Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/tQsPmObVMxsGs2USQ--MlT6lmJc.roa
File:                     tQsPmObVMxsGs2USQ--MlT6lmJc.roa (raw, json)
Hash identifier:          S6g3w3tZ77+L4/5UZR+GE+6G9JUS385U/WfguqUEU+I=
Subject key identifier:   B5:0B:0F:98:E6:D5:33:1B:06:B3:65:12:43:EF:8C:95:3E:A5:98:97
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       019E59CA6461C148A9E3DA977586A84B2DBE
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/tQsPmObVMxsGs2USQ--MlT6lmJc.roa
Signing time:             Sun 24 May 2026 11:41:36 +0000
ROA not before:           Sun 24 May 2026 11:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33355
IP address blocks:        212.66.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 18:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:59:ca:64:61:c1:48:a9:e3:da:97:75:86:a8:4b:2d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: May 24 11:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b50b0f98e6d5331b06b3651243ef8c953ea59897
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2d:03:11:19:4f:21:c1:28:22:21:81:9a:7f:
                    db:d3:38:7b:35:4b:7f:ee:df:66:0f:0b:c3:97:e9:
                    2a:60:b5:b0:39:d5:36:2e:3a:e2:4a:ad:76:40:08:
                    22:72:2c:7d:3e:e7:c2:12:12:1d:69:99:a4:0f:9b:
                    9c:c9:30:f5:4c:05:3c:83:5c:24:65:f5:11:e7:ef:
                    aa:46:ef:b3:12:88:cb:19:03:1c:ad:69:a5:dd:37:
                    01:18:4e:37:bd:98:ac:b6:d2:4e:5a:23:98:28:93:
                    6c:fa:c5:62:3f:bd:35:b5:76:62:1b:06:c0:a5:96:
                    07:ca:07:2a:12:40:6a:79:a9:c4:d6:61:9d:74:2f:
                    40:bd:15:aa:ce:4e:76:15:c0:41:45:d2:96:5b:77:
                    73:c2:a8:a7:da:c3:74:4b:e2:7c:de:04:a5:43:90:
                    d1:14:b1:66:4d:87:f8:b3:92:17:74:55:17:35:f2:
                    41:b8:7b:f4:75:6f:df:7d:e0:41:62:2c:1e:cc:e3:
                    cf:a4:7e:da:92:80:64:90:d0:83:fc:2c:7c:65:0f:
                    10:48:5e:0b:85:17:f2:ac:f5:47:1d:a1:b6:cb:4a:
                    f0:70:98:ec:45:0e:36:93:8d:4a:36:31:92:be:ee:
                    bc:49:a6:ee:df:1d:2b:e4:ca:51:c2:f3:dd:9b:f1:
                    6c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:0B:0F:98:E6:D5:33:1B:06:B3:65:12:43:EF:8C:95:3E:A5:98:97
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/tQsPmObVMxsGs2USQ--MlT6lmJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.66.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:d3:b7:ee:9a:15:4f:e2:ab:13:03:0f:c8:84:52:43:fb:fc:
         66:d7:b9:23:46:cc:c2:d5:de:87:6f:b2:05:d8:a3:b8:cf:f7:
         53:5d:75:f0:ca:c9:07:6f:5d:ff:d6:e2:53:8f:06:49:13:ea:
         77:e2:a7:24:ab:a7:9d:da:6a:0d:21:3a:23:c4:59:97:f8:4f:
         b1:53:09:4c:38:10:47:bc:49:0c:c1:ec:be:88:29:8a:63:24:
         e9:04:47:dc:8a:f4:9c:25:a6:b8:ef:92:dd:af:37:1a:5a:c1:
         a6:35:00:08:38:42:7b:3a:a2:3e:aa:ce:0b:7b:ec:92:27:0a:
         07:7a:02:cf:9c:3c:4e:0c:93:52:bc:d9:df:e1:6c:ba:a3:46:
         e3:b4:ef:b8:3c:fd:f8:c8:b2:cb:1e:16:3d:2b:58:a0:79:30:
         8c:f0:db:07:04:01:e7:72:92:23:da:80:22:70:98:fd:cb:68:
         4d:28:59:c7:f7:88:f1:45:ff:c9:93:56:bd:7b:5c:f7:9b:0e:
         1e:05:8c:96:27:2c:f9:89:4f:b5:fc:36:a2:12:a2:c2:b8:65:
         33:6d:42:2b:3f:be:74:5e:0d:32:46:59:dd:90:60:e5:f8:db:
         e8:28:66:93:2c:42:f2:b7:b2:06:e1:7f:51:9d:ce:75:0c:8c:
         2a:54:89:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5ZymRhwUip49qXdYaoSy2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjYwNTI0MTE0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTBiMGY5OGU2ZDUzMzFiMDZiMzY1MTI0M2VmOGM5NTNlYTU5ODk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi0DERlPIcEoIiGBmn/b0zh7NUt/
7t9mDwvDl+kqYLWwOdU2LjriSq12QAgicix9PufCEhIdaZmkD5ucyTD1TAU8g1wk
ZfUR5++qRu+zEojLGQMcrWml3TcBGE43vZisttJOWiOYKJNs+sViP701tXZiGwbA
pZYHygcqEkBqeanE1mGddC9AvRWqzk52FcBBRdKWW3dzwqin2sN0S+J83gSlQ5DR
FLFmTYf4s5IXdFUXNfJBuHv0dW/ffeBBYiwezOPPpH7akoBkkNCD/Cx8ZQ8QSF4L
hRfyrPVHHaG2y0rwcJjsRQ42k41KNjGSvu68Sabu3x0r5MpRwvPdm/Fs7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLULD5jm1TMbBrNlEkPvjJU+pZiXMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvdFFzUG1PYlZNeHNHczJVU1EtLU1sVDZsbUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EIyMA0G
CSqGSIb3DQEBCwUAA4IBAQBX07fumhVP4qsTAw/IhFJD+/xm17kjRszC1d6Hb7IF
2KO4z/dTXXXwyskHb13/1uJTjwZJE+p34qckq6ed2moNITojxFmX+E+xUwlMOBBH
vEkMwey+iCmKYyTpBEfcivScJaa475LdrzcaWsGmNQAIOEJ7OqI+qs4Le+ySJwoH
egLPnDxODJNSvNnf4Wy6o0bjtO+4PP34yLLLHhY9K1igeTCM8NsHBAHncpIj2oAi
cJj9y2hNKFnH94jxRf/Jk1a9e1z3mw4eBYyWJyz5iU+1/DaiEqLCuGUzbUIrP750
Xg0yRlndkGDl+NvoKGaTLELyt7IG4X9Rnc51DIwqVIkM
-----END CERTIFICATE-----