Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/fn36UtRGyW0zYJnxw32sGSj82q0.roa
File:                     fn36UtRGyW0zYJnxw32sGSj82q0.roa (raw, json)
Hash identifier:          xdl6b5qAk+Coe4SCUR+/MRlwgbDH8F0nUd5jIICGFyg=
Subject key identifier:   7E:7D:FA:52:D4:46:C9:6D:33:60:99:F1:C3:7D:AC:19:28:FC:DA:AD
Certificate issuer:       /CN=e50e6692d9728da81f5c4f49e150773e1afbc80b
Certificate serial:       01978379F744D69D98CF39BB692AFFD371DD
Authority key identifier: E5:0E:66:92:D9:72:8D:A8:1F:5C:4F:49:E1:50:77:3E:1A:FB:C8:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Q5mktlyjagfXE9J4VB3Phr7yAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/fn36UtRGyW0zYJnxw32sGSj82q0.roa
Signing time:             Wed 18 Jun 2025 14:38:17 +0000
ROA not before:           Wed 18 Jun 2025 14:38:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210658
IP address blocks:        62.204.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/5Q5mktlyjagfXE9J4VB3Phr7yAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/5Q5mktlyjagfXE9J4VB3Phr7yAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Q5mktlyjagfXE9J4VB3Phr7yAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:83:79:f7:44:d6:9d:98:cf:39:bb:69:2a:ff:d3:71:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e50e6692d9728da81f5c4f49e150773e1afbc80b
        Validity
            Not Before: Jun 18 14:38:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e7dfa52d446c96d336099f1c37dac1928fcdaad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fb:ba:45:d5:fd:fe:9e:82:e3:0e:ff:83:de:
                    cf:21:4f:d6:d2:e5:31:61:0e:a3:e8:2f:b0:40:45:
                    0e:b4:34:96:51:b0:1a:5b:a5:06:05:ff:70:b7:5f:
                    ea:db:d4:c7:b8:c8:cf:04:67:5c:03:3c:a5:18:56:
                    e7:3d:73:62:23:29:b4:99:16:b2:af:9c:c3:65:24:
                    78:4a:18:6d:52:c3:02:b1:d6:8e:a5:49:25:f0:7a:
                    93:38:ef:31:05:cb:82:2a:41:02:62:a9:30:01:1e:
                    ec:0b:0b:3e:1a:2e:dd:b6:76:1d:7f:54:c7:d7:ec:
                    bc:61:9f:fa:2e:5e:37:be:f4:1a:9b:a0:81:f7:cd:
                    76:fb:69:8d:a6:bc:02:05:21:e4:56:16:d3:a1:36:
                    ca:ff:99:73:92:9c:67:e9:df:be:2f:18:ce:35:c1:
                    57:5e:ea:1c:d1:57:59:5a:37:d8:28:61:69:48:ab:
                    c3:54:21:14:99:53:af:29:ca:66:da:6b:c2:34:08:
                    5d:84:78:1d:5a:23:c1:eb:65:31:ac:65:9b:13:bf:
                    28:40:93:38:33:dc:c8:2e:0f:3c:b5:3e:47:a4:7b:
                    c6:40:a8:4a:10:64:0d:c0:21:79:84:a4:6e:a4:7a:
                    71:66:ff:1f:7a:6d:0f:b7:14:e8:6a:79:4c:41:d6:
                    2a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:7D:FA:52:D4:46:C9:6D:33:60:99:F1:C3:7D:AC:19:28:FC:DA:AD
            X509v3 Authority Key Identifier:
