Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/mYQPII2ilkK1oy0MlW-v6JAxGxk.roa
File:                     mYQPII2ilkK1oy0MlW-v6JAxGxk.roa (raw, json)
Hash identifier:          tyuBwPs2VAbnEW0fWN1peF41+ky+lDL1B9PXSQMox8A=
Subject key identifier:   99:84:0F:20:8D:A2:96:42:B5:A3:2D:0C:95:6F:AF:E8:90:31:1B:19
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019DA4A96F3AFFD26B582BCF6BAA90AFACEE
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/mYQPII2ilkK1oy0MlW-v6JAxGxk.roa
Signing time:             Sun 19 Apr 2026 07:34:20 +0000
ROA not before:           Sun 19 Apr 2026 07:34:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        62.72.172.0/24 maxlen: 24
                          62.72.173.0/24 maxlen: 24
                          62.72.183.0/24 maxlen: 24
                          62.72.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a4:a9:6f:3a:ff:d2:6b:58:2b:cf:6b:aa:90:af:ac:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Apr 19 07:34:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99840f208da29642b5a32d0c956fafe890311b19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:51:81:43:e6:31:6c:a8:de:9a:67:e1:fc:0a:
                    c9:8d:70:2e:b3:7c:da:50:05:ac:38:f5:d3:6f:23:
                    97:1a:8c:1e:29:f4:50:b8:7a:9e:82:14:8a:9d:f4:
                    f4:de:30:6e:74:0f:c0:45:c7:77:47:ee:de:68:c0:
                    53:4e:7d:32:95:e3:9a:48:ca:25:a5:f3:c8:27:af:
                    90:51:37:18:39:d4:63:ed:58:4f:f8:4d:71:6b:08:
                    6b:a7:e9:d3:63:ea:71:5f:70:5c:df:e6:bf:95:36:
                    c2:da:db:8a:4a:ec:e1:c7:fc:b0:c7:d0:28:cd:45:
                    e9:f2:4f:6f:24:f7:13:90:9c:d1:6e:2c:ef:01:ff:
                    75:7e:65:64:f5:e3:5e:05:30:98:12:05:99:eb:cc:
                    39:6f:60:d4:fa:cd:01:4c:e6:9f:6e:2c:2a:32:aa:
                    f2:f9:47:bd:72:93:73:06:e5:88:27:bf:1b:11:96:
                    71:d9:07:cc:5f:0c:3a:86:20:eb:b6:df:38:6e:3e:
                    79:58:59:9b:61:c1:ae:fc:6f:dd:06:c7:13:a7:72:
                    cb:38:dd:8c:69:2e:e3:57:b6:09:ab:e9:f4:1c:0d:
                    6a:74:54:8e:c1:0c:f1:75:95:15:de:dd:36:47:b4:
                    87:21:8e:b2:6e:36:33:18:d3:b9:bb:e5:d3:bc:9a:
                    2b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:84:0F:20:8D:A2:96:42:B5:A3:2D:0C:95:6F:AF:E8:90:31:1B:19
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/mYQPII2ilkK1oy0MlW-v6JAxGxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.172.0/23
                  62.72.183.0/24
                  62.72.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:39:d5:f1:e6:f8:82:e5:f9:9d:c8:08:a4:8d:9c:02:8c:18:
         d5:f8:39:1f:18:2a:f4:ed:39:be:0d:0e:cc:27:6b:e6:52:33:
         e4:22:f5:0c:b8:a8:89:46:ef:0c:94:69:a9:ee:15:67:45:36:
         30:6e:f6:7f:2a:46:36:9b:31:e1:79:b5:18:e8:75:94:a0:f6:
         65:2d:6c:4a:9a:a2:2a:ab:08:96:ff:17:92:1e:87:90:a6:c5:
         49:03:e5:a4:aa:aa:df:4b:a6:e1:e2:b4:05:df:f1:c6:03:a1:
         73:cf:53:62:e6:4f:89:13:49:62:52:73:24:98:5c:2f:a7:38:
         2a:c7:c2:2e:5b:2c:20:69:1f:4e:f2:6c:19:34:b9:05:24:64:
         3c:51:c9:ef:42:ed:79:de:fb:9e:13:28:ad:06:5e:e0:41:6b:
         58:30:1a:a6:d3:38:59:e7:67:49:5a:a8:f2:96:9f:c6:71:80:
         09:6a:11:6b:a8:68:26:bd:4a:19:11:25:51:1e:6b:96:41:34:
         fe:2d:57:9f:3e:fd:33:a0:20:19:20:29:88:4e:fd:04:df:15:
         27:ac:8a:e9:2f:8f:47:73:56:84:5f:2d:6c:4d:fc:f7:73:1d:
         a9:83:61:b4:ae:51:43:c5:d9:3a:8d:bd:56:87:5a:c3:d6:01:
         bd:d2:76:00
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2kqW86/9JrWCvPa6qQr6zuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwNDE5MDczNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTg0MGYyMDhkYTI5NjQyYjVhMzJkMGM5NTZmYWZlODkwMzExYjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFGBQ+YxbKjemmfh/ArJjXAus3za
UAWsOPXTbyOXGoweKfRQuHqeghSKnfT03jBudA/ARcd3R+7eaMBTTn0yleOaSMol
pfPIJ6+QUTcYOdRj7VhP+E1xawhrp+nTY+pxX3Bc3+a/lTbC2tuKSuzhx/ywx9Ao
zUXp8k9vJPcTkJzRbizvAf91fmVk9eNeBTCYEgWZ68w5b2DU+s0BTOafbiwqMqry
+Ue9cpNzBuWIJ78bEZZx2QfMXww6hiDrtt84bj55WFmbYcGu/G/dBscTp3LLON2M
aS7jV7YJq+n0HA1qdFSOwQzxdZUV3t02R7SHIY6ybjYzGNO5u+XTvJor0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJmEDyCNopZCtaMtDJVvr+iQMRsZMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvbVlRUElJMmlsa0sxb3kwTWxXLXY2SkF4R3hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBPkisAwQA
Pki3AwQAPki+MA0GCSqGSIb3DQEBCwUAA4IBAQCZOdXx5viC5fmdyAikjZwCjBjV
+DkfGCr07Tm+DQ7MJ2vmUjPkIvUMuKiJRu8MlGmp7hVnRTYwbvZ/KkY2mzHhebUY
6HWUoPZlLWxKmqIqqwiW/xeSHoeQpsVJA+WkqqrfS6bh4rQF3/HGA6Fzz1Ni5k+J
E0liUnMkmFwvpzgqx8IuWywgaR9O8mwZNLkFJGQ8UcnvQu153vueEyitBl7gQWtY
MBqm0zhZ52dJWqjylp/GcYAJahFrqGgmvUoZESVRHmuWQTT+LVefPv0zoCAZICmI
Tv0E3xUnrIrpL49Hc1aEXy1sTfz3cx2pg2G0rlFDxdk6jb1Wh1rD1gG90nYA
-----END CERTIFICATE-----