e362-4034-a040-de835458da8d/1/aKJTM1Uf5WiFwk0xaQDn_EEx6LY.roa
File:                     aKJTM1Uf5WiFwk0xaQDn_EEx6LY.roa (raw, json)
Hash identifier:          Bk0oWK0Lkt5p+4sdJT9WxyXxSp/0EFpvdzicJ3h6H0Y=
Subject key identifier:   68:A2:53:33:55:1F:E5:68:85:C2:4D:31:69:00:E7:FC:41:31:E8:B6
Certificate issuer:       /CN=196523fe0d6bd9c67e0bcb0098a3c363f2f90f7c
Certificate serial:       019D24941942C1F10D9D2684D6F335063DBA
Authority key identifier: 19:65:23:FE:0D:6B:D9:C6:7E:0B:CB:00:98:A3:C3:63:F2:F9:0F:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GWUj_g1r2cZ-C8sAmKPDY_L5D3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/7438dd-e362-4034-a040-de835458da8d/1/aKJTM1Uf5WiFwk0xaQDn_EEx6LY.roa
Signing time:             Wed 25 Mar 2026 10:39:38 +0000
ROA not before:           Wed 25 Mar 2026 10:39:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205984
IP address blocks:        62.192.160.0/24 maxlen: 24
                          62.192.162.0/24 maxlen: 24
                          62.192.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/7438dd-e362-4034-a040-de835458da8d/1/GWUj_g1r2cZ-C8sAmKPDY_L5D3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/7438dd-e362-4034-a040-de835458da8d/1/GWUj_g1r2cZ-C8sAmKPDY_L5D3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GWUj_g1r2cZ-C8sAmKPDY_L5D3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:94:19:42:c1:f1:0d:9d:26:84:d6:f3:35:06:3d:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=196523fe0d6bd9c67e0bcb0098a3c363f2f90f7c
        Validity
            Not Before: Mar 25 10:39:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68a25333551fe56885c24d316900e7fc4131e8b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:19:c7:c5:f9:b3:13:63:e7:f6:76:5d:91:1e:
                    31:5e:62:4a:93:75:fc:45:e7:08:ed:c4:ed:14:59:
                    85:a2:52:6b:64:22:a4:f7:1e:54:c3:74:f0:46:96:
                    80:59:3b:08:58:82:f7:25:cb:2f:ff:af:45:79:d6:
                    c9:37:bb:ad:55:5b:f4:c4:a5:fa:2f:cd:56:af:59:
                    1c:07:8d:74:b0:4b:6b:54:84:0b:e9:ab:cb:fc:01:
                    c0:85:45:cd:5e:cc:5c:a4:22:9c:0d:84:50:9b:c0:
                    d9:1f:84:84:c0:5a:fd:fc:97:51:73:c3:49:57:12:
                    52:31:66:8d:7c:8e:cf:94:63:ef:d5:4c:5b:b4:62:
                    2b:35:7c:db:e7:80:54:c9:bc:d1:14:56:95:66:08:
                    29:2a:7f:db:f7:aa:57:0e:db:25:69:8f:98:90:00:
                    79:d1:87:0b:e6:63:c3:93:c7:ef:45:0c:76:c0:00:
                    5c:86:6c:a0:bf:62:d2:8c:c2:f5:8d:fb:7c:29:2e:
                    f9:36:07:55:d2:f1:d9:08:54:bb:77:57:02:7f:7b:
                    37:c2:ab:07:42:a2:27:f3:81:a0:d6:2b:3e:ce:86:
                    dc:74:29:f8:da:da:56:f7:c7:55:6f:17:59:99:e4:
                    6c:9f:ba:17:59:07:51:5f:08:8d:8b:19:74:31:70:
                    96:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A2:53:33:55:1F:E5:68:85:C2:4D:31:69:00:E7:FC:41:31:E8:B6
            X509v3 Authority Key Identifier:
