Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/G2jKMMcyjuCFNDatkymjSS0xx-Q.roa
File:                     G2jKMMcyjuCFNDatkymjSS0xx-Q.roa (raw, json)
Hash identifier:          0tUSy7tZ6ArjCyQtkQSr/VB7xUjV4jhIhCmLgX4PpGA=
Subject key identifier:   1B:68:CA:30:C7:32:8E:E0:85:34:36:AD:93:29:A3:49:2D:31:C7:E4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019EDFC7B81FB379ABA6965DFA8298665748
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/G2jKMMcyjuCFNDatkymjSS0xx-Q.roa
Signing time:             Fri 19 Jun 2026 12:07:48 +0000
ROA not before:           Fri 19 Jun 2026 12:07:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        62.76.226.0/24 maxlen: 24
                          212.192.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 08:42:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:df:c7:b8:1f:b3:79:ab:a6:96:5d:fa:82:98:66:57:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun 19 12:07:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1b68ca30c7328ee0853436ad9329a3492d31c7e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4e:49:22:04:f0:da:09:51:2a:cc:97:8c:e7:
                    aa:f9:05:11:54:7c:56:1f:61:84:c1:f2:dd:a6:3f:
                    cb:07:89:67:60:bf:45:f6:a4:be:2a:49:01:a9:d1:
                    5a:33:8e:45:fb:e7:06:d5:93:6a:0e:bf:f1:57:35:
                    16:d2:af:40:ca:a8:c1:6a:84:51:e3:e1:53:64:bd:
                    dc:98:a0:d0:6b:99:48:62:3f:dd:a3:89:89:72:90:
                    c7:46:4d:ae:9b:df:c8:6d:04:2c:2f:60:25:40:53:
                    9a:d5:08:4b:bc:c4:d9:85:50:7d:f1:fc:74:02:7f:
                    71:b4:12:54:05:2b:b3:b1:a1:fe:45:3f:11:ec:84:
                    60:f0:93:ee:8a:31:84:af:5f:90:ac:c3:ef:04:df:
                    cc:7e:7c:67:29:4f:c5:93:73:84:ea:c8:fb:aa:9c:
                    d0:31:59:34:05:8f:ff:2f:a4:df:35:e5:f1:b3:19:
                    85:5b:af:5b:a9:ee:9c:c5:34:d7:2b:0d:5a:0f:fd:
                    75:17:4d:fe:5f:c0:bb:9c:d0:1a:8c:aa:46:8f:f1:
                    62:54:46:6f:8f:9d:00:10:15:fa:68:69:bd:c0:75:
                    76:99:02:29:c8:ac:9f:26:f7:f7:38:e4:d3:e1:0e:
                    ce:47:b6:1f:1b:0d:1a:cd:b6:f9:4a:0b:78:b1:43:
                    eb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:68:CA:30:C7:32:8E:E0:85:34:36:AD:93:29:A3:49:2D:31:C7:E4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/G2jKMMcyjuCFNDatkymjSS0xx-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.226.0/24
                  212.192.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:80:73:a1:18:58:6a:08:e7:f2:ca:7d:48:36:8c:19:1a:3a:
         c1:be:63:a4:f7:6d:5d:8c:3f:fe:67:8d:02:d5:82:e7:8c:14:
         5b:70:e9:8f:a4:f4:f9:a7:6b:2a:e4:5a:88:e3:1e:a7:e3:fe:
         a8:34:5f:f6:4d:43:61:ea:a5:12:ec:1b:c8:a7:88:09:1e:74:
         69:c2:60:41:c2:8d:23:96:22:80:e2:4a:01:6a:e5:fc:2f:46:
         66:bc:f5:58:d9:e7:36:05:bd:c8:25:b3:e4:08:7f:bd:2e:a0:
         5f:49:a1:85:57:97:ac:bf:ac:91:02:8f:2c:17:eb:62:6c:55:
         95:93:d8:e7:1f:44:c1:24:01:ab:7a:81:c5:5e:83:ea:be:55:
         6c:08:b3:3f:14:55:aa:92:89:0c:10:f0:cb:81:d1:c1:dc:a1:
         b4:7b:01:a1:24:d9:09:89:f5:6b:73:40:27:5e:ee:ab:4f:cc:
         44:a5:e2:77:27:b3:dc:8b:64:bd:02:71:49:26:d2:04:37:45:
         13:a4:50:60:88:17:ba:1c:e2:d2:81:15:51:70:cd:55:c7:0c:
         6d:d7:f2:cf:43:0e:19:75:bf:87:72:dc:f8:e3:95:01:b6:c8:
         e1:af:dc:30:b2:13:42:0b:8b:1b:68:06:06:76:8c:ff:69:cb:
         81:84:a8:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7fx7gfs3mrppZd+oKYZldIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNjE5MTIwNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjY4Y2EzMGM3MzI4ZWUwODUzNDM2YWQ5MzI5YTM0OTJkMzFjN2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU5JIgTw2glRKsyXjOeq+QURVHxW
H2GEwfLdpj/LB4lnYL9F9qS+KkkBqdFaM45F++cG1ZNqDr/xVzUW0q9AyqjBaoRR
4+FTZL3cmKDQa5lIYj/do4mJcpDHRk2um9/IbQQsL2AlQFOa1QhLvMTZhVB98fx0
An9xtBJUBSuzsaH+RT8R7IRg8JPuijGEr1+QrMPvBN/MfnxnKU/Fk3OE6sj7qpzQ
MVk0BY//L6TfNeXxsxmFW69bqe6cxTTXKw1aD/11F03+X8C7nNAajKpGj/FiVEZv
j50AEBX6aGm9wHV2mQIpyKyfJvf3OOTT4Q7OR7YfGw0azbb5Sgt4sUPr2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBtoyjDHMo7ghTQ2rZMpo0ktMcfkMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRzJqS01NY3lqdUNGTkRhdGt5bWpTUzB4eC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkziAwQA
1MD7MA0GCSqGSIb3DQEBCwUAA4IBAQACgHOhGFhqCOfyyn1INowZGjrBvmOk921d
jD/+Z40C1YLnjBRbcOmPpPT5p2sq5FqI4x6n4/6oNF/2TUNh6qUS7BvIp4gJHnRp
wmBBwo0jliKA4koBauX8L0ZmvPVY2ec2Bb3IJbPkCH+9LqBfSaGFV5esv6yRAo8s
F+tibFWVk9jnH0TBJAGreoHFXoPqvlVsCLM/FFWqkokMEPDLgdHB3KG0ewGhJNkJ
ifVrc0AnXu6rT8xEpeJ3J7Pci2S9AnFJJtIEN0UTpFBgiBe6HOLSgRVRcM1Vxwxt
1/LPQw4Zdb+Hctz445UBtsjhr9wwshNCC4sbaAYGdoz/acuBhKhS
-----END CERTIFICATE-----