Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/ie3Ij3d9SbHwlFZKN1iAPlTDPF8.roa
File:                     ie3Ij3d9SbHwlFZKN1iAPlTDPF8.roa (raw, json)
Hash identifier:          LDgmzuKBYv7wHEv9dhDlxCP+uQjNRE91nisvU0AfRTM=
Subject key identifier:   89:ED:C8:8F:77:7D:49:B1:F0:94:56:4A:37:58:80:3E:54:C3:3C:5F
Certificate issuer:       /CN=87107e3fd9b94b4b36e6a8f370e8650a7f57e6c3
Certificate serial:       019851A06F7E35AE27EE11A3726EA97079E1
Authority key identifier: 87:10:7E:3F:D9:B9:4B:4B:36:E6:A8:F3:70:E8:65:0A:7F:57:E6:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hxB-P9m5S0s25qjzcOhlCn9X5sM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/ie3Ij3d9SbHwlFZKN1iAPlTDPF8.roa
Signing time:             Mon 28 Jul 2025 15:22:05 +0000
ROA not before:           Mon 28 Jul 2025 15:22:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199634
IP address blocks:        62.122.208.0/22 maxlen: 22
                          62.122.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/hxB-P9m5S0s25qjzcOhlCn9X5sM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/hxB-P9m5S0s25qjzcOhlCn9X5sM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hxB-P9m5S0s25qjzcOhlCn9X5sM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:51:a0:6f:7e:35:ae:27:ee:11:a3:72:6e:a9:70:79:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87107e3fd9b94b4b36e6a8f370e8650a7f57e6c3
        Validity
            Not Before: Jul 28 15:22:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89edc88f777d49b1f094564a3758803e54c33c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b4:c3:7d:33:ed:c3:b3:ac:9a:28:f2:c1:99:
                    8c:37:2e:08:6e:4a:b2:a3:8f:02:84:e7:2f:ad:03:
                    a5:64:62:75:26:6f:64:fd:bd:fd:93:84:36:27:53:
                    b4:43:32:2a:c7:50:41:94:c5:22:63:89:ff:fc:d5:
                    9c:99:99:09:66:be:f0:7f:83:65:79:f2:e3:d1:d0:
                    9a:a2:4c:5d:1d:69:2d:2c:94:c7:95:65:dc:e5:44:
                    e4:bc:71:73:a2:2b:5a:bf:ef:ad:fe:b5:0d:4b:a1:
                    b2:41:79:49:d3:34:8b:ba:94:ef:6f:f0:0c:cd:20:
                    b6:c6:a9:19:fc:79:bf:d1:8c:15:e6:66:f2:46:64:
                    c4:41:78:73:7e:e4:8d:61:e7:d8:06:93:8d:ad:92:
                    52:e2:00:f4:02:5f:dc:64:0c:25:10:3f:5e:bf:a1:
                    2f:ae:d5:48:c8:21:fa:58:6e:0d:bd:1c:11:7a:66:
                    1d:6d:62:5d:f0:b9:de:d0:fc:dc:40:df:e1:54:c1:
                    91:e1:20:6f:ee:d8:11:c0:f1:39:2c:84:9e:1a:3d:
                    0b:72:b9:e2:6d:b5:4b:50:c9:f6:fb:ff:92:55:c5:
                    d3:3a:a9:e7:00:f0:f9:2d:44:84:c8:03:93:f5:bb:
                    f1:0e:44:14:9f:48:c6:9a:68:82:2c:f4:07:ca:08:
                    0e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:ED:C8:8F:77:7D:49:B1:F0:94:56:4A:37:58:80:3E:54:C3:3C:5F
            X509v3 Authority Key Identifier:
