Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/XHtpEQoraqRFRPdlAEW9sCe6_rY.roa
File:                     XHtpEQoraqRFRPdlAEW9sCe6_rY.roa (raw, json)
Hash identifier:          soXr8YiLhiu6P10YvfCxOODOvjvRErlJJgNef/tqi0c=
Subject key identifier:   5C:7B:69:11:0A:2B:6A:A4:45:44:F7:65:00:45:BD:B0:27:BA:FE:B6
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01978DEEC034A8B652863620C7589125F2E6
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/XHtpEQoraqRFRPdlAEW9sCe6_rY.roa
Signing time:             Fri 20 Jun 2025 15:22:03 +0000
ROA not before:           Fri 20 Jun 2025 15:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212027
IP address blocks:        62.171.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8d:ee:c0:34:a8:b6:52:86:36:20:c7:58:91:25:f2:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jun 20 15:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c7b69110a2b6aa44544f7650045bdb027bafeb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:08:2a:e7:ef:59:aa:bb:c1:82:65:c0:e8:59:
                    81:85:3a:67:16:2a:a0:78:50:20:8e:81:49:79:e9:
                    69:08:10:1e:39:0a:15:5e:03:21:49:70:eb:50:29:
                    ee:b0:93:54:01:5e:1e:20:bf:b2:11:39:4a:78:4f:
                    fd:3f:87:0f:b5:bf:8d:5d:45:94:3e:60:1b:bf:1f:
                    a4:b6:c5:d9:35:58:e3:81:62:c0:52:27:5e:87:0c:
                    09:af:a3:68:69:db:a9:45:06:6f:90:e6:e0:f2:16:
                    da:d5:58:42:62:c3:77:83:c3:b4:a5:a5:ed:1b:0a:
                    19:e7:10:2b:34:cb:21:f5:0e:f7:67:7f:aa:95:68:
                    55:6e:95:26:29:ba:85:4b:8e:3e:71:a9:a4:67:ae:
                    b8:38:83:57:9f:ba:8a:11:28:94:4a:9e:7a:76:e7:
                    f2:9c:5b:7b:8b:21:7a:8e:3d:37:69:9c:eb:20:aa:
                    0a:9e:8d:4e:96:9b:58:51:cf:e0:b5:02:01:c9:e9:
                    74:52:51:25:8f:d8:78:a5:fd:44:a0:43:2f:c9:ba:
                    8f:0c:6c:b3:f9:cc:e3:0c:49:7d:5f:c0:21:7c:7d:
                    e1:2b:e2:da:83:63:d9:51:4c:b6:54:5b:6d:5c:9c:
                    3d:42:c6:53:ff:5c:6d:dd:df:9f:0d:68:89:da:41:
                    37:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:7B:69:11:0A:2B:6A:A4:45:44:F7:65:00:45:BD:B0:27:BA:FE:B6
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/XHtpEQoraqRFRPdlAEW9sCe6_rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:51:61:45:57:6e:74:3e:6a:56:75:2e:6f:b0:a4:0f:90:26:
         83:de:20:82:4e:34:5b:2c:8b:51:19:10:70:10:22:0f:b0:6d:
         21:5b:70:06:df:3e:8d:d6:aa:32:76:ae:26:88:bc:c5:d0:0b:
         c4:f8:e2:8d:75:3f:4f:b4:42:17:c7:b4:42:55:9c:15:7c:9f:
         9f:e7:22:06:a4:39:75:a9:b1:05:31:2e:bd:98:06:f9:b0:c2:
         97:27:91:55:f4:67:e2:bd:10:9b:0a:3f:b4:57:c5:a8:60:ae:
         b2:15:db:34:72:50:8e:a6:a1:2b:7d:51:0c:e0:2a:ef:02:8d:
         eb:61:0d:a2:91:19:9c:38:00:00:b3:46:73:cf:a0:9e:ae:70:
         1d:8d:9e:a6:0d:1e:d0:39:54:b2:57:eb:53:76:84:f9:18:09:
         73:9e:af:74:34:c1:18:af:b0:c1:f2:2e:d0:3e:b3:3e:6a:4b:
         46:f3:15:90:98:d3:92:fd:63:48:34:ef:af:2a:13:41:e2:67:
         a3:71:47:72:c5:3d:37:d2:ab:df:09:b5:5a:43:1f:79:fb:a6:
         3c:eb:16:10:36:ee:9e:7b:29:d8:a7:89:e0:02:bb:eb:bd:11:
         cb:63:03:e9:51:f1:62:92:c2:33:a7:e8:96:c9:d7:6c:ca:1f:
         04:3a:37:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeN7sA0qLZShjYgx1iRJfLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwNjIwMTUyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzdiNjkxMTBhMmI2YWE0NDU0NGY3NjUwMDQ1YmRiMDI3YmFmZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Agq5+9ZqrvBgmXA6FmBhTpnFiqg
eFAgjoFJeelpCBAeOQoVXgMhSXDrUCnusJNUAV4eIL+yETlKeE/9P4cPtb+NXUWU
PmAbvx+ktsXZNVjjgWLAUidehwwJr6NoadupRQZvkObg8hba1VhCYsN3g8O0paXt
GwoZ5xArNMsh9Q73Z3+qlWhVbpUmKbqFS44+camkZ664OINXn7qKESiUSp56dufy
nFt7iyF6jj03aZzrIKoKno1OlptYUc/gtQIByel0UlElj9h4pf1EoEMvybqPDGyz
+czjDEl9X8AhfH3hK+Lag2PZUUy2VFttXJw9QsZT/1xt3d+fDWiJ2kE30wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFx7aREKK2qkRUT3ZQBFvbAnuv62MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvWEh0cEVRb3JhcVJGUlBkbEFFVzlzQ2U2X3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqv7MA0G
CSqGSIb3DQEBCwUAA4IBAQB5UWFFV250PmpWdS5vsKQPkCaD3iCCTjRbLItRGRBw
ECIPsG0hW3AG3z6N1qoydq4miLzF0AvE+OKNdT9PtEIXx7RCVZwVfJ+f5yIGpDl1
qbEFMS69mAb5sMKXJ5FV9GfivRCbCj+0V8WoYK6yFds0clCOpqErfVEM4CrvAo3r
YQ2ikRmcOAAAs0Zzz6CernAdjZ6mDR7QOVSyV+tTdoT5GAlznq90NMEYr7DB8i7Q
PrM+aktG8xWQmNOS/WNINO+vKhNB4mejcUdyxT030qvfCbVaQx95+6Y86xYQNu6e
eynYp4ngArvrvRHLYwPpUfFiksIzp+iWyddsyh8EOjdJ
-----END CERTIFICATE-----