Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/02ukoqgvNNcZmUaLyQj7Lhy29hs.roa
File:                     02ukoqgvNNcZmUaLyQj7Lhy29hs.roa (raw, json)
Hash identifier:          0NusT2ssTBMBl02yztuVbsT5vxDK6461xnF67h4VU50=
Subject key identifier:   D3:6B:A4:A2:A8:2F:34:D7:19:99:46:8B:C9:08:FB:2E:1C:B6:F6:1B
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       0198BC6A273A68DE73C0DAA0DDCAC20E275D
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/02ukoqgvNNcZmUaLyQj7Lhy29hs.roa
Signing time:             Mon 18 Aug 2025 09:02:10 +0000
ROA not before:           Mon 18 Aug 2025 09:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199297
IP address blocks:        45.88.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bc:6a:27:3a:68:de:73:c0:da:a0:dd:ca:c2:0e:27:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Aug 18 09:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d36ba4a2a82f34d71999468bc908fb2e1cb6f61b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b6:97:ea:e3:10:8c:e4:2d:c1:66:a6:fa:b0:
                    ff:ad:a8:9f:13:e5:4e:ad:37:3b:40:9e:ed:d9:16:
                    65:61:64:a1:e1:0e:96:88:be:8f:03:b4:95:d0:5c:
                    6e:a5:b9:e6:d2:f9:85:c9:cf:9c:bb:8f:45:a6:7c:
                    b6:8c:a6:39:ec:da:03:65:e9:59:93:8e:0e:32:92:
                    14:a4:59:89:ca:5e:3d:24:e4:d4:44:d4:7b:d9:7d:
                    37:0c:b9:f3:c5:92:c2:d8:dd:15:74:8f:c3:ef:02:
                    36:fd:07:96:ff:3e:e5:5e:f8:b5:a9:af:6b:8b:3e:
                    bf:7a:81:bc:b2:d4:91:97:6d:a8:31:1b:ab:bc:da:
                    26:01:7c:26:8b:b8:ad:8e:92:b4:eb:63:71:16:cb:
                    4d:af:29:88:01:56:d0:34:65:a0:31:89:37:c1:2b:
                    db:88:43:f1:67:60:59:f1:87:e7:db:46:ac:d2:31:
                    7e:9a:43:29:9b:6f:4b:2e:cf:8b:40:00:43:7c:03:
                    1a:0d:44:06:08:ed:22:59:95:0a:dd:70:db:52:af:
                    b4:cf:65:4a:69:50:65:1e:1f:77:63:33:ce:a2:59:
                    dc:3a:a1:1c:7d:f0:2a:bc:de:de:d6:ae:01:fd:60:
                    8c:3a:c1:25:03:c6:fb:d4:6a:a2:39:30:26:53:86:
                    bd:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:6B:A4:A2:A8:2F:34:D7:19:99:46:8B:C9:08:FB:2E:1C:B6:F6:1B
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/02ukoqgvNNcZmUaLyQj7Lhy29hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b5:79:6c:e6:dc:cf:fd:e5:cd:32:82:8e:dd:aa:8c:65:8d:
         b7:00:ec:1e:9e:7f:ae:60:5d:1e:d7:c7:35:d5:68:65:d4:dc:
         d1:20:e2:ec:ef:07:3a:85:8b:d6:cb:a2:22:16:a6:20:d4:5b:
         13:a5:85:5e:ad:9e:82:f9:16:0b:0d:ab:0a:1d:6d:b1:fd:59:
         3b:82:27:aa:3d:90:7b:1b:09:7e:1f:e6:43:0b:54:a2:ae:de:
         0b:40:7a:9b:ac:f3:eb:6c:6a:6d:6b:2d:20:36:f9:a3:5a:86:
         79:03:90:09:ad:fb:1e:e4:c5:aa:d0:c1:58:af:87:a0:c8:93:
         dd:a3:85:30:63:5e:b0:be:c4:e8:89:eb:6e:4c:ed:32:0b:83:
         ca:b9:20:be:49:94:95:22:11:03:9b:73:ac:6d:97:7e:3e:6e:
         7e:d2:dc:94:9e:31:b6:6b:b5:d4:d6:12:b0:1b:11:78:78:33:
         37:85:cb:20:11:39:b8:c0:28:7d:e5:ed:0f:04:2c:b5:8c:d0:
         fd:39:a4:69:11:ee:72:62:63:c0:26:54:8a:53:21:03:78:38:
         31:76:9c:5a:40:24:54:86:fa:e1:fd:94:fd:44:39:04:00:f7:
         ab:96:6e:30:57:cf:57:12:12:ea:6d:5f:95:52:07:71:08:19:
         5e:16:ae:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi8aic6aN5zwNqg3crCDiddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwODE4MDkwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzZiYTRhMmE4MmYzNGQ3MTk5OTQ2OGJjOTA4ZmIyZTFjYjZmNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbaX6uMQjOQtwWam+rD/raifE+VO
rTc7QJ7t2RZlYWSh4Q6WiL6PA7SV0Fxupbnm0vmFyc+cu49Fpny2jKY57NoDZelZ
k44OMpIUpFmJyl49JOTURNR72X03DLnzxZLC2N0VdI/D7wI2/QeW/z7lXvi1qa9r
iz6/eoG8stSRl22oMRurvNomAXwmi7itjpK062NxFstNrymIAVbQNGWgMYk3wSvb
iEPxZ2BZ8Yfn20as0jF+mkMpm29LLs+LQABDfAMaDUQGCO0iWZUK3XDbUq+0z2VK
aVBlHh93YzPOolncOqEcffAqvN7e1q4B/WCMOsElA8b71GqiOTAmU4a93QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNrpKKoLzTXGZlGi8kI+y4ctvYbMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvMDJ1a29xZ3ZOTmNabVVhTHlRajdMaHkyOWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVi0MA0G
CSqGSIb3DQEBCwUAA4IBAQAptXls5tzP/eXNMoKO3aqMZY23AOwenn+uYF0e18c1
1Whl1NzRIOLs7wc6hYvWy6IiFqYg1FsTpYVerZ6C+RYLDasKHW2x/Vk7gieqPZB7
Gwl+H+ZDC1Sirt4LQHqbrPPrbGptay0gNvmjWoZ5A5AJrfse5MWq0MFYr4egyJPd
o4UwY16wvsToietuTO0yC4PKuSC+SZSVIhEDm3OsbZd+Pm5+0tyUnjG2a7XU1hKw
GxF4eDM3hcsgETm4wCh95e0PBCy1jND9OaRpEe5yYmPAJlSKUyEDeDgxdpxaQCRU
hvrh/ZT9RDkEAPerlm4wV89XEhLqbV+VUgdxCBleFq7N
-----END CERTIFICATE-----