Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/68Iom2-fi9S6h1NWlZpS_n8y6T8.roa
File:                     68Iom2-fi9S6h1NWlZpS_n8y6T8.roa (raw, json)
Hash identifier:          agXUrIWlPMTsJaUbPVQ52/5iuW9aZC13K3sGo4mOZxo=
Subject key identifier:   EB:C2:28:9B:6F:9F:8B:D4:BA:87:53:56:95:9A:52:FE:7F:32:E9:3F
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01968CFA38BF3C9DEBAC3E57D8A0239BBB37
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/68Iom2-fi9S6h1NWlZpS_n8y6T8.roa
Signing time:             Thu 01 May 2025 17:52:10 +0000
ROA not before:           Thu 01 May 2025 17:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        62.76.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8c:fa:38:bf:3c:9d:eb:ac:3e:57:d8:a0:23:9b:bb:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May  1 17:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebc2289b6f9f8bd4ba875356959a52fe7f32e93f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d5:6b:37:ab:8c:f1:e2:44:fb:d2:f2:19:73:
                    63:e7:16:11:41:cf:fe:04:8f:51:ef:40:4d:e1:0b:
                    9f:04:b7:c5:90:0d:ca:f0:89:4b:1a:e0:3c:5c:7c:
                    05:95:50:bb:65:cd:6c:c2:0a:b5:9d:54:c0:07:2c:
                    c3:65:fa:a9:e4:9d:08:de:24:52:ab:0a:e8:bb:df:
                    0c:66:92:1b:b9:d2:c4:00:01:b3:0e:d2:d6:cc:db:
                    7c:bd:b2:e2:3a:43:fa:1b:06:0f:47:b2:e8:f5:a3:
                    fa:48:8c:e4:d5:30:3a:56:7b:39:09:32:ea:c2:96:
                    c1:e6:86:68:4f:22:e3:19:18:a0:89:50:00:bc:52:
                    e9:f6:64:c1:b4:2c:b3:16:de:b2:d2:db:72:f5:3d:
                    d6:e2:ed:c3:9e:a7:c0:fd:74:da:08:58:04:79:f2:
                    f7:a6:8d:11:76:17:43:15:a0:d8:ec:e4:ee:53:2d:
                    36:9d:29:c8:ee:58:c2:08:e0:ef:b6:32:8c:52:cc:
                    e9:78:04:a9:00:86:6c:e6:28:45:05:41:fa:67:d2:
                    20:e4:9f:cc:ae:e8:f5:b1:e9:2b:48:90:b0:56:47:
                    c5:31:a4:00:c7:a9:af:23:7c:b2:02:c5:02:0d:38:
                    c1:b8:4b:0f:e6:2f:fb:5c:5a:9b:91:dd:a8:43:e0:
                    74:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C2:28:9B:6F:9F:8B:D4:BA:87:53:56:95:9A:52:FE:7F:32:E9:3F
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/68Iom2-fi9S6h1NWlZpS_n8y6T8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:55:79:f2:8a:3a:03:42:bd:e6:aa:99:ab:30:e9:e8:0f:80:
         a5:00:bb:32:82:a3:a1:1b:6d:37:8a:33:60:f4:cd:5b:f7:f8:
         73:12:45:12:b1:42:79:ae:5b:47:84:6c:ba:73:96:e4:e8:af:
         13:a5:ca:f2:9d:3d:6c:ce:f8:b5:b1:68:5c:d7:8b:f6:f2:d0:
         b2:80:4a:fb:da:8c:1d:b6:2c:80:e4:3c:ef:95:87:29:97:4d:
         6b:08:a7:4f:6f:b4:79:8b:e9:d5:59:f1:a4:52:6c:5e:11:f3:
         6e:e9:bc:08:a8:e9:13:7c:52:06:4d:69:7a:ec:ee:b7:6e:62:
         68:9e:93:81:e9:71:68:5d:08:8f:8c:49:a0:8c:67:ae:23:5f:
         e9:00:2d:a9:2f:2c:c9:69:21:23:d1:31:36:02:8c:59:71:9b:
         50:8d:61:89:8f:e5:4d:3e:96:46:aa:fc:b3:d2:07:38:8f:67:
         0f:1d:87:a3:f6:2d:ea:39:21:27:ac:e9:2b:55:58:b6:0a:a2:
         4b:68:ab:13:a4:a9:ee:19:72:06:bd:3e:2b:39:dd:90:a3:d5:
         98:11:77:6b:7b:f0:95:65:d1:34:8d:00:5b:51:d7:41:ad:73:
         9c:ee:bf:e3:25:8d:8f:a9:67:d6:21:c8:a7:5f:db:e0:e7:50:
         bd:c4:af:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaM+ji/PJ3rrD5X2KAjm7s3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNTAxMTc1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmMyMjg5YjZmOWY4YmQ0YmE4NzUzNTY5NTlhNTJmZTdmMzJlOTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9VrN6uM8eJE+9LyGXNj5xYRQc/+
BI9R70BN4QufBLfFkA3K8IlLGuA8XHwFlVC7Zc1swgq1nVTAByzDZfqp5J0I3iRS
qwrou98MZpIbudLEAAGzDtLWzNt8vbLiOkP6GwYPR7Lo9aP6SIzk1TA6Vns5CTLq
wpbB5oZoTyLjGRigiVAAvFLp9mTBtCyzFt6y0tty9T3W4u3DnqfA/XTaCFgEefL3
po0RdhdDFaDY7OTuUy02nSnI7ljCCODvtjKMUszpeASpAIZs5ihFBUH6Z9Ig5J/M
ruj1sekrSJCwVkfFMaQAx6mvI3yyAsUCDTjBuEsP5i/7XFqbkd2oQ+B0sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvCKJtvn4vUuodTVpWaUv5/Muk/MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNjhJb20yLWZpOVM2aDFOV2xacFNfbjh5NlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkzlMA0G
CSqGSIb3DQEBCwUAA4IBAQCLVXnyijoDQr3mqpmrMOnoD4ClALsygqOhG203ijNg
9M1b9/hzEkUSsUJ5rltHhGy6c5bk6K8TpcrynT1szvi1sWhc14v28tCygEr72owd
tiyA5DzvlYcpl01rCKdPb7R5i+nVWfGkUmxeEfNu6bwIqOkTfFIGTWl67O63bmJo
npOB6XFoXQiPjEmgjGeuI1/pAC2pLyzJaSEj0TE2AoxZcZtQjWGJj+VNPpZGqvyz
0gc4j2cPHYej9i3qOSEnrOkrVVi2CqJLaKsTpKnuGXIGvT4rOd2Qo9WYEXdre/CV
ZdE0jQBbUddBrXOc7r/jJY2PqWfWIcinX9vg51C9xK/c
-----END CERTIFICATE-----