Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/oKnLHsgLuH19r9Kfwt5hP8Ci_1c.roa
File:                     oKnLHsgLuH19r9Kfwt5hP8Ci_1c.roa (raw, json)
Hash identifier:          DmQXUdH++x8Jbt+xahGEKKK2c4WHJ1zAXd2QztzCTFI=
Subject key identifier:   A0:A9:CB:1E:C8:0B:B8:7D:7D:AF:D2:9F:C2:DE:61:3F:C0:A2:FF:57
Certificate issuer:       /CN=c0e1b8b7a1da640348493b9c6f4ead496e3861cf
Certificate serial:       019962058F7A5CC3B56D5E2620FF4732BC55
Authority key identifier: C0:E1:B8:B7:A1:DA:64:03:48:49:3B:9C:6F:4E:AD:49:6E:38:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOG4t6HaZANISTucb06tSW44Yc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/oKnLHsgLuH19r9Kfwt5hP8Ci_1c.roa
Signing time:             Fri 19 Sep 2025 12:49:15 +0000
ROA not before:           Fri 19 Sep 2025 12:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60751
IP address blocks:        62.164.200.0/21 maxlen: 21
                          62.164.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/wOG4t6HaZANISTucb06tSW44Yc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/wOG4t6HaZANISTucb06tSW44Yc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOG4t6HaZANISTucb06tSW44Yc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:62:05:8f:7a:5c:c3:b5:6d:5e:26:20:ff:47:32:bc:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e1b8b7a1da640348493b9c6f4ead496e3861cf
        Validity
            Not Before: Sep 19 12:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0a9cb1ec80bb87d7dafd29fc2de613fc0a2ff57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e2:db:80:2d:0f:69:70:87:4e:d0:10:25:35:
                    5a:99:ae:24:6b:d5:57:6f:46:13:32:7c:7f:e0:2e:
                    23:aa:e5:f5:a1:de:08:19:eb:41:fa:b2:d6:33:ec:
                    c4:4d:e2:12:dd:80:af:d8:2b:40:07:fa:df:f1:1e:
                    7d:9c:31:35:9d:85:14:c6:74:f8:d1:26:80:aa:38:
                    e6:01:ec:10:94:49:4c:3c:3e:db:86:e7:df:b7:12:
                    83:6a:06:9e:bb:6d:c8:aa:21:4d:5d:47:ae:db:88:
                    d1:95:d1:6d:ea:a0:a3:9e:15:d6:96:b5:7a:8f:c4:
                    07:3c:8c:57:30:b2:e6:1d:ca:a1:2e:e4:be:1a:7f:
                    d1:ed:90:6c:6a:b5:b7:e6:5f:23:f4:96:e9:d9:48:
                    fc:2c:be:fb:8e:97:6e:ca:77:60:9f:d6:37:6d:37:
                    a2:dd:28:22:29:48:5e:c5:9c:5a:f1:ef:82:0f:83:
                    4e:ad:e2:ba:21:3a:c7:4b:6d:1e:ea:20:64:0e:de:
                    c7:ec:d3:5c:66:70:49:63:5e:be:7f:c1:3a:69:b5:
                    bd:b2:44:c5:68:31:28:3d:a2:65:01:d6:95:81:0f:
                    5f:e1:56:cc:cf:bf:53:2c:cb:d2:c3:c1:1e:cb:70:
                    be:2b:af:79:47:1a:49:17:c0:a9:e5:38:57:90:e8:
                    b3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A9:CB:1E:C8:0B:B8:7D:7D:AF:D2:9F:C2:DE:61:3F:C0:A2:FF:57
            X509v3 Authority Key Identifier:
