Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/1wmzqwE2ku8n0Mm8ErGyhHCrJOk.roa
File:                     1wmzqwE2ku8n0Mm8ErGyhHCrJOk.roa (raw, json)
Hash identifier:          c652pSMHzVee2CwYp/svFjVJzZcqt1kjmMsHG7p6sR4=
Subject key identifier:   D7:09:B3:AB:01:36:92:EF:27:D0:C9:BC:12:B1:B2:84:70:AB:24:E9
Certificate issuer:       /CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
Certificate serial:       0198A279F5A1DCC0A4570CE71D204CB15B23
Authority key identifier: 16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/1wmzqwE2ku8n0Mm8ErGyhHCrJOk.roa
Signing time:             Wed 13 Aug 2025 08:09:18 +0000
ROA not before:           Wed 13 Aug 2025 08:09:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401838
IP address blocks:        62.112.206.0/24 maxlen: 24
                          62.112.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:79:f5:a1:dc:c0:a4:57:0c:e7:1d:20:4c:b1:5b:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
        Validity
            Not Before: Aug 13 08:09:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d709b3ab013692ef27d0c9bc12b1b28470ab24e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e8:35:77:c5:79:09:0e:e4:79:7a:47:76:d3:
                    12:13:7a:86:65:ba:11:78:6e:a4:86:7d:98:2f:67:
                    5a:ea:ab:28:eb:87:f0:62:fe:21:89:82:de:be:0a:
                    8a:0d:0f:b1:2c:2a:f2:a7:10:0c:7c:a8:d5:45:9b:
                    bc:3b:7a:29:11:c7:fc:d1:c7:6f:1c:e4:6e:44:c4:
                    9c:d2:58:0c:bf:39:3f:59:a3:2d:11:8e:1c:5d:63:
                    19:66:0d:c6:5d:51:33:81:32:bb:a6:46:fd:60:a3:
                    17:92:d3:b0:13:5d:c1:3e:b5:34:ea:1e:57:33:35:
                    ad:00:71:d5:d8:98:21:e6:72:dd:b4:0d:a3:62:9b:
                    b6:20:47:0d:45:ce:64:eb:f7:92:55:44:b1:d7:5d:
                    d3:fc:78:d7:f5:70:02:c9:88:34:9c:18:2b:37:1d:
                    5d:3f:12:33:86:93:1a:44:ad:d3:ba:b7:c3:30:11:
                    9a:4e:03:68:e0:53:65:18:61:f6:10:00:5e:81:28:
                    5f:30:68:1e:ee:0d:cc:d8:8e:07:54:0c:1e:bb:ea:
                    f8:d5:41:da:6e:d9:f2:0f:85:b3:d8:20:30:9e:b1:
                    f6:6e:d4:ee:fa:2b:a9:03:9e:d5:ae:ab:f1:82:3c:
                    9a:3f:dd:f1:e7:06:e1:ae:06:48:f6:55:10:4d:09:
                    c9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:09:B3:AB:01:36:92:EF:27:D0:C9:BC:12:B1:B2:84:70:AB:24:E9
            X509v3 Authority Key Identifier:
                keyid:16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/1wmzqwE2ku8n0Mm8ErGyhHCrJOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:58:dc:1b:79:56:35:48:ba:ed:f6:5b:75:ca:d5:90:56:c0:
         29:e7:f0:d1:5e:83:70:ca:2b:b0:29:16:9e:ea:02:c7:61:c5:
         b5:88:35:7f:a2:24:63:c4:91:58:b2:fb:85:b4:9c:a1:56:6e:
         97:5c:75:19:b5:d3:b0:b3:9e:f5:98:df:75:33:d8:c9:77:40:
         d9:8c:4d:29:76:c3:12:89:6f:18:fb:32:22:58:6d:2d:8e:f4:
         15:19:54:be:fe:6d:f9:27:22:59:5d:b0:a8:23:66:b7:5b:c0:
         be:01:eb:7e:4b:73:bf:c6:96:37:3f:8a:3e:8c:38:5c:37:fe:
         e0:62:46:3f:a8:62:ff:f2:5a:7c:23:c8:cc:e1:18:49:80:a9:
         10:4e:1b:a6:20:00:c3:46:53:93:e9:43:74:cc:51:c7:8c:57:
         3b:72:a2:6e:25:c7:54:6c:42:15:0e:92:0c:41:d2:2f:90:d7:
         e1:45:d7:7e:c3:3d:16:99:26:25:cd:36:f2:49:2a:bc:93:af:
         fb:68:51:28:00:b5:1a:46:de:1b:61:2c:b1:fb:cd:ed:b1:d2:
         c5:25:a2:51:08:ed:a2:14:93:21:2d:d8:e5:99:83:83:dc:2f:
         78:3d:0a:02:4c:89:88:a3:39:65:dd:51:47:21:d8:89:dd:2c:
         f8:b7:44:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiiefWh3MCkVwznHSBMsVsjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NmFmYzUxYzkyMmZkODQyZmVjNWIwY2JiZDI2ZWJkYmQx
YTE2MWUwHhcNMjUwODEzMDgwOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzA5YjNhYjAxMzY5MmVmMjdkMGM5YmMxMmIxYjI4NDcwYWIyNGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyug1d8V5CQ7keXpHdtMSE3qGZboR
eG6khn2YL2da6qso64fwYv4hiYLevgqKDQ+xLCrypxAMfKjVRZu8O3opEcf80cdv
HORuRMSc0lgMvzk/WaMtEY4cXWMZZg3GXVEzgTK7pkb9YKMXktOwE13BPrU06h5X
MzWtAHHV2Jgh5nLdtA2jYpu2IEcNRc5k6/eSVUSx113T/HjX9XACyYg0nBgrNx1d
PxIzhpMaRK3TurfDMBGaTgNo4FNlGGH2EABegShfMGge7g3M2I4HVAweu+r41UHa
btnyD4Wz2CAwnrH2btTu+iupA57VrqvxgjyaP93x5wbhrgZI9lUQTQnJNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcJs6sBNpLvJ9DJvBKxsoRwqyTpMB8GA1UdIwQY
MBaAFBZq/FHJIv2EL+xbDLvSbr29GhYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEt
MTNiOTExMGNlMjBjLzEvMXdtenF3RTJrdThuME1tOEVyR3loSENySk9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEtMTNiOTExMGNlMjBj
LzEvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPnDOMA0G
CSqGSIb3DQEBCwUAA4IBAQCUWNwbeVY1SLrt9lt1ytWQVsAp5/DRXoNwyiuwKRae
6gLHYcW1iDV/oiRjxJFYsvuFtJyhVm6XXHUZtdOws571mN91M9jJd0DZjE0pdsMS
iW8Y+zIiWG0tjvQVGVS+/m35JyJZXbCoI2a3W8C+Aet+S3O/xpY3P4o+jDhcN/7g
YkY/qGL/8lp8I8jM4RhJgKkQThumIADDRlOT6UN0zFHHjFc7cqJuJcdUbEIVDpIM
QdIvkNfhRdd+wz0WmSYlzTbySSq8k6/7aFEoALUaRt4bYSyx+83tsdLFJaJRCO2i
FJMhLdjlmYOD3C94PQoCTImIozll3VFHIdiJ3Sz4t0SN
-----END CERTIFICATE-----