Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nAnNf3Yg7W2A9einQEP0uWs__mI.roa
File:                     nAnNf3Yg7W2A9einQEP0uWs__mI.roa (raw, json)
Hash identifier:          TbpyGVFrvsr5+KS1Dx4Yq6zu/5NyPmBRVUvquMSxAJU=
Subject key identifier:   9C:09:CD:7F:76:20:ED:6D:80:F5:E8:A7:40:43:F4:B9:6B:3F:FE:62
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019DB9AFEC2D1CAC29A3B032F2DF0585A454
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nAnNf3Yg7W2A9einQEP0uWs__mI.roa
Signing time:             Thu 23 Apr 2026 09:33:27 +0000
ROA not before:           Thu 23 Apr 2026 09:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47585
IP address blocks:        62.76.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:af:ec:2d:1c:ac:29:a3:b0:32:f2:df:05:85:a4:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 23 09:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c09cd7f7620ed6d80f5e8a74043f4b96b3ffe62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:23:f0:c4:7f:e5:7e:8e:89:bf:f7:f3:67:8d:
                    02:53:c4:77:29:ad:f7:2c:1a:2b:37:d1:73:73:d6:
                    a7:6d:a6:37:71:b8:38:39:13:f8:f6:98:b2:03:80:
                    80:ff:bd:c3:94:0b:fa:a7:95:0c:33:3d:7b:61:4d:
                    10:52:89:22:18:d4:25:b0:50:c1:61:9d:10:7a:0d:
                    53:a6:b6:0c:39:73:35:34:89:7b:6b:66:c5:4c:cd:
                    60:6d:c9:26:c4:4b:0e:d3:29:65:84:37:85:7e:37:
                    5a:8e:ad:cd:35:ff:cd:59:c7:20:91:8a:b3:8d:dc:
                    93:5b:70:f6:65:40:53:af:e2:e4:c1:c3:b4:31:45:
                    d8:62:cc:1b:16:0c:15:f6:d0:67:6f:2d:e7:78:e0:
                    ac:bc:f8:29:75:36:95:6b:24:fc:5f:cb:cb:be:41:
                    39:15:95:56:6e:00:1b:f0:5f:1e:a1:91:2d:ab:aa:
                    da:ec:5a:77:8e:2d:bf:57:03:16:1c:83:3b:ba:d9:
                    d3:5e:2e:29:9e:d8:20:91:d1:d2:3c:8b:6c:f8:83:
                    72:d5:6a:84:d3:7a:c7:39:97:c7:46:90:fe:93:16:
                    6b:56:12:55:20:66:78:66:ec:cc:c7:63:db:75:c5:
                    c9:75:f8:c7:65:47:29:f2:64:e2:7c:ab:59:e1:66:
                    a5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:09:CD:7F:76:20:ED:6D:80:F5:E8:A7:40:43:F4:B9:6B:3F:FE:62
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nAnNf3Yg7W2A9einQEP0uWs__mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:4c:74:01:0f:8c:4d:50:9f:4c:0e:89:f6:7b:05:17:3e:fb:
         19:63:8d:a3:34:27:15:95:ce:5b:09:e3:9a:4c:e7:a4:7c:f7:
         dd:94:7a:81:13:15:40:c6:df:2a:69:94:b7:94:58:b2:61:0e:
         0e:ae:7d:10:41:d1:3d:1f:44:16:49:ed:68:40:87:65:92:8e:
         f9:8a:c5:9c:b5:66:8e:18:23:38:1a:fe:7a:37:5e:53:0f:51:
         2e:3e:a1:6f:49:cb:a9:87:0e:2e:d7:0b:3a:f3:ab:cf:3b:c3:
         1e:7e:42:be:a0:10:64:d7:e8:4e:6f:2c:52:fc:45:cc:80:6a:
         2c:d1:72:36:d7:0a:16:ad:20:71:db:92:45:1b:72:d7:0c:1e:
         87:88:91:4f:94:af:5f:2c:db:b1:9f:7e:db:eb:7e:5f:ba:ac:
         dd:38:93:13:58:87:d8:69:db:19:76:6a:54:ed:d0:39:1b:bc:
         74:7e:bc:9d:15:e4:df:05:52:f8:25:2a:dd:eb:71:e1:1f:6c:
         80:cb:5f:2a:16:04:54:99:a4:e6:e4:ed:5f:92:8c:9c:f8:4f:
         ba:88:a7:08:95:e3:82:90:7f:8c:a8:8a:dd:c7:97:09:3e:0e:
         77:9a:36:a4:ed:38:f9:a9:e7:b4:b5:1d:fd:6a:cb:bb:7e:97:
         86:08:43:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ25r+wtHKwpo7Ay8t8FhaRUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNDIzMDkzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzA5Y2Q3Zjc2MjBlZDZkODBmNWU4YTc0MDQzZjRiOTZiM2ZmZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+CPwxH/lfo6Jv/fzZ40CU8R3Ka33
LBorN9Fzc9anbaY3cbg4ORP49piyA4CA/73DlAv6p5UMMz17YU0QUokiGNQlsFDB
YZ0Qeg1TprYMOXM1NIl7a2bFTM1gbckmxEsO0yllhDeFfjdajq3NNf/NWccgkYqz
jdyTW3D2ZUBTr+LkwcO0MUXYYswbFgwV9tBnby3neOCsvPgpdTaVayT8X8vLvkE5
FZVWbgAb8F8eoZEtq6ra7Fp3ji2/VwMWHIM7utnTXi4pntggkdHSPIts+INy1WqE
03rHOZfHRpD+kxZrVhJVIGZ4ZuzMx2PbdcXJdfjHZUcp8mTifKtZ4WalqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwJzX92IO1tgPXop0BD9LlrP/5iMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbkFuTmYzWWc3VzJBOWVpblFFUDB1V3NfX21JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkzmMA0G
CSqGSIb3DQEBCwUAA4IBAQBBTHQBD4xNUJ9MDon2ewUXPvsZY42jNCcVlc5bCeOa
TOekfPfdlHqBExVAxt8qaZS3lFiyYQ4Orn0QQdE9H0QWSe1oQIdlko75isWctWaO
GCM4Gv56N15TD1EuPqFvScuphw4u1ws686vPO8MefkK+oBBk1+hObyxS/EXMgGos
0XI21woWrSBx25JFG3LXDB6HiJFPlK9fLNuxn37b635fuqzdOJMTWIfYadsZdmpU
7dA5G7x0frydFeTfBVL4JSrd63HhH2yAy18qFgRUmaTm5O1fkoyc+E+6iKcIleOC
kH+MqIrdx5cJPg53mjak7Tj5qee0tR39asu7fpeGCEN1
-----END CERTIFICATE-----