                keyid:87:10:7E:3F:D9:B9:4B:4B:36:E6:A8:F3:70:E8:65:0A:7F:57:E6:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hxB-P9m5S0s25qjzcOhlCn9X5sM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/ie3Ij3d9SbHwlFZKN1iAPlTDPF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/hxB-P9m5S0s25qjzcOhlCn9X5sM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.208.0-62.122.212.255

    Signature Algorithm: sha256WithRSAEncryption
         a5:00:30:f6:7a:17:85:bc:2d:3c:85:f9:49:86:b2:8b:0e:d2:
         d1:52:de:a7:b0:65:8c:89:8c:3d:07:d3:28:bb:24:0a:1a:13:
         61:0d:cd:d1:6f:99:fb:d0:c6:a5:20:f5:da:aa:42:a6:28:0f:
         00:66:27:8d:3e:bb:f9:3f:1f:ea:d8:31:e3:0c:12:f0:4e:eb:
         31:af:d9:60:9a:93:38:32:2b:ae:27:3a:a4:b3:d3:2a:61:4b:
         b6:e3:5d:75:16:1d:dc:fb:32:85:5c:29:0c:f5:1b:00:4c:c0:
         20:2b:6c:08:b3:b6:a3:15:8c:74:33:da:77:2c:e4:35:3b:cd:
         e8:cb:50:cd:87:76:ac:a3:83:5d:76:f5:a5:d9:4d:8e:6a:74:
         3f:7c:de:02:1b:48:e0:ff:ce:69:f5:1f:c8:6f:c6:1e:70:a2:
         ad:14:5b:8c:18:63:0a:0e:59:ee:94:eb:d4:cb:c8:a0:17:a4:
         9d:b5:45:74:b9:a0:b7:96:c2:85:1a:1d:8b:27:5d:58:80:6e:
         a4:10:19:4c:48:a8:34:65:88:13:00:f3:ac:42:d1:ed:c4:fc:
         4b:d3:57:19:fd:70:cd:8e:c0:ac:f2:1c:06:5b:75:3d:cf:f9:
         da:fd:43:e6:d3:89:f5:00:46:1c:b9:e2:69:1c:72:f9:15:11:
         d8:ac:a4:09
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZhRoG9+Na4n7hGjcm6pcHnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MTA3ZTNmZDliOTRiNGIzNmU2YThmMzcwZTg2NTBhN2Y1
N2U2YzMwHhcNMjUwNzI4MTUyMjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWVkYzg4Zjc3N2Q0OWIxZjA5NDU2NGEzNzU4ODAzZTU0YzMzYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbTDfTPtw7OsmijywZmMNy4Ibkqy
o48ChOcvrQOlZGJ1Jm9k/b39k4Q2J1O0QzIqx1BBlMUiY4n//NWcmZkJZr7wf4Nl
efLj0dCaokxdHWktLJTHlWXc5UTkvHFzoitav++t/rUNS6GyQXlJ0zSLupTvb/AM
zSC2xqkZ/Hm/0YwV5mbyRmTEQXhzfuSNYefYBpONrZJS4gD0Al/cZAwlED9ev6Ev
rtVIyCH6WG4NvRwRemYdbWJd8Lne0PzcQN/hVMGR4SBv7tgRwPE5LISeGj0Lcrni
bbVLUMn2+/+SVcXTOqnnAPD5LUSEyAOT9bvxDkQUn0jGmmiCLPQHyggOhwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIntyI93fUmx8JRWSjdYgD5UwzxfMB8GA1UdIwQY
MBaAFIcQfj/ZuUtLNuao83DoZQp/V+bDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHhCLVA5bTVTMHMyNXFqemNPaGxDbjlYNXNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hNTkzOTAtODA0OC00M2I5LTgyYjUt
NzYxZGFiMzg5YjViLzEvaWUzSWozZDlTYkh3bEZaS04xaUFQbFREUEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hNTkzOTAtODA0OC00M2I5LTgyYjUtNzYxZGFiMzg5YjVi
LzEvaHhCLVA5bTVTMHMyNXFqemNPaGxDbjlYNXNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAQ+etAD
BAA+etQwDQYJKoZIhvcNAQELBQADggEBAKUAMPZ6F4W8LTyF+UmGsosO0tFS3qew
ZYyJjD0H0yi7JAoaE2ENzdFvmfvQxqUg9dqqQqYoDwBmJ40+u/k/H+rYMeMMEvBO
6zGv2WCakzgyK64nOqSz0yphS7bjXXUWHdz7MoVcKQz1GwBMwCArbAiztqMVjHQz
2ncs5DU7zejLUM2Hdqyjg1129aXZTY5qdD983gIbSOD/zmn1H8hvxh5woq0UW4wY
YwoOWe6U69TLyKAXpJ21RXS5oLeWwoUaHYsnXViAbqQQGUxIqDRliBMA86xC0e3E
/EvTVxn9cM2OwKzyHAZbdT3P+dr9Q+bTifUARhy54mkccvkVEdispAk=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:12:46 2025 by rpki-client