Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/X1F5b2plSGTPWCvHMe9FbCYpPsg.roa
File:                     X1F5b2plSGTPWCvHMe9FbCYpPsg.roa (raw, json)
Hash identifier:          wcCPXJuHDn30VFNAxZheuTYNkl1x5zVKb+3b+C4+Iuk=
Subject key identifier:   5F:51:79:6F:6A:65:48:64:CF:58:2B:C7:31:EF:45:6C:26:29:3E:C8
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       0198292C4CED18F9AD47A2CC497FD40881AF
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/X1F5b2plSGTPWCvHMe9FbCYpPsg.roa
Signing time:             Sun 20 Jul 2025 18:50:25 +0000
ROA not before:           Sun 20 Jul 2025 18:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        62.171.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:29:2c:4c:ed:18:f9:ad:47:a2:cc:49:7f:d4:08:81:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jul 20 18:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f51796f6a654864cf582bc731ef456c26293ec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d6:a0:73:8d:d1:09:e5:73:46:f1:4d:5f:cc:
                    4e:d4:2c:8b:90:46:e2:50:92:a7:9e:90:d1:0c:1e:
                    06:dd:70:da:c5:29:be:da:20:de:25:4d:8f:53:c8:
                    b5:6c:e9:84:a2:7c:09:e0:f9:a2:6b:bb:92:d0:8f:
                    b7:01:0b:f2:fb:ce:73:39:bd:a6:d8:cc:9a:bb:11:
                    e1:a5:f7:34:e8:e9:18:77:01:3a:87:93:5f:28:8a:
                    9f:08:85:79:6d:b7:a6:24:4c:fe:fb:bb:d1:0b:96:
                    3e:0a:ff:2b:1b:00:b6:fa:7c:7e:f6:48:64:04:f9:
                    1a:4e:8d:84:d5:06:8f:2b:78:2e:5b:47:76:2b:cb:
                    bf:14:f3:86:1b:8c:23:0b:23:63:e7:81:46:d4:37:
                    cc:52:8e:15:e7:a4:45:d0:74:3c:73:dc:d2:be:b1:
                    3d:6f:d8:ad:a0:a1:ea:96:71:85:59:f7:c7:f0:ad:
                    83:fc:5a:a2:ff:82:e9:c7:9f:2d:42:b8:6a:a3:fa:
                    6f:64:89:95:e4:6c:f4:3e:5e:16:50:f9:08:2b:1e:
                    1d:77:0e:2e:a0:dd:c0:00:7a:d7:a5:be:e8:e1:4c:
                    0f:ee:03:1b:7b:d0:9b:f0:d2:20:8f:b4:5f:61:14:
                    96:5c:93:28:77:b9:a5:6c:12:93:09:21:f1:c4:2b:
                    6d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:51:79:6F:6A:65:48:64:CF:58:2B:C7:31:EF:45:6C:26:29:3E:C8
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/X1F5b2plSGTPWCvHMe9FbCYpPsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:79:a5:89:68:c9:3f:6b:fb:cb:dd:81:70:52:b1:4c:eb:08:
         fa:68:28:19:5c:06:11:0b:cb:80:dd:8f:8e:cf:e0:5b:0b:6b:
         04:8c:61:6e:c9:ff:72:69:94:c2:8a:2c:12:f7:00:33:5c:56:
         92:b5:92:0e:4c:5a:45:67:25:d3:da:ad:8f:6e:3b:43:06:eb:
         1a:a5:38:f0:79:b2:74:2b:bc:41:d4:cf:9b:ee:8b:73:9b:18:
         bf:e4:9a:0f:2a:4d:41:2d:b7:79:b4:a4:cb:bb:6b:4f:f5:7c:
         6c:df:0e:6c:c7:df:fd:28:28:a8:d2:a9:18:06:b2:2c:03:5e:
         06:c5:dc:8f:b7:e9:96:de:6b:78:d3:94:7a:be:b2:a7:95:2f:
         68:7e:80:5c:3e:69:2f:6e:ff:a6:b8:84:90:2f:ee:67:3e:d0:
         66:07:23:be:e9:0c:b2:ec:7f:a3:8a:be:b8:be:be:60:77:13:
         c7:34:9e:af:c2:46:c8:79:4b:af:25:88:ae:f3:dd:00:e4:d3:
         75:6f:b0:99:80:3f:93:6b:21:fe:1b:50:61:81:71:5c:53:f9:
         f2:33:69:ae:5e:91:c3:7d:5b:d1:0d:28:a8:39:f8:64:55:3c:
         92:16:91:32:61:c2:09:e1:f4:18:37:75:83:f3:d5:41:32:b0:
         15:27:c6:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgpLEztGPmtR6LMSX/UCIGvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwNzIwMTg1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjUxNzk2ZjZhNjU0ODY0Y2Y1ODJiYzczMWVmNDU2YzI2MjkzZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9agc43RCeVzRvFNX8xO1CyLkEbi
UJKnnpDRDB4G3XDaxSm+2iDeJU2PU8i1bOmEonwJ4Pmia7uS0I+3AQvy+85zOb2m
2MyauxHhpfc06OkYdwE6h5NfKIqfCIV5bbemJEz++7vRC5Y+Cv8rGwC2+nx+9khk
BPkaTo2E1QaPK3guW0d2K8u/FPOGG4wjCyNj54FG1DfMUo4V56RF0HQ8c9zSvrE9
b9itoKHqlnGFWffH8K2D/Fqi/4Lpx58tQrhqo/pvZImV5Gz0Pl4WUPkIKx4ddw4u
oN3AAHrXpb7o4UwP7gMbe9Cb8NIgj7RfYRSWXJMod7mlbBKTCSHxxCttIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9ReW9qZUhkz1grxzHvRWwmKT7IMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvWDFGNWIycGxTR1RQV0N2SE1lOUZiQ1lwUHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPqvkMA0G
CSqGSIb3DQEBCwUAA4IBAQAxeaWJaMk/a/vL3YFwUrFM6wj6aCgZXAYRC8uA3Y+O
z+BbC2sEjGFuyf9yaZTCiiwS9wAzXFaStZIOTFpFZyXT2q2PbjtDBusapTjwebJ0
K7xB1M+b7otzmxi/5JoPKk1BLbd5tKTLu2tP9Xxs3w5sx9/9KCio0qkYBrIsA14G
xdyPt+mW3mt405R6vrKnlS9ofoBcPmkvbv+muISQL+5nPtBmByO+6Qyy7H+jir64
vr5gdxPHNJ6vwkbIeUuvJYiu890A5NN1b7CZgD+TayH+G1BhgXFcU/nyM2muXpHD
fVvRDSioOfhkVTySFpEyYcIJ4fQYN3WD89VBMrAVJ8YV
-----END CERTIFICATE-----