Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/12cWFr32i6PF2CeFM1PO-xgXt6A.roa
File:                     12cWFr32i6PF2CeFM1PO-xgXt6A.roa (raw, json)
Hash identifier:          kaGn4iTJ9yXgrBEjfOG5dUlsL+x0SJaJYPyNDbIcR54=
Subject key identifier:   D7:67:16:16:BD:F6:8B:A3:C5:D8:27:85:33:53:CE:FB:18:17:B7:A0
Certificate issuer:       /CN=617cd8d48b5d15667bf131396d4a6c59d7d167c0
Certificate serial:       01985A96B6FBA7267FB02B7195B177885F2A
Authority key identifier: 61:7C:D8:D4:8B:5D:15:66:7B:F1:31:39:6D:4A:6C:59:D7:D1:67:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/12cWFr32i6PF2CeFM1PO-xgXt6A.roa
Signing time:             Wed 30 Jul 2025 09:08:03 +0000
ROA not before:           Wed 30 Jul 2025 09:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        62.146.255.0/24 maxlen: 24
                          145.63.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 18:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5a:96:b6:fb:a7:26:7f:b0:2b:71:95:b1:77:88:5f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=617cd8d48b5d15667bf131396d4a6c59d7d167c0
        Validity
            Not Before: Jul 30 09:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7671616bdf68ba3c5d827853353cefb1817b7a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ab:18:a2:10:e7:d8:16:47:71:ff:41:e6:80:
                    fd:46:02:a3:21:85:17:a7:c6:bc:58:72:1d:a2:cc:
                    81:a1:14:13:77:0d:10:c8:6c:a8:d7:e1:49:e7:af:
                    db:14:5a:0d:0e:31:d5:15:6a:20:5a:c6:bf:4c:f0:
                    5f:fe:ce:b6:a1:dd:e7:a2:c6:a1:8d:15:3e:7f:09:
                    d5:91:57:de:60:f9:d0:c2:1c:57:22:d0:79:61:15:
                    d8:46:85:64:a8:3e:f0:5b:f3:20:3c:0f:ee:11:82:
                    10:9c:6e:1b:82:8b:16:09:e9:f2:86:64:59:23:5f:
                    3f:a0:e0:e9:fc:51:88:d8:34:be:67:d6:b8:1d:79:
                    99:e5:07:98:e0:10:76:ca:77:d1:c6:5b:4c:3a:ff:
                    63:b4:3c:db:b2:0e:dd:35:25:d4:48:62:8f:3d:ea:
                    0b:cd:7d:f5:48:9b:51:5a:b8:2f:41:14:bb:f4:2f:
                    f1:4c:9b:5e:1c:5f:f1:c0:fe:10:49:a1:05:a6:2c:
                    78:68:06:ff:8d:90:13:70:80:31:3f:80:1d:10:e1:
                    f5:89:64:37:58:00:29:6d:de:b0:31:17:84:93:64:
                    80:6f:8a:c2:48:28:ac:9c:31:26:fc:b3:b4:06:c8:
                    af:d3:2e:30:4b:aa:68:e7:9b:fd:92:90:50:a7:df:
                    28:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:67:16:16:BD:F6:8B:A3:C5:D8:27:85:33:53:CE:FB:18:17:B7:A0
            X509v3 Authority Key Identifier:
                keyid:61:7C:D8:D4:8B:5D:15:66:7B:F1:31:39:6D:4A:6C:59:D7:D1:67:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/12cWFr32i6PF2CeFM1PO-xgXt6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.146.255.0/24
