Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/pexkcyVPSICPLZN0RiIg0ALWvjk.roa
File:                     pexkcyVPSICPLZN0RiIg0ALWvjk.roa (raw, json)
Hash identifier:          0Kygrrr/4SdNr2ZBGUFGg1GzDhK7GU5H16nbpbesFjA=
Subject key identifier:   A5:EC:64:73:25:4F:48:80:8F:2D:93:74:46:22:20:D0:02:D6:BE:39
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019DA4A885F08F926E66AE1BD8CF8AB42F23
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/pexkcyVPSICPLZN0RiIg0ALWvjk.roa
Signing time:             Sun 19 Apr 2026 07:33:20 +0000
ROA not before:           Sun 19 Apr 2026 07:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        62.72.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a4:a8:85:f0:8f:92:6e:66:ae:1b:d8:cf:8a:b4:2f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Apr 19 07:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5ec6473254f48808f2d9374462220d002d6be39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5a:59:82:0a:64:a5:0c:7b:7b:a2:be:d6:66:
                    37:4b:bd:03:8c:76:d4:98:40:2d:14:57:60:7c:8b:
                    50:91:c7:8b:1e:0c:48:9f:e6:0f:5e:cd:af:ff:c8:
                    f6:d4:d1:22:d6:cf:88:28:a5:35:71:70:8d:34:06:
                    ab:0c:6d:33:3b:bf:17:de:1a:2d:52:f7:c2:4d:3b:
                    ba:a7:8d:a3:38:5a:bb:15:a3:80:34:96:77:b1:c9:
                    8b:53:b3:20:a2:80:ad:d8:48:76:99:de:fa:54:72:
                    ee:a6:9e:b4:76:68:38:57:1a:b8:02:b7:37:0c:46:
                    32:a0:cb:80:ef:ed:1c:63:f4:68:ed:5c:00:91:58:
                    21:c4:76:92:b8:af:dd:cb:ab:73:f0:71:bb:58:7d:
                    4e:91:3f:19:40:46:04:df:45:23:c6:0c:e7:c7:a9:
                    a9:64:7f:2d:45:ef:ff:38:bb:d9:e1:e7:48:b7:c9:
                    70:cd:67:a7:2c:85:0a:5e:ca:10:ec:8a:b4:f4:07:
                    e6:c1:06:67:31:84:87:9f:67:94:b5:df:f8:6c:ed:
                    b4:21:43:68:b9:0a:d8:e7:e9:62:56:03:ca:93:bb:
                    ed:da:87:ff:da:06:8b:45:a6:ca:54:33:43:f1:5a:
                    4f:5a:66:5a:a8:bb:15:ab:10:e8:1d:f2:b6:e8:ce:
                    13:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:EC:64:73:25:4F:48:80:8F:2D:93:74:46:22:20:D0:02:D6:BE:39
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/pexkcyVPSICPLZN0RiIg0ALWvjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:d4:fd:45:dc:c3:26:ae:49:84:de:0f:e5:d3:47:d7:7f:d6:
         9b:7a:ac:08:86:00:a8:75:94:e2:2f:d1:06:fa:bc:d9:fc:0d:
         bc:4e:1a:61:36:6b:21:53:ba:27:6e:47:99:83:32:eb:dd:bd:
         a1:5f:6e:fc:02:ca:f1:64:10:81:6a:d8:33:81:57:6d:a0:cf:
         21:df:78:fa:90:72:e1:ec:0e:09:aa:4b:cb:37:76:1a:67:b2:
         5c:ca:8a:cf:13:e1:41:d9:d8:b4:23:bf:02:0c:15:ce:28:e7:
         87:2f:d1:96:d7:0f:c5:29:82:ef:b3:e9:62:67:53:ed:d5:27:
         05:6a:49:4d:d1:55:b7:bd:82:6d:ec:f2:f8:7e:14:bc:90:83:
         c2:8b:06:a2:7d:68:ce:dc:a7:71:7a:c0:09:a6:24:55:e0:9c:
         b3:4c:0e:e7:1b:a6:4b:c4:f5:a6:47:16:00:bf:fa:55:05:89:
         ca:d5:3a:e3:30:1b:03:da:15:1b:cf:ea:a1:ef:ce:34:b1:93:
         8f:79:c4:10:38:0a:3a:4a:0e:88:62:58:80:da:a9:a2:d4:aa:
         de:58:27:1c:79:98:31:75:6f:97:e3:bd:d0:45:73:31:4a:16:
         ee:9c:47:91:24:4c:5a:8f:c2:a7:81:4a:91:de:8a:25:2a:70:
         ca:e0:e4:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2kqIXwj5JuZq4b2M+KtC8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwNDE5MDczMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWVjNjQ3MzI1NGY0ODgwOGYyZDkzNzQ0NjIyMjBkMDAyZDZiZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVpZggpkpQx7e6K+1mY3S70DjHbU
mEAtFFdgfItQkceLHgxIn+YPXs2v/8j21NEi1s+IKKU1cXCNNAarDG0zO78X3hot
UvfCTTu6p42jOFq7FaOANJZ3scmLU7MgooCt2Eh2md76VHLupp60dmg4Vxq4Arc3
DEYyoMuA7+0cY/Ro7VwAkVghxHaSuK/dy6tz8HG7WH1OkT8ZQEYE30Ujxgznx6mp
ZH8tRe//OLvZ4edIt8lwzWenLIUKXsoQ7Iq09AfmwQZnMYSHn2eUtd/4bO20IUNo
uQrY5+liVgPKk7vt2of/2gaLRabKVDND8VpPWmZaqLsVqxDoHfK26M4TOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXsZHMlT0iAjy2TdEYiINAC1r45MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvcGV4a2N5VlBTSUNQTFpOMFJpSWcwQUxXdmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPki4MA0G
CSqGSIb3DQEBCwUAA4IBAQC21P1F3MMmrkmE3g/l00fXf9abeqwIhgCodZTiL9EG
+rzZ/A28ThphNmshU7onbkeZgzLr3b2hX278AsrxZBCBatgzgVdtoM8h33j6kHLh
7A4JqkvLN3YaZ7JcyorPE+FB2di0I78CDBXOKOeHL9GW1w/FKYLvs+liZ1Pt1ScF
aklN0VW3vYJt7PL4fhS8kIPCiwaifWjO3KdxesAJpiRV4JyzTA7nG6ZLxPWmRxYA
v/pVBYnK1TrjMBsD2hUbz+qh7840sZOPecQQOAo6Sg6IYliA2qmi1KreWCcceZgx
dW+X473QRXMxShbunEeRJExaj8KngUqR3oolKnDK4ORa
-----END CERTIFICATE-----