                keyid:C0:E1:B8:B7:A1:DA:64:03:48:49:3B:9C:6F:4E:AD:49:6E:38:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOG4t6HaZANISTucb06tSW44Yc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/oKnLHsgLuH19r9Kfwt5hP8Ci_1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/wOG4t6HaZANISTucb06tSW44Yc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         43:97:85:55:d2:06:ed:88:23:6e:14:b9:dd:08:61:02:6c:e7:
         c2:00:39:75:20:ab:ea:4d:d2:60:76:ac:5c:9f:95:d4:34:5f:
         05:05:73:75:8a:9d:9a:f4:b6:d5:58:33:c7:df:b8:34:ea:82:
         4e:22:69:4c:c6:54:84:64:ab:a8:5d:64:50:66:d1:82:90:11:
         0c:4d:07:ba:cb:c4:53:f3:54:8b:17:0a:92:5b:e8:c7:4b:e7:
         62:42:f9:a5:e3:8e:4a:a0:7e:0e:69:38:b2:36:e4:67:e4:eb:
         a5:27:7b:ad:43:36:a0:d9:12:0e:71:28:4a:9a:5f:66:08:02:
         3a:89:15:93:00:d9:c9:c6:a1:f8:e5:17:9e:16:5c:00:74:23:
         9c:ef:28:56:d6:27:f4:53:03:12:89:07:86:2e:d2:7a:26:c9:
         6c:ef:c9:02:eb:88:60:f5:b5:e5:72:73:d3:85:a7:ce:04:79:
         17:c7:1b:3a:a5:a2:5a:f9:68:5b:a5:d5:97:72:38:d5:b1:6e:
         47:cf:d9:d4:3d:2d:a9:1d:af:65:b1:79:c5:39:1b:34:5f:88:
         1c:4d:f7:42:8f:a7:f1:fd:bd:32:a6:2a:23:33:97:2c:6e:c2:
         68:44:c0:c2:f3:e1:93:b4:ee:dc:7f:d8:5d:ff:70:ba:1b:2b:
         38:42:e7:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZliBY96XMO1bV4mIP9HMrxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTFiOGI3YTFkYTY0MDM0ODQ5M2I5YzZmNGVhZDQ5NmUz
ODYxY2YwHhcNMjUwOTE5MTI0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGE5Y2IxZWM4MGJiODdkN2RhZmQyOWZjMmRlNjEzZmMwYTJmZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+LbgC0PaXCHTtAQJTVama4ka9VX
b0YTMnx/4C4jquX1od4IGetB+rLWM+zETeIS3YCv2CtAB/rf8R59nDE1nYUUxnT4
0SaAqjjmAewQlElMPD7bhufftxKDagaeu23IqiFNXUeu24jRldFt6qCjnhXWlrV6
j8QHPIxXMLLmHcqhLuS+Gn/R7ZBsarW35l8j9Jbp2Uj8LL77jpduyndgn9Y3bTei
3SgiKUhexZxa8e+CD4NOreK6ITrHS20e6iBkDt7H7NNcZnBJY16+f8E6abW9skTF
aDEoPaJlAdaVgQ9f4VbMz79TLMvSw8Eey3C+K695RxpJF8Cp5ThXkOizAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCpyx7IC7h9fa/Sn8LeYT/Aov9XMB8GA1UdIwQY
MBaAFMDhuLeh2mQDSEk7nG9OrUluOGHPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09HNHQ2SGFaQU5JU1R1Y2IwNnRTVzQ0WWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hZmNlZDgtNWM0OC00NzQwLWE2MzUt
MTYxMWM5MGJhMzNiLzEvb0tuTEhzZ0x1SDE5cjlLZnd0NWhQOENpXzFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hZmNlZDgtNWM0OC00NzQwLWE2MzUtMTYxMWM5MGJhMzNi
LzEvd09HNHQ2SGFaQU5JU1R1Y2IwNnRTVzQ0WWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPqTIMA0G
CSqGSIb3DQEBCwUAA4IBAQBDl4VV0gbtiCNuFLndCGECbOfCADl1IKvqTdJgdqxc
n5XUNF8FBXN1ip2a9LbVWDPH37g06oJOImlMxlSEZKuoXWRQZtGCkBEMTQe6y8RT
81SLFwqSW+jHS+diQvml445KoH4OaTiyNuRn5OulJ3utQzag2RIOcShKml9mCAI6
iRWTANnJxqH45ReeFlwAdCOc7yhW1if0UwMSiQeGLtJ6Jsls78kC64hg9bXlcnPT
hafOBHkXxxs6paJa+WhbpdWXcjjVsW5Hz9nUPS2pHa9lsXnFORs0X4gcTfdCj6fx
/b0ypiojM5csbsJoRMDC8+GTtO7cf9hd/3C6Gys4QucT
-----END CERTIFICATE-----