Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/RmvjYmPdLVqVlOqPp9vcdtr2DQg.roa
File:                     RmvjYmPdLVqVlOqPp9vcdtr2DQg.roa (raw, json)
Hash identifier:          9F2rOTF3/Hee/eF7UEBylfjaac2UbkroovpmpmD2Kmg=
Subject key identifier:   46:6B:E3:62:63:DD:2D:5A:95:94:EA:8F:A7:DB:DC:76:DA:F6:0D:08
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01982D106555040973230F7E3D9AEB0D7F31
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/RmvjYmPdLVqVlOqPp9vcdtr2DQg.roa
Signing time:             Mon 21 Jul 2025 12:58:25 +0000
ROA not before:           Mon 21 Jul 2025 12:58:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        62.72.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:10:65:55:04:09:73:23:0f:7e:3d:9a:eb:0d:7f:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jul 21 12:58:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=466be36263dd2d5a9594ea8fa7dbdc76daf60d08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:68:dd:2d:60:4b:3f:38:97:a5:f1:f2:c9:6c:
                    d8:5d:34:4e:3f:c4:c2:1a:8e:cb:7c:81:9e:44:50:
                    61:96:39:c1:fb:77:61:33:dd:df:09:37:a2:13:9b:
                    79:08:57:7f:ba:34:82:2e:94:6d:11:fe:04:72:dc:
                    f1:0a:55:52:62:ee:5c:0f:fb:7b:e1:db:35:24:c2:
                    de:1e:6d:2b:a6:56:4a:70:a9:ae:10:ed:18:56:67:
                    f5:1d:31:a1:38:ac:83:6e:08:7b:5a:c0:65:16:f6:
                    ca:07:f3:69:a2:1c:ac:65:e9:f7:40:47:d8:da:ad:
                    84:09:47:f5:8d:7d:8e:d1:42:e5:c7:74:bf:3b:fb:
                    a5:2e:13:2d:bb:a8:26:7b:1e:40:35:b5:49:08:c4:
                    a3:2d:6d:ae:dc:5f:b0:73:3b:19:dc:dc:74:4a:e5:
                    68:8b:0f:a7:a5:40:27:e7:5b:13:e4:be:1b:59:db:
                    0f:dd:71:09:d2:33:32:e2:bb:b1:d7:cc:3b:b6:70:
                    5e:54:61:0e:8a:a5:50:90:5a:5a:5e:f7:c7:cb:50:
                    9a:41:e6:9a:e3:4b:49:79:63:b7:9c:2b:5c:ca:1d:
                    9b:89:4e:24:8a:6a:a5:0c:20:7e:53:d8:88:a4:0b:
                    e7:17:ef:a7:7e:24:0c:84:57:3d:35:b1:af:f1:b6:
                    e4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:6B:E3:62:63:DD:2D:5A:95:94:EA:8F:A7:DB:DC:76:DA:F6:0D:08
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/RmvjYmPdLVqVlOqPp9vcdtr2DQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:cb:3b:5f:6f:f3:30:d2:a6:4e:5d:18:51:af:d1:e7:97:b9:
         07:66:1a:fe:ae:c5:f6:74:3d:b6:d1:20:95:de:12:d6:c3:4e:
         b7:2c:9c:fc:bd:7a:27:96:26:0c:96:1f:8a:0f:b1:06:84:6e:
         e8:49:79:9d:25:31:3c:9a:2f:23:06:59:fe:34:88:b5:bf:df:
         8d:50:6d:2a:f6:08:60:9e:cb:6c:35:7c:07:24:86:f5:a7:81:
         82:a3:bb:25:de:c4:6d:4a:0d:88:c7:39:f5:a9:0a:19:20:4c:
         6f:3b:df:80:94:07:e6:d1:a6:18:5a:0d:22:66:5b:f2:24:83:
         fc:90:6e:fa:50:44:c9:7e:f1:10:30:c1:eb:8c:cd:5b:5f:8b:
         42:7a:ae:5c:12:ad:65:ca:26:ba:73:bb:ce:0b:fa:bd:49:d7:
         95:91:10:fb:48:40:cd:93:3f:f5:f3:00:90:fb:3b:84:00:e6:
         8c:c6:2c:fb:f7:53:b8:4f:e8:70:58:cc:e0:b6:de:2f:fe:67:
         47:03:40:0f:91:76:3c:61:c2:3a:f2:2f:00:cc:71:b0:e1:5f:
         79:3e:03:11:ff:31:3a:0c:2a:3b:ad:44:a4:f4:a0:ea:2e:b2:
         39:52:8c:31:45:36:f7:70:ad:42:b6:c6:09:90:5a:35:4b:9e:
         75:de:f0:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgtEGVVBAlzIw9+PZrrDX8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwNzIxMTI1ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjZiZTM2MjYzZGQyZDVhOTU5NGVhOGZhN2RiZGM3NmRhZjYwZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGjdLWBLPziXpfHyyWzYXTROP8TC
Go7LfIGeRFBhljnB+3dhM93fCTeiE5t5CFd/ujSCLpRtEf4EctzxClVSYu5cD/t7
4ds1JMLeHm0rplZKcKmuEO0YVmf1HTGhOKyDbgh7WsBlFvbKB/NpohysZen3QEfY
2q2ECUf1jX2O0ULlx3S/O/ulLhMtu6gmex5ANbVJCMSjLW2u3F+wczsZ3Nx0SuVo
iw+npUAn51sT5L4bWdsP3XEJ0jMy4rux18w7tnBeVGEOiqVQkFpaXvfHy1CaQeaa
40tJeWO3nCtcyh2biU4kimqlDCB+U9iIpAvnF++nfiQMhFc9NbGv8bbkMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZr42Jj3S1alZTqj6fb3Hba9g0IMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvUm12alltUGRMVnFWbE9xUHA5dmNkdHIyRFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkiqMA0G
CSqGSIb3DQEBCwUAA4IBAQAfyztfb/Mw0qZOXRhRr9Hnl7kHZhr+rsX2dD220SCV
3hLWw063LJz8vXonliYMlh+KD7EGhG7oSXmdJTE8mi8jBln+NIi1v9+NUG0q9ghg
nstsNXwHJIb1p4GCo7sl3sRtSg2Ixzn1qQoZIExvO9+AlAfm0aYYWg0iZlvyJIP8
kG76UETJfvEQMMHrjM1bX4tCeq5cEq1lyia6c7vOC/q9SdeVkRD7SEDNkz/18wCQ
+zuEAOaMxiz791O4T+hwWMzgtt4v/mdHA0APkXY8YcI68i8AzHGw4V95PgMR/zE6
DCo7rUSk9KDqLrI5UowxRTb3cK1CtsYJkFo1S5513vCF
-----END CERTIFICATE-----