Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/IkGPXVmP29ssGCb6MDH5bsx0lHc.roa
File:                     IkGPXVmP29ssGCb6MDH5bsx0lHc.roa (raw, json)
Hash identifier:          ERLBzYI7SI5L8J0I6ZsGskRAy2rvq6t2v7v1dgAGpmE=
Subject key identifier:   22:41:8F:5D:59:8F:DB:DB:2C:18:26:FA:30:31:F9:6E:CC:74:94:77
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EEE7D60A5C0FDA2B3BA1A8EFB4D23D9F3
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/IkGPXVmP29ssGCb6MDH5bsx0lHc.roa
Signing time:             Mon 22 Jun 2026 08:40:54 +0000
ROA not before:           Mon 22 Jun 2026 08:40:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     133639
IP address blocks:        62.41.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 23 Jun 2026 21:14:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ee:7d:60:a5:c0:fd:a2:b3:ba:1a:8e:fb:4d:23:d9:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 22 08:40:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22418f5d598fdbdb2c1826fa3031f96ecc749477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:88:5d:10:d1:39:00:08:7e:3b:3a:c4:fe:2f:
                    bd:8e:31:ca:28:b5:8f:1f:57:fb:31:e0:22:00:cb:
                    5a:38:af:b0:8d:8f:6f:46:96:5b:d9:c7:67:17:a2:
                    9a:c3:d9:0a:73:89:ed:6a:72:2e:7a:8f:ea:71:b0:
                    02:34:d7:26:dc:af:d0:61:a5:a7:93:f7:fa:cc:45:
                    ac:de:cf:59:0c:50:71:74:e7:dd:83:b8:69:e5:6c:
                    bd:f4:92:69:c0:9f:67:81:6c:02:22:6a:34:b1:09:
                    b0:58:c2:91:39:be:08:93:54:ae:13:d3:52:43:08:
                    70:f6:df:bc:3d:7c:7f:a9:ec:dd:c7:c2:48:88:a1:
                    87:02:5a:4b:bc:7a:da:f3:b2:6e:63:15:43:cd:f9:
                    fc:06:a6:30:7e:9d:16:4e:37:4f:ab:26:c5:ce:52:
                    af:40:a3:e5:a4:e2:c9:f2:08:95:3a:12:dd:5a:05:
                    d1:e0:69:97:7d:4e:51:f7:e1:19:b7:97:a5:04:aa:
                    da:f1:24:6c:1f:0c:8a:65:4e:39:9b:89:32:5c:99:
                    f2:00:92:7f:06:18:b5:72:6a:c2:44:38:50:3b:13:
                    46:2f:92:b0:7e:56:fe:5c:52:07:52:de:e8:ab:88:
                    03:c5:0e:1a:b5:b6:ea:2e:22:2c:1a:94:89:fa:cb:
                    fb:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:41:8F:5D:59:8F:DB:DB:2C:18:26:FA:30:31:F9:6E:CC:74:94:77
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/IkGPXVmP29ssGCb6MDH5bsx0lHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.41.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:82:c1:94:f0:52:f5:2e:a1:91:50:d5:bb:60:b2:5f:75:64:
         4d:c8:13:cc:19:35:33:99:85:9d:c9:2b:5d:f7:c5:64:5c:f7:
         30:0d:66:73:43:a9:c8:f9:04:77:15:fa:42:40:eb:65:42:81:
         45:00:91:80:85:71:63:0d:89:59:cd:d1:ff:83:77:25:66:c3:
         de:df:5b:4b:83:01:6f:2e:ce:8f:4d:cb:28:37:c3:16:1c:13:
         97:09:a0:e5:0b:bc:69:2a:44:55:af:88:59:60:43:1a:e7:77:
         25:eb:da:c7:46:29:55:67:91:76:55:bc:77:15:2b:80:13:a6:
         05:1c:f8:18:50:9b:05:78:d2:95:96:5b:fd:83:e1:11:8e:5f:
         f4:0a:ac:30:ea:99:71:41:2f:bf:89:eb:34:4d:6e:86:1c:db:
         21:cb:37:3b:7f:bc:39:4d:cf:0d:83:76:da:ba:b3:6f:04:6a:
         24:ce:30:9a:d1:4f:96:a2:92:4c:38:2e:cf:17:3c:88:e7:4d:
         38:38:15:77:6a:4a:60:75:d1:1e:cc:70:ea:e6:ec:b0:33:f2:
         a9:e9:41:a6:53:cb:b4:b6:55:d9:1c:d1:39:0c:64:ec:4f:81:
         e5:7f:c7:25:00:91:fb:33:30:67:de:36:f1:ba:b9:62:bc:c5:
         17:f9:f5:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7ufWClwP2is7oajvtNI9nzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjIyMDg0MDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjQxOGY1ZDU5OGZkYmRiMmMxODI2ZmEzMDMxZjk2ZWNjNzQ5NDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIhdENE5AAh+OzrE/i+9jjHKKLWP
H1f7MeAiAMtaOK+wjY9vRpZb2cdnF6Kaw9kKc4ntanIueo/qcbACNNcm3K/QYaWn
k/f6zEWs3s9ZDFBxdOfdg7hp5Wy99JJpwJ9ngWwCImo0sQmwWMKROb4Ik1SuE9NS
Qwhw9t+8PXx/qezdx8JIiKGHAlpLvHra87JuYxVDzfn8BqYwfp0WTjdPqybFzlKv
QKPlpOLJ8giVOhLdWgXR4GmXfU5R9+EZt5elBKra8SRsHwyKZU45m4kyXJnyAJJ/
Bhi1cmrCRDhQOxNGL5Kwflb+XFIHUt7oq4gDxQ4atbbqLiIsGpSJ+sv7iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJBj11Zj9vbLBgm+jAx+W7MdJR3MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvSWtHUFhWbVAyOXNzR0NiNk1ESDVic3gwbEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPikYMA0G
CSqGSIb3DQEBCwUAA4IBAQBbgsGU8FL1LqGRUNW7YLJfdWRNyBPMGTUzmYWdyStd
98VkXPcwDWZzQ6nI+QR3FfpCQOtlQoFFAJGAhXFjDYlZzdH/g3clZsPe31tLgwFv
Ls6PTcsoN8MWHBOXCaDlC7xpKkRVr4hZYEMa53cl69rHRilVZ5F2Vbx3FSuAE6YF
HPgYUJsFeNKVllv9g+ERjl/0Cqww6plxQS+/ies0TW6GHNshyzc7f7w5Tc8Ng3ba
urNvBGokzjCa0U+WopJMOC7PFzyI5004OBV3akpgddEezHDq5uywM/Kp6UGmU8u0
tlXZHNE5DGTsT4Hlf8clAJH7MzBn3jbxurlivMUX+fVL
-----END CERTIFICATE-----