Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62068.roa
File:                     AS62068.roa (raw, json)
Hash identifier:          WN7rinqdguUyPDklBJmbfLdB2hX6K6v93cPnY4WA7m8=
Subject key identifier:   C0:24:87:20:FB:FA:00:DC:B5:32:77:80:58:8A:DB:0C:DE:12:18:2A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1940CCEC5C5DF04E97881CAE8B1B0C824A851315
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62068.roa
Signing time:             Mon 04 May 2026 17:31:24 +0000
ROA not before:           Mon 04 May 2026 17:26:24 +0000
ROA not after:            Mon 03 May 2027 17:31:24 +0000
asID:                     62068
IP address blocks:        89.19.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:40:cc:ec:5c:5d:f0:4e:97:88:1c:ae:8b:1b:0c:82:4a:85:13:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  4 17:26:24 2026 GMT
            Not After : May  3 17:31:24 2027 GMT
        Subject: CN=C0248720FBFA00DCB5327780588ADB0CDE12182A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:89:3f:be:84:0f:26:63:8a:47:b6:96:c8:bf:
                    c8:29:51:e8:62:7c:a3:5e:f8:45:c3:0d:fd:8c:1d:
                    70:f0:85:c2:10:d9:2c:1a:3a:f6:b4:d4:c2:f3:4d:
                    bf:49:f7:e5:ec:84:2c:a3:33:20:ec:65:8c:31:94:
                    3a:fe:6e:4f:ed:b1:1d:97:ed:9b:a1:81:18:ed:05:
                    31:87:3d:3a:00:b1:63:09:35:75:95:f7:2d:05:a8:
                    84:4b:e3:79:6b:4b:cf:83:81:dc:a3:b1:f7:52:a2:
                    83:a3:33:af:1f:e3:7f:27:e7:5f:af:37:f7:0c:29:
                    4f:b8:91:f7:b7:b2:b6:eb:e9:5b:97:22:02:85:08:
                    07:ab:a0:28:71:e5:fd:07:c4:ee:bb:35:18:13:fa:
                    bd:6c:cb:fe:04:46:b9:4d:99:cd:98:32:e6:59:ee:
                    fc:7f:49:07:ff:b5:a1:f7:7e:11:c7:27:a7:ab:33:
                    95:ec:47:a0:fe:fd:5f:38:3c:77:0b:24:26:1c:df:
                    23:f3:a8:1b:ee:be:23:91:e9:47:bd:8d:ae:2e:6a:
                    1b:78:03:cc:fd:43:e2:ea:69:e5:d5:b2:2f:1a:b1:
                    ce:54:0c:ef:ae:c3:fd:c1:f4:91:bd:13:72:e8:15:
                    40:9b:a4:f9:db:74:3b:9d:5c:20:43:2f:e0:9b:cf:
                    84:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:24:87:20:FB:FA:00:DC:B5:32:77:80:58:8A:DB:0C:DE:12:18:2A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62068.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:87:d4:5c:2f:c4:01:b9:a4:98:f0:42:42:cb:19:8c:96:a2:
         2a:4e:6d:40:a9:fd:c5:d3:83:c3:a4:92:6b:76:57:92:f0:c1:
         55:ee:ef:77:a1:d1:d7:7d:3c:ef:1d:3f:b7:6d:85:ec:c9:4c:
         57:f8:eb:ed:55:c8:47:41:71:0f:7a:af:b2:71:a9:aa:4e:28:
         19:77:2d:0f:ed:c2:51:bf:dc:1c:2a:e2:b0:e3:ef:1d:6c:79:
         75:ae:15:99:4e:3d:0a:8d:aa:70:09:ad:b7:1e:b9:8c:b0:eb:
         83:ba:52:c6:ef:ab:40:af:87:02:0b:3c:9e:3f:4a:37:60:b6:
         f8:61:1e:9d:3b:34:5d:ce:5d:81:e5:22:30:3d:60:a3:15:af:
         74:b3:98:37:c5:5c:aa:6e:ea:f6:1c:67:cc:3a:9b:4e:42:f7:
         ba:f6:13:d9:5d:af:61:b2:44:a3:16:d9:fd:8a:1c:07:1b:03:
         94:33:09:5c:ac:5b:c9:ea:f7:d3:38:fe:b7:29:11:da:80:17:
         a2:9d:db:ae:04:ba:3e:2f:8e:0a:87:b5:fd:da:15:c9:90:52:
         ca:c6:34:21:09:58:d9:61:f9:fa:4d:9d:19:6a:b7:01:d3:20:
         e4:62:e3:53:95:09:62:e2:a6:d0:4d:14:16:9c:c0:82:47:11:
         4e:24:6f:8f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGUDM7Fxd8E6XiByuixsMgkqFExUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDQxNzI2MjRaFw0yNzA1MDMxNzMxMjRaMDMxMTAvBgNV
BAMTKEMwMjQ4NzIwRkJGQTAwRENCNTMyNzc4MDU4OEFEQjBDREUxMjE4MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/iT++hA8mY4pHtpbIv8gpUehi
fKNe+EXDDf2MHXDwhcIQ2SwaOva01MLzTb9J9+XshCyjMyDsZYwxlDr+bk/tsR2X
7ZuhgRjtBTGHPToAsWMJNXWV9y0FqIRL43lrS8+DgdyjsfdSooOjM68f438n51+v
N/cMKU+4kfe3srbr6VuXIgKFCAeroChx5f0HxO67NRgT+r1sy/4ERrlNmc2YMuZZ
7vx/SQf/taH3fhHHJ6erM5XsR6D+/V84PHcLJCYc3yPzqBvuviOR6Ue9ja4uaht4
A8z9Q+LqaeXVsi8asc5UDO+uw/3B9JG9E3LoFUCbpPnbdDudXCBDL+Cbz4TLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUwCSHIPv6ANy1MneAWIrbDN4SGCowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjIwNjgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZEy4w
DQYJKoZIhvcNAQELBQADggEBAJ+H1FwvxAG5pJjwQkLLGYyWoipObUCp/cXTg8Ok
kmt2V5LwwVXu73eh0dd9PO8dP7dthezJTFf46+1VyEdBcQ96r7JxqapOKBl3LQ/t
wlG/3Bwq4rDj7x1seXWuFZlOPQqNqnAJrbceuYyw64O6Usbvq0CvhwILPJ4/Sjdg
tvhhHp07NF3OXYHlIjA9YKMVr3SzmDfFXKpu6vYcZ8w6m05C97r2E9ldr2GyRKMW
2f2KHAcbA5QzCVysW8nq99M4/rcpEdqAF6Kd264Euj4vjgqHtf3aFcmQUsrGNCEJ
WNlh+fpNnRlqtwHTIORi41OVCWLiptBNFBacwIJHEU4kb48=
-----END CERTIFICATE-----