Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/52gTPJdQN2IyRsgf9iKgbNid4cI.roa
File:                     52gTPJdQN2IyRsgf9iKgbNid4cI.roa (raw, json)
Hash identifier:          5lE63bjKcJ3503lnep/t29RA6BQhkuc041jpBZfJLfo=
Subject key identifier:   E7:68:13:3C:97:50:37:62:32:46:C8:1F:F6:22:A0:6C:D8:9D:E1:C2
Certificate issuer:       /CN=3c8a0498ec3b4eb44f4df2541ae39180abb65f44
Certificate serial:       019DB6753050C99E4D420F80CCE5F56702EB
Authority key identifier: 3C:8A:04:98:EC:3B:4E:B4:4F:4D:F2:54:1A:E3:91:80:AB:B6:5F:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PIoEmOw7TrRPTfJUGuORgKu2X0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/52gTPJdQN2IyRsgf9iKgbNid4cI.roa
Signing time:             Wed 22 Apr 2026 18:30:26 +0000
ROA not before:           Wed 22 Apr 2026 18:30:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42337
IP address blocks:        92.42.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/PIoEmOw7TrRPTfJUGuORgKu2X0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/PIoEmOw7TrRPTfJUGuORgKu2X0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PIoEmOw7TrRPTfJUGuORgKu2X0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 14:27:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:75:30:50:c9:9e:4d:42:0f:80:cc:e5:f5:67:02:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c8a0498ec3b4eb44f4df2541ae39180abb65f44
        Validity
            Not Before: Apr 22 18:30:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e768133c975037623246c81ff622a06cd89de1c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:94:55:9f:14:2b:0f:d4:66:46:e2:bc:11:85:
                    b8:d2:5c:d3:f9:1c:74:c6:19:34:f3:dd:14:01:e1:
                    6e:0a:0c:00:54:43:bb:7a:aa:f8:85:ec:eb:fe:79:
                    d0:d1:12:40:ce:8c:a6:85:9d:53:5e:7c:61:44:a6:
                    37:2a:96:7d:a5:7c:ca:4f:fb:f2:64:c8:af:ec:8b:
                    e7:37:cf:40:6a:b5:fa:af:dc:1c:94:7d:3d:b2:d9:
                    e4:b1:4f:9b:4e:aa:66:2d:72:68:d7:31:be:12:b7:
                    39:dc:c9:ce:91:38:51:81:5a:fc:cf:28:9c:27:f0:
                    c9:69:08:ac:ed:41:69:c5:c8:61:47:97:c8:6e:c8:
                    53:33:4d:9f:f3:1a:2b:f1:3c:3d:03:bb:2e:63:f0:
                    26:b5:db:b2:c6:d7:a1:37:86:c8:d2:c4:99:20:1c:
                    0b:c3:4a:3e:bb:6b:ff:b8:35:bd:ef:c3:70:18:d8:
                    d5:fd:4b:57:f8:d2:45:33:fb:02:dc:44:88:37:f9:
                    57:96:95:03:d0:44:47:5d:12:f2:1b:3e:81:32:8c:
                    6f:da:f4:66:b5:7a:aa:d4:82:a3:b8:d3:52:ef:de:
                    44:3a:12:01:0c:3f:87:f7:cb:6b:5e:74:38:cf:c3:
                    23:c9:0c:1c:43:24:d1:51:ea:b8:ec:d7:47:66:67:
                    ae:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:68:13:3C:97:50:37:62:32:46:C8:1F:F6:22:A0:6C:D8:9D:E1:C2
            X509v3 Authority Key Identifier:
                keyid:3C:8A:04:98:EC:3B:4E:B4:4F:4D:F2:54:1A:E3:91:80:AB:B6:5F:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PIoEmOw7TrRPTfJUGuORgKu2X0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/52gTPJdQN2IyRsgf9iKgbNid4cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/PIoEmOw7TrRPTfJUGuORgKu2X0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:30:96:b7:54:dd:fd:9f:26:af:19:9d:ec:93:e3:1c:7c:6f:
         98:3b:1c:60:d0:bd:34:42:2a:f9:a2:91:2c:95:ed:5a:9d:fd:
         29:5f:b8:ef:e3:cb:52:da:59:a3:e4:df:74:5d:cc:e0:9b:8a:
         0b:8c:34:4a:88:b2:17:0e:a3:63:74:63:5f:21:c7:81:b1:ca:
         88:e3:1b:4f:28:1b:db:5a:98:fb:5e:62:dc:ba:66:85:6e:b2:
         c8:89:9d:da:5e:7b:5a:1b:c5:0d:95:56:17:c4:be:ea:72:4b:
         d4:71:f8:a2:ec:a7:50:25:15:84:2f:34:42:0c:30:dc:a6:b8:
         71:16:68:1c:74:17:8c:c8:69:09:dd:2c:d1:85:86:a9:c7:f1:
         83:f4:b3:3e:b5:5c:b5:26:b7:b9:fd:df:65:57:21:05:5a:2e:
         d6:06:90:e0:14:59:7c:d2:0a:f1:0d:7b:86:b1:63:ef:75:88:
         d4:19:9f:3d:86:0d:67:96:86:7a:3b:31:93:2f:aa:e8:09:e2:
         f8:a2:a9:c7:cd:8a:f8:99:a7:9f:92:51:e2:39:c4:8f:9b:b8:
         26:ff:82:58:c2:fe:7f:02:d8:a2:66:0f:64:4d:e1:03:4c:d7:
         0c:9a:8d:1f:ab:05:e8:62:67:b2:5b:f2:ff:96:69:47:b7:ab:
         7e:d6:94:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ22dTBQyZ5NQg+AzOX1ZwLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjOGEwNDk4ZWMzYjRlYjQ0ZjRkZjI1NDFhZTM5MTgwYWJi
NjVmNDQwHhcNMjYwNDIyMTgzMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzY4MTMzYzk3NTAzNzYyMzI0NmM4MWZmNjIyYTA2Y2Q4OWRlMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZRVnxQrD9RmRuK8EYW40lzT+Rx0
xhk0890UAeFuCgwAVEO7eqr4hezr/nnQ0RJAzoymhZ1TXnxhRKY3KpZ9pXzKT/vy
ZMiv7IvnN89AarX6r9wclH09stnksU+bTqpmLXJo1zG+Erc53MnOkThRgVr8zyic
J/DJaQis7UFpxchhR5fIbshTM02f8xor8Tw9A7suY/AmtduyxtehN4bI0sSZIBwL
w0o+u2v/uDW978NwGNjV/UtX+NJFM/sC3ESIN/lXlpUD0ERHXRLyGz6BMoxv2vRm
tXqq1IKjuNNS795EOhIBDD+H98trXnQ4z8MjyQwcQyTRUeq47NdHZmeu/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdoEzyXUDdiMkbIH/YioGzYneHCMB8GA1UdIwQY
MBaAFDyKBJjsO060T03yVBrjkYCrtl9EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUElvRW1PdzdUclJQVGZKVUd1T1JnS3UyWDBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wMmY2M2UtNGVhMi00M2FjLWFiZDUt
MGRhYjIzMTI5MDJhLzEvNTJnVFBKZFFOMkl5UnNnZjlpS2diTmlkNGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wMmY2M2UtNGVhMi00M2FjLWFiZDUtMGRhYjIzMTI5MDJh
LzEvUElvRW1PdzdUclJQVGZKVUd1T1JnS3UyWDBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCrLMA0G
CSqGSIb3DQEBCwUAA4IBAQBeMJa3VN39nyavGZ3sk+McfG+YOxxg0L00Qir5opEs
le1anf0pX7jv48tS2lmj5N90Xczgm4oLjDRKiLIXDqNjdGNfIceBscqI4xtPKBvb
Wpj7XmLcumaFbrLIiZ3aXntaG8UNlVYXxL7qckvUcfii7KdQJRWELzRCDDDcprhx
FmgcdBeMyGkJ3SzRhYapx/GD9LM+tVy1Jre5/d9lVyEFWi7WBpDgFFl80grxDXuG
sWPvdYjUGZ89hg1nloZ6OzGTL6roCeL4oqnHzYr4maefklHiOcSPm7gm/4JYwv5/
AtiiZg9kTeEDTNcMmo0fqwXoYmeyW/L/lmlHt6t+1pT4
-----END CERTIFICATE-----