                keyid:E5:0E:66:92:D9:72:8D:A8:1F:5C:4F:49:E1:50:77:3E:1A:FB:C8:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Q5mktlyjagfXE9J4VB3Phr7yAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/fn36UtRGyW0zYJnxw32sGSj82q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/5Q5mktlyjagfXE9J4VB3Phr7yAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:b2:93:59:9c:f3:80:30:f3:9b:91:2e:2c:35:9a:a0:59:9a:
         c5:dd:e3:eb:41:60:87:51:e3:ad:a8:6b:09:c0:0b:ca:91:4a:
         4e:c3:58:08:eb:6e:a1:99:4f:50:ba:fe:1f:dd:5e:43:c8:1e:
         4e:70:c8:94:c5:e6:bd:01:a5:56:2d:d1:3a:c5:22:c4:b5:ab:
         e5:45:81:00:8a:1d:a8:c1:7b:94:b0:f3:20:c5:90:b9:cd:32:
         97:07:64:d1:57:f4:65:fc:09:57:14:4c:d8:5d:0b:7d:df:0b:
         f5:8f:a6:6f:7a:6d:0d:31:0a:b6:30:7d:d6:09:80:b3:b7:3f:
         f5:10:43:ff:fd:f2:86:f5:98:7c:de:46:0c:c9:7c:b5:7b:08:
         2a:ef:f4:5a:d9:c5:40:cb:84:ed:2b:6f:33:4e:89:07:a2:f3:
         d1:6f:d9:dc:ae:cb:1d:a3:f3:dc:e5:fb:89:70:ed:33:40:c2:
         ea:b3:f0:9c:b6:6f:14:12:b7:59:f8:94:55:b1:30:cf:90:f0:
         a1:8c:67:8e:9f:65:54:d4:e2:84:92:1b:07:8a:eb:57:9a:4b:
         c7:49:b0:7d:96:9e:bc:f6:d2:18:d2:24:d9:03:bd:30:01:25:
         2b:6c:c1:05:49:ae:e6:f5:66:37:1a:00:93:e1:f2:36:d9:40:
         f1:d4:5a:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeDefdE1p2Yzzm7aSr/03HdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MGU2NjkyZDk3MjhkYTgxZjVjNGY0OWUxNTA3NzNlMWFm
YmM4MGIwHhcNMjUwNjE4MTQzODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTdkZmE1MmQ0NDZjOTZkMzM2MDk5ZjFjMzdkYWMxOTI4ZmNkYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/u6RdX9/p6C4w7/g97PIU/W0uUx
YQ6j6C+wQEUOtDSWUbAaW6UGBf9wt1/q29THuMjPBGdcAzylGFbnPXNiIym0mRay
r5zDZSR4ShhtUsMCsdaOpUkl8HqTOO8xBcuCKkECYqkwAR7sCws+Gi7dtnYdf1TH
1+y8YZ/6Ll43vvQam6CB9812+2mNprwCBSHkVhbToTbK/5lzkpxn6d++LxjONcFX
Xuoc0VdZWjfYKGFpSKvDVCEUmVOvKcpm2mvCNAhdhHgdWiPB62UxrGWbE78oQJM4
M9zILg88tT5HpHvGQKhKEGQNwCF5hKRupHpxZv8fem0PtxToanlMQdYquwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH59+lLURsltM2CZ8cN9rBko/NqtMB8GA1UdIwQY
MBaAFOUOZpLZco2oH1xPSeFQdz4a+8gLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVE1bWt0bHlqYWdmWEU5SjRWQjNQaHI3eUFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9mMmVkNTAtNGM5YS00MzQ0LTkxNDgt
MDM5YzE0MDVlMTc1LzEvZm4zNlV0Ukd5VzB6WUpueHczMnNHU2o4MnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9mMmVkNTAtNGM5YS00MzQ0LTkxNDgtMDM5YzE0MDVlMTc1
LzEvNVE1bWt0bHlqYWdmWEU5SjRWQjNQaHI3eUFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPswvMA0G
CSqGSIb3DQEBCwUAA4IBAQC8spNZnPOAMPObkS4sNZqgWZrF3ePrQWCHUeOtqGsJ
wAvKkUpOw1gI626hmU9Quv4f3V5DyB5OcMiUxea9AaVWLdE6xSLEtavlRYEAih2o
wXuUsPMgxZC5zTKXB2TRV/Rl/AlXFEzYXQt93wv1j6Zvem0NMQq2MH3WCYCztz/1
EEP//fKG9Zh83kYMyXy1ewgq7/Ra2cVAy4TtK28zTokHovPRb9ncrssdo/Pc5fuJ
cO0zQMLqs/Cctm8UErdZ+JRVsTDPkPChjGeOn2VU1OKEkhsHiutXmkvHSbB9lp68
9tIY0iTZA70wASUrbMEFSa7m9WY3GgCT4fI22UDx1FrZ
-----END CERTIFICATE-----