Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/sFdyS1bi1kemFkcxeMjXf0LBCAw.roa
File:                     sFdyS1bi1kemFkcxeMjXf0LBCAw.roa (raw, json)
Hash identifier:          cN6Apu7mP0IoUWBpLM0zoLwxlQm/BceMlQYohd1ovJY=
Subject key identifier:   B0:57:72:4B:56:E2:D6:47:A6:16:47:31:78:C8:D7:7F:42:C1:08:0C
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0198A224E9A3DF96E75F31EF4A63693DF051
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/sFdyS1bi1kemFkcxeMjXf0LBCAw.roa
Signing time:             Wed 13 Aug 2025 06:36:24 +0000
ROA not before:           Wed 13 Aug 2025 06:36:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215930
IP address blocks:        62.60.130.0/24 maxlen: 24
                          62.60.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:24:e9:a3:df:96:e7:5f:31:ef:4a:63:69:3d:f0:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Aug 13 06:36:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b057724b56e2d647a616473178c8d77f42c1080c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fd:c5:2b:5c:28:00:55:91:93:37:8a:96:37:
                    18:56:34:24:92:a9:df:0c:6e:6f:26:7c:71:ab:7a:
                    f9:13:83:6c:6b:9c:7e:b5:63:da:d8:da:72:58:f6:
                    20:3f:30:e2:18:89:3d:bd:95:01:53:83:82:0b:b3:
                    09:c7:3b:96:81:8f:2b:60:be:b9:29:11:c4:9f:f1:
                    2d:f2:9f:80:bd:0f:d3:5c:60:60:d3:d0:93:48:81:
                    c3:a6:14:03:39:fc:46:1d:9f:73:0c:4f:e5:bd:dc:
                    c9:dc:3c:a1:4e:54:7d:c9:87:c2:40:ff:21:e4:f5:
                    28:3d:98:02:08:94:41:94:ff:05:f7:14:ac:d0:1d:
                    4b:30:59:2c:f6:c3:96:63:1e:c0:e1:cc:a6:b6:96:
                    50:45:35:e9:a2:f0:33:e6:e7:79:e0:12:5f:8c:17:
                    f4:aa:15:eb:f1:3e:d8:15:8e:44:f0:f2:bc:80:fd:
                    6a:22:40:70:df:0b:07:ca:bc:ef:62:37:7b:cb:a2:
                    63:c2:3c:5d:94:2a:aa:7a:b6:b8:93:df:8e:c6:f9:
                    42:92:dc:3e:19:54:45:21:ce:2b:0a:59:43:f0:d2:
                    cf:a6:60:00:e5:af:5f:eb:89:ce:30:22:8c:21:65:
                    8f:33:a4:df:d6:c8:d1:1c:34:79:a4:be:4f:c0:d7:
                    83:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:57:72:4B:56:E2:D6:47:A6:16:47:31:78:C8:D7:7F:42:C1:08:0C
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/sFdyS1bi1kemFkcxeMjXf0LBCAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.130.0/24
                  62.60.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:7c:c3:dc:32:07:42:8a:5a:90:62:e0:e0:e9:e3:bd:94:8a:
         42:3c:38:1a:aa:7d:26:a1:95:aa:c4:9b:02:74:59:ea:3a:8c:
         a8:e3:cb:ee:77:1f:f3:d1:e7:16:d2:77:99:16:74:ab:9e:6b:
         2d:59:36:f4:e0:00:7b:17:3b:3b:71:8a:bf:8c:dc:1b:ae:9e:
         66:85:6e:1e:43:01:4e:96:6c:17:6a:11:eb:9b:ce:ec:ff:cc:
         21:cf:26:5c:e6:b9:08:f2:f2:30:b2:51:43:ba:b3:80:3b:70:
         23:7f:9e:c4:bc:66:dd:c5:23:23:da:55:b8:00:38:15:d6:89:
         b7:bd:56:12:aa:85:30:e0:7d:28:22:ba:72:54:ce:21:5c:6e:
         fd:fa:0d:6f:d4:2a:ec:32:c4:44:ed:e9:54:7b:b7:a3:07:67:
         1c:25:9a:57:0b:6d:84:23:56:ad:ed:0a:1f:85:81:e1:66:f3:
         16:ca:22:8b:6b:0b:cd:37:39:68:f0:ab:f0:12:0f:79:00:bf:
         4d:95:16:34:e4:18:05:48:ed:b8:c7:c7:64:9b:d0:91:9f:a1:
         14:cb:cb:2a:6b:17:a2:45:71:1d:09:27:8d:dd:67:1a:db:eb:
         d3:8d:00:1d:ff:5b:23:6a:c8:ee:e3:f6:09:6e:20:ad:5a:31:
         3e:33:a5:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiiJOmj35bnXzHvSmNpPfBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwODEzMDYzNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDU3NzI0YjU2ZTJkNjQ3YTYxNjQ3MzE3OGM4ZDc3ZjQyYzEwODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf3FK1woAFWRkzeKljcYVjQkkqnf
DG5vJnxxq3r5E4Nsa5x+tWPa2NpyWPYgPzDiGIk9vZUBU4OCC7MJxzuWgY8rYL65
KRHEn/Et8p+AvQ/TXGBg09CTSIHDphQDOfxGHZ9zDE/lvdzJ3DyhTlR9yYfCQP8h
5PUoPZgCCJRBlP8F9xSs0B1LMFks9sOWYx7A4cymtpZQRTXpovAz5ud54BJfjBf0
qhXr8T7YFY5E8PK8gP1qIkBw3wsHyrzvYjd7y6JjwjxdlCqqera4k9+OxvlCktw+
GVRFIc4rCllD8NLPpmAA5a9f64nOMCKMIWWPM6Tf1sjRHDR5pL5PwNeDawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLBXcktW4tZHphZHMXjI139CwQgMMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvc0ZkeVMxYmkxa2VtRmtjeGVNalhmMExCQ0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPjyCAwQA
PjzQMA0GCSqGSIb3DQEBCwUAA4IBAQCIfMPcMgdCilqQYuDg6eO9lIpCPDgaqn0m
oZWqxJsCdFnqOoyo48vudx/z0ecW0neZFnSrnmstWTb04AB7Fzs7cYq/jNwbrp5m
hW4eQwFOlmwXahHrm87s/8whzyZc5rkI8vIwslFDurOAO3Ajf57EvGbdxSMj2lW4
ADgV1om3vVYSqoUw4H0oIrpyVM4hXG79+g1v1CrsMsRE7elUe7ejB2ccJZpXC22E
I1at7QofhYHhZvMWyiKLawvNNzlo8KvwEg95AL9NlRY05BgFSO24x8dkm9CRn6EU
y8sqaxeiRXEdCSeN3Wca2+vTjQAd/1sjasju4/YJbiCtWjE+M6Uo
-----END CERTIFICATE-----