                  145.63.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:6a:dc:8c:81:f9:e1:dd:aa:e4:c6:74:4d:af:4d:cd:a1:94:
         60:94:ed:27:97:11:be:f6:7e:c9:62:fe:6d:85:55:8b:58:b4:
         5e:26:d8:29:4a:ad:f4:8f:2c:ac:c3:5d:82:76:52:c6:7f:63:
         6d:7d:c5:63:91:fb:47:ce:cc:69:6c:f4:b8:f2:ed:a9:c0:f0:
         3d:80:80:48:cd:c4:a4:25:d7:7c:27:87:63:70:c3:f7:66:54:
         59:de:f2:cd:ef:c6:bb:89:13:35:ad:61:f6:44:0c:ee:2b:fc:
         cf:16:f2:a8:ed:c4:30:4a:01:d4:1d:f4:58:f0:01:7a:1f:9a:
         8c:6a:0c:12:e0:69:17:45:be:a8:c6:bb:c8:3e:79:3b:9c:dd:
         5d:de:df:21:58:2a:6c:32:30:e3:ce:57:62:ad:d2:7a:aa:c3:
         67:35:66:54:f2:d0:c6:03:db:fd:48:55:01:b9:44:31:29:48:
         ad:66:b8:f6:04:a6:aa:3e:43:a0:47:46:9a:3c:d6:8a:85:48:
         5e:fd:0a:3b:6a:53:c1:79:13:d1:22:2f:51:11:1f:c1:d6:c5:
         95:97:9a:43:49:8c:29:67:9a:dd:1a:27:bf:0d:86:55:39:5e:
         5c:1c:98:5f:37:9e:b3:75:68:8f:23:d1:ca:e4:ee:f6:c1:1d:
         3d:c3:f7:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhalrb7pyZ/sCtxlbF3iF8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxN2NkOGQ0OGI1ZDE1NjY3YmYxMzEzOTZkNGE2YzU5ZDdk
MTY3YzAwHhcNMjUwNzMwMDkwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzY3MTYxNmJkZjY4YmEzYzVkODI3ODUzMzUzY2VmYjE4MTdiN2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjasYohDn2BZHcf9B5oD9RgKjIYUX
p8a8WHIdosyBoRQTdw0QyGyo1+FJ56/bFFoNDjHVFWogWsa/TPBf/s62od3nosah
jRU+fwnVkVfeYPnQwhxXItB5YRXYRoVkqD7wW/MgPA/uEYIQnG4bgosWCenyhmRZ
I18/oODp/FGI2DS+Z9a4HXmZ5QeY4BB2ynfRxltMOv9jtDzbsg7dNSXUSGKPPeoL
zX31SJtRWrgvQRS79C/xTJteHF/xwP4QSaEFpix4aAb/jZATcIAxP4AdEOH1iWQ3
WAApbd6wMReEk2SAb4rCSCisnDEm/LO0Bsiv0y4wS6po55v9kpBQp98oMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNdnFha99oujxdgnhTNTzvsYF7egMB8GA1UdIwQY
MBaAFGF82NSLXRVme/ExOW1KbFnX0WfAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVh6WTFJdGRGV1o3OFRFNWJVcHNXZGZSWjhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8xMDVlMjMtNmNlNi00Y2UwLTkzZmEt
YmY2ZTk3ZGRkMDc5LzEvMTJjV0ZyMzJpNlBGMkNlRk0xUE8teGdYdDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8xMDVlMjMtNmNlNi00Y2UwLTkzZmEtYmY2ZTk3ZGRkMDc5
LzEvWVh6WTFJdGRGV1o3OFRFNWJVcHNXZGZSWjhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPpL/AwQA
kT9AMA0GCSqGSIb3DQEBCwUAA4IBAQAIatyMgfnh3arkxnRNr03NoZRglO0nlxG+
9n7JYv5thVWLWLReJtgpSq30jyysw12CdlLGf2NtfcVjkftHzsxpbPS48u2pwPA9
gIBIzcSkJdd8J4djcMP3ZlRZ3vLN78a7iRM1rWH2RAzuK/zPFvKo7cQwSgHUHfRY
8AF6H5qMagwS4GkXRb6oxrvIPnk7nN1d3t8hWCpsMjDjzldirdJ6qsNnNWZU8tDG
A9v9SFUBuUQxKUitZrj2BKaqPkOgR0aaPNaKhUhe/Qo7alPBeRPRIi9RER/B1sWV
l5pDSYwpZ5rdGie/DYZVOV5cHJhfN56zdWiPI9HK5O72wR09w/f3
-----END CERTIFICATE-----