Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aGLywy_S7XfnW54MRkxLX7W5FXM.roa
File:                     aGLywy_S7XfnW54MRkxLX7W5FXM.roa (raw, json)
Hash identifier:          ZFZRDWQ6zln7eZ+CohXLzXs1chXLnZGpda3hqVrfYtA=
Subject key identifier:   68:62:F2:C3:2F:D2:ED:77:E7:5B:9E:0C:46:4C:4B:5F:B5:B9:15:73
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019E2AC99F54CBF3A38680259A8E51E0F988
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aGLywy_S7XfnW54MRkxLX7W5FXM.roa
Signing time:             Fri 15 May 2026 08:38:37 +0000
ROA not before:           Fri 15 May 2026 08:38:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62207
IP address blocks:        212.52.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2a:c9:9f:54:cb:f3:a3:86:80:25:9a:8e:51:e0:f9:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 15 08:38:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6862f2c32fd2ed77e75b9e0c464c4b5fb5b91573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:a7:48:08:30:12:a1:94:41:48:a6:30:94:6a:
                    c0:98:e0:63:e7:01:68:b3:87:a9:fb:22:88:f2:c7:
                    f7:3b:25:06:2b:8f:d5:8a:8f:ab:04:da:4d:8f:2a:
                    0f:14:69:bb:39:a7:09:6c:3c:43:af:82:94:00:c7:
                    64:48:e7:39:91:79:c9:6b:74:cc:8a:49:ad:57:2f:
                    a1:92:10:fd:83:e4:db:c1:2f:0d:b5:fc:50:2d:af:
                    f0:0f:c4:a6:25:2b:03:77:15:9e:5a:b1:6b:44:29:
                    59:de:bc:28:32:f3:0e:8c:1a:36:47:3e:65:61:0b:
                    73:c4:2b:27:b6:66:6b:b3:f7:73:51:a2:51:e0:bf:
                    ec:d2:f5:bf:94:05:0e:1f:9a:6f:67:db:8c:84:94:
                    44:b4:61:2c:83:9f:26:4c:88:35:ab:a5:ac:a7:ae:
                    06:b0:45:84:40:6a:2d:2e:bf:8d:5b:96:9b:0b:79:
                    c2:63:94:70:fa:c9:82:ef:56:53:6d:e5:8c:db:28:
                    1e:96:a6:49:06:c2:92:c0:32:9b:c8:0a:57:26:5b:
                    be:76:ec:d8:d2:ad:8f:4c:7f:7f:59:53:de:39:23:
                    6a:74:48:61:f0:e6:ef:7c:ab:42:e3:35:c0:41:43:
                    7e:c0:af:f9:15:82:11:1e:e6:2f:9e:f3:4c:77:7f:
                    10:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:62:F2:C3:2F:D2:ED:77:E7:5B:9E:0C:46:4C:4B:5F:B5:B9:15:73
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aGLywy_S7XfnW54MRkxLX7W5FXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.52.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:33:1b:d7:b0:cf:87:58:98:35:2c:1d:57:f5:23:14:56:64:
         d2:2d:d3:68:ed:08:94:a1:bc:50:16:c5:a6:21:ab:00:e7:f7:
         d3:0f:a7:c6:9d:26:b5:4a:06:57:93:79:d7:0d:b9:3e:1a:b4:
         92:93:30:69:4a:72:a7:33:f0:18:c8:a0:73:ff:78:b6:15:f9:
         39:2d:24:07:3d:f9:2e:b2:a9:3c:a8:40:86:21:e4:0d:ab:e2:
         4a:ce:4c:62:04:34:50:00:3c:74:83:70:ca:56:e3:5e:ed:a8:
         3d:36:26:b0:86:1a:6b:21:2d:6c:a9:f7:7d:eb:5b:6c:76:1f:
         a9:53:02:2d:7c:cb:dc:44:60:da:c6:e4:78:4f:ad:9c:bf:54:
         73:3c:28:f2:e2:c7:04:72:d5:b5:33:c1:64:2b:ce:aa:32:fe:
         82:04:cb:17:6f:20:db:eb:00:b6:22:84:4f:97:6f:93:06:1c:
         f0:3f:2c:c1:40:99:a2:4b:f4:35:9b:6b:c1:7e:a9:37:05:54:
         f5:82:1c:1c:7f:ac:c0:0f:72:b3:30:05:9e:f1:3f:01:dd:04:
         4f:4a:12:c3:d7:b5:ef:e5:7d:de:ab:28:cb:44:b3:04:aa:db:
         a2:96:6c:52:c6:eb:d9:dd:fc:88:9d:43:3c:61:af:3a:04:47:
         ee:99:b3:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4qyZ9Uy/OjhoAlmo5R4PmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNTE1MDgzODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODYyZjJjMzJmZDJlZDc3ZTc1YjllMGM0NjRjNGI1ZmI1YjkxNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhadICDASoZRBSKYwlGrAmOBj5wFo
s4ep+yKI8sf3OyUGK4/Vio+rBNpNjyoPFGm7OacJbDxDr4KUAMdkSOc5kXnJa3TM
ikmtVy+hkhD9g+TbwS8NtfxQLa/wD8SmJSsDdxWeWrFrRClZ3rwoMvMOjBo2Rz5l
YQtzxCsntmZrs/dzUaJR4L/s0vW/lAUOH5pvZ9uMhJREtGEsg58mTIg1q6Wsp64G
sEWEQGotLr+NW5abC3nCY5Rw+smC71ZTbeWM2ygelqZJBsKSwDKbyApXJlu+duzY
0q2PTH9/WVPeOSNqdEhh8ObvfKtC4zXAQUN+wK/5FYIRHuYvnvNMd38QKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhi8sMv0u1351ueDEZMS1+1uRVzMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYUdMeXd5X1M3WGZuVzU0TVJreExYN1c1RlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DQHMA0G
CSqGSIb3DQEBCwUAA4IBAQAUMxvXsM+HWJg1LB1X9SMUVmTSLdNo7QiUobxQFsWm
IasA5/fTD6fGnSa1SgZXk3nXDbk+GrSSkzBpSnKnM/AYyKBz/3i2Ffk5LSQHPfku
sqk8qECGIeQNq+JKzkxiBDRQADx0g3DKVuNe7ag9NiawhhprIS1sqfd961tsdh+p
UwItfMvcRGDaxuR4T62cv1RzPCjy4scEctW1M8FkK86qMv6CBMsXbyDb6wC2IoRP
l2+TBhzwPyzBQJmiS/Q1m2vBfqk3BVT1ghwcf6zAD3KzMAWe8T8B3QRPShLD17Xv
5X3eqyjLRLMEqtuilmxSxuvZ3fyInUM8Ya86BEfumbPe
-----END CERTIFICATE-----