Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/E8a1_PGMprGsOEhvFqqS6i5Tdz4.roa
File:                     E8a1_PGMprGsOEhvFqqS6i5Tdz4.roa (raw, json)
Hash identifier:          df9z/ZIg8AUrgWm4WPTjfTwd5PEvval7nDbnweaPaGU=
Subject key identifier:   13:C6:B5:FC:F1:8C:A6:B1:AC:38:48:6F:16:AA:92:EA:2E:53:77:3E
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0198A2364E741C7B385B5D7736893E165A3A
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/E8a1_PGMprGsOEhvFqqS6i5Tdz4.roa
Signing time:             Wed 13 Aug 2025 06:55:24 +0000
ROA not before:           Wed 13 Aug 2025 06:55:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401838
IP address blocks:        62.72.183.0/24 maxlen: 24
                          62.72.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:36:4e:74:1c:7b:38:5b:5d:77:36:89:3e:16:5a:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Aug 13 06:55:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13c6b5fcf18ca6b1ac38486f16aa92ea2e53773e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d6:c2:4b:d5:53:77:b4:9c:37:18:33:b1:95:
                    eb:0c:fd:1d:e3:3d:6b:3a:20:99:79:c0:83:56:21:
                    5d:66:bb:56:1e:34:c0:ce:bf:60:ec:92:df:52:ba:
                    fd:16:f6:49:32:be:3e:b4:52:b9:aa:d1:51:f1:c5:
                    9a:69:11:40:94:25:e7:4c:bb:be:0b:3c:4e:8c:94:
                    31:72:9f:a4:f7:ec:aa:e2:95:36:81:f6:fc:5c:9f:
                    d8:c7:5c:59:e7:29:93:13:58:81:01:e8:c2:c3:30:
                    9c:d8:72:3b:22:14:d3:04:84:14:ae:35:e0:30:c2:
                    fc:72:51:f6:2f:d5:2b:71:a1:5b:ef:48:34:3c:6a:
                    9f:5b:a5:3c:a3:e9:38:dc:fd:6a:aa:65:d8:06:12:
                    be:1a:23:2b:7c:67:ac:31:aa:38:cd:5b:20:3e:c3:
                    d9:8a:1e:93:63:d3:ab:b8:17:33:d2:92:36:6c:ea:
                    3c:d8:ef:ad:48:f8:ee:be:dd:4b:ed:8f:f3:bf:b5:
                    17:cc:cc:fc:d0:30:e2:52:b3:b7:8e:50:f4:1b:fb:
                    7c:d8:31:bb:aa:ed:8e:91:83:9d:5b:d5:3b:50:03:
                    f5:0b:73:ae:dc:7f:a0:a5:e2:7f:ee:70:bc:c0:d6:
                    86:ce:e2:4c:f7:45:86:b7:83:06:63:23:71:0d:ab:
                    30:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C6:B5:FC:F1:8C:A6:B1:AC:38:48:6F:16:AA:92:EA:2E:53:77:3E
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/E8a1_PGMprGsOEhvFqqS6i5Tdz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.183.0/24
                  62.72.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:95:e2:00:4f:3a:d5:54:6d:76:75:57:bc:dc:92:d3:dc:5b:
         25:15:79:88:60:f5:bf:2f:a7:80:50:5a:64:5c:72:d7:20:d8:
         e0:40:02:f4:18:fb:60:85:c4:cd:a8:da:43:bf:00:a3:1f:a0:
         a7:ab:95:85:74:f2:f2:9b:66:5c:a2:b3:73:5d:75:a0:72:3b:
         d2:24:f5:c2:30:e0:c7:d7:cc:6f:1d:82:a4:42:e5:46:92:0d:
         01:1c:ae:ae:5c:47:79:37:0b:d8:21:a9:4f:d6:76:d0:00:f2:
         34:ba:a3:54:07:5a:08:9c:f0:03:00:0f:e0:c8:98:70:72:ba:
         f2:83:08:06:f8:7d:b3:84:08:ac:22:92:25:0e:a6:89:bb:c4:
         2e:b5:ad:8a:44:4e:3e:f4:3b:54:b3:00:08:96:33:1e:09:b2:
         65:1a:bd:20:53:be:2d:18:32:10:1d:ff:e5:98:2a:36:d0:71:
         56:f4:5d:cc:ff:db:32:54:02:6e:0f:51:2a:cf:fc:bd:54:3b:
         21:63:13:b6:ad:b0:89:98:c1:0a:d0:8b:39:67:c8:70:1b:f6:
         f1:86:c6:d7:c7:49:a0:4e:da:ce:40:ef:68:9f:fc:3f:e3:db:
         af:e7:bc:8b:17:52:97:9f:98:7c:86:e4:c9:d7:e6:26:df:ac:
         4b:74:1f:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiiNk50HHs4W113Nok+Flo6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwODEzMDY1NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2M2YjVmY2YxOGNhNmIxYWMzODQ4NmYxNmFhOTJlYTJlNTM3NzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9bCS9VTd7ScNxgzsZXrDP0d4z1r
OiCZecCDViFdZrtWHjTAzr9g7JLfUrr9FvZJMr4+tFK5qtFR8cWaaRFAlCXnTLu+
CzxOjJQxcp+k9+yq4pU2gfb8XJ/Yx1xZ5ymTE1iBAejCwzCc2HI7IhTTBIQUrjXg
MML8clH2L9UrcaFb70g0PGqfW6U8o+k43P1qqmXYBhK+GiMrfGesMao4zVsgPsPZ
ih6TY9OruBcz0pI2bOo82O+tSPjuvt1L7Y/zv7UXzMz80DDiUrO3jlD0G/t82DG7
qu2OkYOdW9U7UAP1C3Ou3H+gpeJ/7nC8wNaGzuJM90WGt4MGYyNxDaswpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBPGtfzxjKaxrDhIbxaqkuouU3c+MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvRThhMV9QR01wckdzT0VodkZxcVM2aTVUZHo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPki3AwQA
Pki+MA0GCSqGSIb3DQEBCwUAA4IBAQARleIATzrVVG12dVe83JLT3FslFXmIYPW/
L6eAUFpkXHLXINjgQAL0GPtghcTNqNpDvwCjH6Cnq5WFdPLym2ZcorNzXXWgcjvS
JPXCMODH18xvHYKkQuVGkg0BHK6uXEd5NwvYIalP1nbQAPI0uqNUB1oInPADAA/g
yJhwcrrygwgG+H2zhAisIpIlDqaJu8Quta2KRE4+9DtUswAIljMeCbJlGr0gU74t
GDIQHf/lmCo20HFW9F3M/9syVAJuD1Eqz/y9VDshYxO2rbCJmMEK0Is5Z8hwG/bx
hsbXx0mgTtrOQO9on/w/49uv57yLF1KXn5h8huTJ1+Ym36xLdB95
-----END CERTIFICATE-----