Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/8DJ685XS7FFhXpTi96HwIs1c-E8.roa
File:                     8DJ685XS7FFhXpTi96HwIs1c-E8.roa (raw, json)
Hash identifier:          P3RV7SHn5Nd362yPOhJ1roOU2udG/g0q/278EWXSOPo=
Subject key identifier:   F0:32:7A:F3:95:D2:EC:51:61:5E:94:E2:F7:A1:F0:22:CD:5C:F8:4F
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0196803E05D21BE8E2AEB13025740E35BC75
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/8DJ685XS7FFhXpTi96HwIs1c-E8.roa
Signing time:             Tue 29 Apr 2025 06:31:10 +0000
ROA not before:           Tue 29 Apr 2025 06:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        62.72.184.0/24 maxlen: 24
                          81.21.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:80:3e:05:d2:1b:e8:e2:ae:b1:30:25:74:0e:35:bc:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Apr 29 06:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0327af395d2ec51615e94e2f7a1f022cd5cf84f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3b:7b:ba:3a:26:cc:45:80:ef:66:11:cf:5f:
                    05:46:0a:7c:e7:14:cd:21:de:55:c5:e6:a1:42:b4:
                    b2:a4:94:d9:73:37:b3:d3:ef:b6:b6:bd:ba:38:bc:
                    17:49:42:fa:e6:d9:d8:d5:ff:c1:63:6c:a3:18:d7:
                    e5:6c:9d:a3:75:e0:76:66:79:23:39:a5:ce:3a:cf:
                    a3:95:dc:a7:cb:c7:b9:b9:7d:7f:b6:1e:9e:9e:a1:
                    32:f2:01:3b:86:75:a6:54:68:2f:7e:f8:d0:d2:7c:
                    62:f3:c9:57:e7:78:e4:b3:00:68:ff:b1:02:0a:12:
                    71:36:22:52:6f:f5:32:3c:42:61:d1:76:56:09:f1:
                    4d:98:fd:fd:b3:60:95:2a:89:8f:f6:33:58:76:99:
                    e6:aa:70:9e:56:8f:ea:a5:26:84:57:7c:bb:80:4c:
                    86:c8:c0:c9:bc:8e:22:6d:26:9b:7d:62:47:05:63:
                    d9:63:50:2d:fd:c1:c3:a4:ae:11:76:39:f7:c3:1a:
                    02:5b:93:78:bb:6e:9d:b4:9b:77:4c:4a:bc:85:e3:
                    11:3e:57:87:bd:18:02:61:72:f2:e4:f3:ba:68:c2:
                    2b:43:e3:40:9e:ed:f5:a1:cf:37:0b:f9:dc:a6:16:
                    0b:ce:3f:5f:be:1e:b2:b3:8f:ce:f4:5c:02:9a:c7:
                    03:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:32:7A:F3:95:D2:EC:51:61:5E:94:E2:F7:A1:F0:22:CD:5C:F8:4F
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/8DJ685XS7FFhXpTi96HwIs1c-E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.184.0/24
                  81.21.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:4f:c0:99:79:83:bb:bb:81:32:b2:58:58:51:b3:87:84:44:
         34:59:53:91:42:1c:0f:c7:34:d5:1c:3f:0c:d5:74:7a:c9:05:
         37:1d:63:8b:21:99:81:11:6c:96:70:4b:6e:e1:bb:78:47:03:
         6a:e3:b4:ca:f2:43:a3:60:90:66:7b:a2:93:eb:cc:d0:03:83:
         77:de:e4:10:c4:e9:ec:7d:98:04:38:d7:51:28:c4:b9:62:ad:
         b7:4f:aa:29:63:da:2b:05:4a:05:e5:fb:7e:b0:6d:cf:01:37:
         9a:82:19:69:19:50:a3:9c:ed:92:2d:6e:1e:f5:45:0f:59:95:
         74:e2:6b:57:23:21:e1:72:67:a3:1f:99:5f:40:66:10:40:47:
         ac:12:47:24:06:b4:65:3e:03:aa:7c:78:04:b0:12:63:75:7f:
         37:30:27:58:6a:58:8e:ac:b7:da:15:c4:0f:17:10:b2:78:da:
         69:14:b7:44:44:12:1b:47:f8:98:b9:0c:6d:11:a7:c9:a6:da:
         7a:f2:50:41:f5:5c:62:cc:33:c8:f8:a2:47:8c:04:36:1d:83:
         22:3b:1d:fa:6c:2d:c2:94:44:c4:1d:1f:88:ee:67:e2:a1:49:
         06:be:80:68:14:8c:aa:37:c9:41:51:ed:f5:76:81:12:7c:27:
         26:d8:0d:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaAPgXSG+jirrEwJXQONbx1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwNDI5MDYzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDMyN2FmMzk1ZDJlYzUxNjE1ZTk0ZTJmN2ExZjAyMmNkNWNmODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDt7ujomzEWA72YRz18FRgp85xTN
Id5VxeahQrSypJTZczez0++2tr26OLwXSUL65tnY1f/BY2yjGNflbJ2jdeB2Znkj
OaXOOs+jldyny8e5uX1/th6enqEy8gE7hnWmVGgvfvjQ0nxi88lX53jkswBo/7EC
ChJxNiJSb/UyPEJh0XZWCfFNmP39s2CVKomP9jNYdpnmqnCeVo/qpSaEV3y7gEyG
yMDJvI4ibSabfWJHBWPZY1At/cHDpK4Rdjn3wxoCW5N4u26dtJt3TEq8heMRPleH
vRgCYXLy5PO6aMIrQ+NAnu31oc83C/ncphYLzj9fvh6ys4/O9FwCmscDhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPAyevOV0uxRYV6U4veh8CLNXPhPMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvOERKNjg1WFM3RkZoWHBUaTk2SHdJczFjLUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPki4AwQA
URUCMA0GCSqGSIb3DQEBCwUAA4IBAQDGT8CZeYO7u4EyslhYUbOHhEQ0WVORQhwP
xzTVHD8M1XR6yQU3HWOLIZmBEWyWcEtu4bt4RwNq47TK8kOjYJBme6KT68zQA4N3
3uQQxOnsfZgEONdRKMS5Yq23T6opY9orBUoF5ft+sG3PATeaghlpGVCjnO2SLW4e
9UUPWZV04mtXIyHhcmejH5lfQGYQQEesEkckBrRlPgOqfHgEsBJjdX83MCdYaliO
rLfaFcQPFxCyeNppFLdERBIbR/iYuQxtEafJptp68lBB9VxizDPI+KJHjAQ2HYMi
Ox36bC3ClETEHR+I7mfioUkGvoBoFIyqN8lBUe31doESfCcm2A3m
-----END CERTIFICATE-----