Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/hE4J7-nVjBP1I1amWriRZQbCRjQ.roa
File:                     hE4J7-nVjBP1I1amWriRZQbCRjQ.roa (raw, json)
Hash identifier:          t96fk3QnxrV27k+4LVx0l6UARkEoivZQZo9G+qQHzNc=
Subject key identifier:   84:4E:09:EF:E9:D5:8C:13:F5:23:56:A6:5A:B8:91:65:06:C2:46:34
Certificate issuer:       /CN=3a4945e46764029d2581d820c3373fa445855539
Certificate serial:       019754F12144C11B3A76206CE4C7A50F7213
Authority key identifier: 3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/hE4J7-nVjBP1I1amWriRZQbCRjQ.roa
Signing time:             Mon 09 Jun 2025 13:46:18 +0000
ROA not before:           Mon 09 Jun 2025 13:46:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398704
IP address blocks:        62.244.29.0/24 maxlen: 24
                          62.244.41.0/24 maxlen: 24
                          62.244.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 04:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:54:f1:21:44:c1:1b:3a:76:20:6c:e4:c7:a5:0f:72:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a4945e46764029d2581d820c3373fa445855539
        Validity
            Not Before: Jun  9 13:46:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=844e09efe9d58c13f52356a65ab8916506c24634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ad:a6:e3:87:6e:fd:3d:c1:fa:bb:1f:39:a0:
                    87:54:fa:05:a6:02:7b:cf:31:4c:bc:e3:9f:b7:91:
                    27:9c:be:d9:23:ab:20:fc:31:d4:73:74:ee:9a:4e:
                    76:d1:1d:3d:b7:6a:a0:a8:5b:ec:4e:73:1b:e7:2e:
                    3a:63:e8:c3:95:45:25:60:1a:ee:57:03:e0:ca:aa:
                    5e:e3:d0:d8:dc:8b:33:4f:88:01:7a:70:d0:ff:59:
                    5d:e9:69:b1:d0:0f:4b:31:d4:e4:d6:1c:ef:f7:03:
                    d2:a3:a2:04:8d:31:e5:af:f4:cc:fa:de:36:f9:87:
                    f8:80:57:d2:f5:d0:92:26:fe:09:48:a1:a1:af:99:
                    d5:65:7d:28:20:ed:4f:42:8f:d6:26:57:f6:a3:05:
                    0f:ee:07:af:e5:9a:fe:74:9e:38:d2:d7:65:93:9a:
                    2c:79:91:8b:59:57:2e:02:d6:d9:7d:e7:9c:ea:c0:
                    65:6d:c9:b5:37:38:90:45:d1:29:70:60:c2:30:aa:
                    b7:d4:03:26:ec:eb:c0:f0:03:0b:73:31:4e:e2:1e:
                    c5:c8:67:49:97:48:ca:a1:83:62:d6:90:2b:13:1b:
                    df:ce:92:84:bc:7e:63:06:0e:c5:ac:09:ad:95:13:
                    be:30:c9:83:db:d6:98:d2:6e:ab:01:b7:04:78:ac:
                    3c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:4E:09:EF:E9:D5:8C:13:F5:23:56:A6:5A:B8:91:65:06:C2:46:34
            X509v3 Authority Key Identifier:
                keyid:3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/hE4J7-nVjBP1I1amWriRZQbCRjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.29.0/24
                  62.244.41.0/24
                  62.244.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:89:ea:5e:fb:05:00:8f:f6:86:63:6a:c0:40:99:30:be:6f:
         31:4c:a0:e7:ec:ee:63:c1:15:1e:2c:9f:e2:76:ea:ed:71:67:
         f5:dd:53:dc:19:b6:18:62:a4:9d:a9:5c:fc:0b:f9:ad:07:9e:
         5b:ae:57:fd:20:55:b4:d0:24:de:50:3c:26:de:f2:33:4f:6b:
         02:bf:0f:60:19:31:08:f3:ba:06:ef:9e:8e:a4:29:86:9d:4d:
         30:ee:d0:b2:10:a1:ae:44:97:21:3f:bc:46:3c:54:ad:89:3d:
         8d:72:6b:b0:9e:a4:bd:cf:e6:c7:46:87:63:b3:a3:f5:54:48:
         bf:32:8f:bd:8f:e7:05:b9:35:19:df:e2:9c:d2:76:0d:14:67:
         d8:8a:03:ec:9f:a5:3a:77:5a:ee:fb:8a:00:68:e8:db:f0:1b:
         84:10:d8:d0:75:e2:94:a7:d3:27:32:fc:5a:b0:d1:96:c6:ac:
         5c:9c:a6:c6:3f:e9:ed:f8:fc:c3:f5:f2:35:1a:bb:94:26:78:
         21:27:f3:da:67:c8:80:ab:58:d4:0a:3a:51:63:f1:fa:68:84:
         f5:6d:77:9b:79:a9:4d:c6:84:8b:ce:a7:32:1e:5b:ab:5b:92:
         97:dd:31:cb:29:10:c1:b1:b9:57:9e:78:a3:02:0d:f7:ed:7e:
         c6:9e:a6:a9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdU8SFEwRs6diBs5MelD3ITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDk0NWU0Njc2NDAyOWQyNTgxZDgyMGMzMzczZmE0NDU4
NTU1MzkwHhcNMjUwNjA5MTM0NjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDRlMDllZmU5ZDU4YzEzZjUyMzU2YTY1YWI4OTE2NTA2YzI0NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk62m44du/T3B+rsfOaCHVPoFpgJ7
zzFMvOOft5EnnL7ZI6sg/DHUc3Tumk520R09t2qgqFvsTnMb5y46Y+jDlUUlYBru
VwPgyqpe49DY3IszT4gBenDQ/1ld6Wmx0A9LMdTk1hzv9wPSo6IEjTHlr/TM+t42
+Yf4gFfS9dCSJv4JSKGhr5nVZX0oIO1PQo/WJlf2owUP7gev5Zr+dJ440tdlk5os
eZGLWVcuAtbZfeec6sBlbcm1NziQRdEpcGDCMKq31AMm7OvA8AMLczFO4h7FyGdJ
l0jKoYNi1pArExvfzpKEvH5jBg7FrAmtlRO+MMmD29aY0m6rAbcEeKw8/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIROCe/p1YwT9SNWplq4kWUGwkY0MB8GA1UdIwQY
MBaAFDpJReRnZAKdJYHYIMM3P6RFhVU5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1Njgt
MzM2YWM5NDU2NDY0LzEvaEU0SjctblZqQlAxSTFhbVdyaVJaUWJDUmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1NjgtMzM2YWM5NDU2NDY0
LzEvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPvQdAwQA
PvQpAwQAPvQ4MA0GCSqGSIb3DQEBCwUAA4IBAQAoiepe+wUAj/aGY2rAQJkwvm8x
TKDn7O5jwRUeLJ/idurtcWf13VPcGbYYYqSdqVz8C/mtB55brlf9IFW00CTeUDwm
3vIzT2sCvw9gGTEI87oG756OpCmGnU0w7tCyEKGuRJchP7xGPFStiT2NcmuwnqS9
z+bHRodjs6P1VEi/Mo+9j+cFuTUZ3+Kc0nYNFGfYigPsn6U6d1ru+4oAaOjb8BuE
ENjQdeKUp9MnMvxasNGWxqxcnKbGP+nt+PzD9fI1GruUJnghJ/PaZ8iAq1jUCjpR
Y/H6aIT1bXebealNxoSLzqcyHlurW5KX3THLKRDBsblXnnijAg337X7Gnqap
-----END CERTIFICATE-----