                keyid:19:65:23:FE:0D:6B:D9:C6:7E:0B:CB:00:98:A3:C3:63:F2:F9:0F:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GWUj_g1r2cZ-C8sAmKPDY_L5D3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7438dd-e362-4034-a040-de835458da8d/1/aKJTM1Uf5WiFwk0xaQDn_EEx6LY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7438dd-e362-4034-a040-de835458da8d/1/GWUj_g1r2cZ-C8sAmKPDY_L5D3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.160.0/24
                  62.192.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:6e:7b:01:ed:fa:18:ef:b5:48:44:b1:91:44:03:e8:aa:63:
         76:4c:a8:9a:f9:58:4b:da:50:06:d8:22:3a:a3:2b:e2:26:8d:
         59:e2:4f:b1:81:fd:bd:7e:0d:10:22:1c:b7:26:b0:c0:dc:a4:
         82:54:6c:0a:c3:32:e9:f1:3c:79:27:b3:f0:01:20:0b:f2:44:
         cb:be:c7:23:3c:72:49:de:45:4f:0c:11:a1:c0:1b:36:81:5c:
         b5:9d:1c:a8:3e:65:a0:7f:dc:17:cf:fc:f8:cb:4d:87:08:ab:
         4b:80:9b:5a:3b:3a:13:ba:5c:e5:bd:0f:b7:c4:c6:12:21:9f:
         cd:3b:c3:2c:9d:84:a6:5f:0e:e4:ab:f3:3d:8f:b3:0c:cc:64:
         35:bb:2d:3c:39:80:58:c4:cd:d0:f1:01:52:73:48:47:3c:16:
         55:40:e6:e8:71:41:75:71:05:f1:fa:f8:65:94:8c:0e:40:83:
         24:37:ab:69:05:92:e2:b7:00:0d:6f:ab:75:cd:cb:05:f8:aa:
         9b:0f:36:42:f3:3e:6f:7a:d3:c0:5f:c1:5a:2f:d5:55:5f:6e:
         db:c0:c9:6f:50:8d:8c:d5:2e:51:2f:5f:13:23:5b:9f:e7:4c:
         10:1b:b8:b3:60:d9:c0:ea:b4:38:a9:52:a9:38:5a:ee:2d:5e:
         2a:32:1b:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0klBlCwfENnSaE1vM1Bj26MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NjUyM2ZlMGQ2YmQ5YzY3ZTBiY2IwMDk4YTNjMzYzZjJm
OTBmN2MwHhcNMjYwMzI1MTAzOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGEyNTMzMzU1MWZlNTY4ODVjMjRkMzE2OTAwZTdmYzQxMzFlOGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRnHxfmzE2Pn9nZdkR4xXmJKk3X8
RecI7cTtFFmFolJrZCKk9x5Uw3TwRpaAWTsIWIL3Jcsv/69FedbJN7utVVv0xKX6
L81Wr1kcB410sEtrVIQL6avL/AHAhUXNXsxcpCKcDYRQm8DZH4SEwFr9/JdRc8NJ
VxJSMWaNfI7PlGPv1UxbtGIrNXzb54BUybzRFFaVZggpKn/b96pXDtslaY+YkAB5
0YcL5mPDk8fvRQx2wABchmygv2LSjML1jft8KS75NgdV0vHZCFS7d1cCf3s3wqsH
QqIn84Gg1is+zobcdCn42tpW98dVbxdZmeRsn7oXWQdRXwiNixl0MXCWRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGiiUzNVH+VohcJNMWkA5/xBMei2MB8GA1UdIwQY
MBaAFBllI/4Na9nGfgvLAJijw2Py+Q98MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1dVal9nMXIyY1otQzhzQW1LUERZX0w1RDN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi83NDM4ZGQtZTM2Mi00MDM0LWEwNDAt
ZGU4MzU0NThkYThkLzEvYUtKVE0xVWY1V2lGd2sweGFRRG5fRUV4NkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi83NDM4ZGQtZTM2Mi00MDM0LWEwNDAtZGU4MzU0NThkYThk
LzEvR1dVal9nMXIyY1otQzhzQW1LUERZX0w1RDN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPsCgAwQB
PsCiMA0GCSqGSIb3DQEBCwUAA4IBAQA9bnsB7foY77VIRLGRRAPoqmN2TKia+VhL
2lAG2CI6oyviJo1Z4k+xgf29fg0QIhy3JrDA3KSCVGwKwzLp8Tx5J7PwASAL8kTL
vscjPHJJ3kVPDBGhwBs2gVy1nRyoPmWgf9wXz/z4y02HCKtLgJtaOzoTulzlvQ+3
xMYSIZ/NO8MsnYSmXw7kq/M9j7MMzGQ1uy08OYBYxM3Q8QFSc0hHPBZVQObocUF1
cQXx+vhllIwOQIMkN6tpBZLitwANb6t1zcsF+KqbDzZC8z5vetPAX8FaL9VVX27b
wMlvUI2M1S5RL18TI1uf50wQG7izYNnA6rQ4qVKpOFruLV4qMhtu
-----END CERTIFICATE-----