Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/i29Dnh2kXGiv2yqK76-7vmxUqHk.roa
File:                     i29Dnh2kXGiv2yqK76-7vmxUqHk.roa (raw, json)
Hash identifier:          vCaTmwFWC8Tk0O4g86hzSYP6Qj1wQnNBboWlzkJop3s=
Subject key identifier:   8B:6F:43:9E:1D:A4:5C:68:AF:DB:2A:8A:EF:AF:BB:BE:6C:54:A8:79
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0198A224E9244F6FE1C32053AEE5B2ACC114
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/i29Dnh2kXGiv2yqK76-7vmxUqHk.roa
Signing time:             Wed 13 Aug 2025 06:36:24 +0000
ROA not before:           Wed 13 Aug 2025 06:36:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213456
IP address blocks:        62.60.131.0/24 maxlen: 24
                          62.60.134.0/24 maxlen: 24
                          62.60.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:24:e9:24:4f:6f:e1:c3:20:53:ae:e5:b2:ac:c1:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Aug 13 06:36:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b6f439e1da45c68afdb2a8aefafbbbe6c54a879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6c:82:d3:6c:5b:34:36:65:42:9d:d1:eb:75:
                    13:f4:60:08:cf:61:7c:da:19:56:f7:9a:3d:99:42:
                    b2:c8:8f:15:bf:a4:64:b7:fe:d1:67:34:90:6c:a6:
                    cb:e5:19:89:69:1f:8e:e3:9d:25:5e:c7:14:ff:ab:
                    01:42:47:8e:c7:17:2c:2e:a8:29:ff:95:fa:63:6a:
                    4c:1e:0d:f2:89:d1:61:03:f8:5d:84:ec:aa:c7:b5:
                    dd:b1:92:9b:de:e8:84:c5:71:17:01:32:78:9e:5f:
                    8d:f1:82:5e:d8:e7:75:9e:73:36:0a:ec:5a:90:f1:
                    5b:e2:b3:68:f9:2a:83:35:f6:41:5b:d1:30:32:88:
                    aa:38:ef:83:0d:83:74:ed:0f:1d:3f:be:62:cf:24:
                    c6:63:b4:76:74:e5:00:4b:b3:f4:9c:98:83:fe:2e:
                    ed:6b:d6:0c:f2:d6:7b:d7:7a:52:61:8b:bc:d6:b6:
                    ae:73:39:54:25:e3:91:c5:fd:16:c4:ae:e7:ae:94:
                    0d:30:17:fa:d4:f4:df:e8:0c:93:2d:c2:e3:14:1c:
                    1c:20:79:00:cc:3f:4a:3f:aa:6a:32:f9:ad:84:39:
                    e5:84:87:48:77:fe:63:c2:b4:19:bb:0c:42:5c:c5:
                    8d:b0:62:a0:ad:e0:f7:fd:b7:84:4f:59:06:a4:78:
                    b8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:6F:43:9E:1D:A4:5C:68:AF:DB:2A:8A:EF:AF:BB:BE:6C:54:A8:79
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/i29Dnh2kXGiv2yqK76-7vmxUqHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.131.0/24
                  62.60.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:18:99:3e:07:cb:15:40:f0:6a:e0:6f:d8:2f:48:ac:6f:e0:
         3e:34:8c:d8:f2:12:7a:e0:0f:5d:97:93:4f:d4:27:a5:e2:83:
         f9:14:fd:57:41:98:79:3a:c2:7a:f5:3a:67:4e:40:87:f7:49:
         9c:de:d4:f2:77:62:62:cc:f6:76:78:b9:d9:0e:fc:26:f6:be:
         7d:fa:f8:75:41:01:ca:75:df:4c:a2:04:ce:5d:4a:03:d8:3a:
         1c:b9:79:6e:6e:30:68:20:b9:ca:6d:6d:d3:1f:99:6b:98:12:
         71:1f:c4:48:f2:d6:b7:de:e7:b9:d3:13:f8:66:8f:0c:b0:40:
         ce:20:a5:8e:05:29:a3:c7:e3:53:e1:0d:7c:ca:9a:ac:d0:f6:
         db:e2:07:56:7c:00:6a:bb:b8:34:69:1a:0d:2d:6a:31:9a:b4:
         51:0f:ba:46:6b:66:e5:25:15:98:97:7c:96:59:e7:cd:fb:f2:
         8f:85:9f:ce:34:3c:22:fd:9f:69:af:91:42:46:fb:8e:a9:67:
         3b:f1:68:69:22:6d:e6:a1:b9:04:5a:e1:b0:5c:da:6f:07:1b:
         39:a9:bb:46:32:4d:3f:a8:cd:a8:80:1c:08:67:34:a1:3d:ca:
         a4:5e:1b:4d:c5:69:2a:a1:95:31:ab:63:6a:bd:69:c5:92:22:
         e6:fc:04:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiiJOkkT2/hwyBTruWyrMEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwODEzMDYzNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjZmNDM5ZTFkYTQ1YzY4YWZkYjJhOGFlZmFmYmJiZTZjNTRhODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2yC02xbNDZlQp3R63UT9GAIz2F8
2hlW95o9mUKyyI8Vv6Rkt/7RZzSQbKbL5RmJaR+O450lXscU/6sBQkeOxxcsLqgp
/5X6Y2pMHg3yidFhA/hdhOyqx7XdsZKb3uiExXEXATJ4nl+N8YJe2Od1nnM2Cuxa
kPFb4rNo+SqDNfZBW9EwMoiqOO+DDYN07Q8dP75izyTGY7R2dOUAS7P0nJiD/i7t
a9YM8tZ713pSYYu81rauczlUJeORxf0WxK7nrpQNMBf61PTf6AyTLcLjFBwcIHkA
zD9KP6pqMvmthDnlhIdId/5jwrQZuwxCXMWNsGKgreD3/beET1kGpHi46wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFItvQ54dpFxor9sqiu+vu75sVKh5MB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvaTI5RG5oMmtYR2l2MnlxSzc2LTd2bXhVcUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPjyDAwQB
PjyGMA0GCSqGSIb3DQEBCwUAA4IBAQBvGJk+B8sVQPBq4G/YL0isb+A+NIzY8hJ6
4A9dl5NP1Cel4oP5FP1XQZh5OsJ69TpnTkCH90mc3tTyd2JizPZ2eLnZDvwm9r59
+vh1QQHKdd9MogTOXUoD2DocuXlubjBoILnKbW3TH5lrmBJxH8RI8ta33ue50xP4
Zo8MsEDOIKWOBSmjx+NT4Q18ypqs0Pbb4gdWfABqu7g0aRoNLWoxmrRRD7pGa2bl
JRWYl3yWWefN+/KPhZ/ONDwi/Z9pr5FCRvuOqWc78WhpIm3mobkEWuGwXNpvBxs5
qbtGMk0/qM2ogBwIZzShPcqkXhtNxWkqoZUxq2NqvWnFkiLm/ARP
-----END CERTIFICATE-----