Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/2e0337-477a-47fb-ad7e-a7fa967b6448/1/A52xkOJ3gt9nOlPHcfsZqFwzDK4.roa
File:                     A52xkOJ3gt9nOlPHcfsZqFwzDK4.roa (raw, json)
Hash identifier:          39PbgxontqguJHDp8xB13e5MSDd4oSH9j0HuESC2TAg=
Subject key identifier:   03:9D:B1:90:E2:77:82:DF:67:3A:53:C7:71:FB:19:A8:5C:33:0C:AE
Certificate issuer:       /CN=35d35dad62c559846ea24e14500bfe45e3d751f2
Certificate serial:       019CD9942648F305DCA4CB8DFC719CFCFF68
Authority key identifier: 35:D3:5D:AD:62:C5:59:84:6E:A2:4E:14:50:0B:FE:45:E3:D7:51:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NdNdrWLFWYRuok4UUAv-RePXUfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/2e0337-477a-47fb-ad7e-a7fa967b6448/1/A52xkOJ3gt9nOlPHcfsZqFwzDK4.roa
Signing time:             Tue 10 Mar 2026 21:08:10 +0000
ROA not before:           Tue 10 Mar 2026 21:08:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196843
IP address blocks:        109.73.208.0/20 maxlen: 20
                          185.122.40.0/22 maxlen: 22
                          2a00:1808::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/2e0337-477a-47fb-ad7e-a7fa967b6448/1/NdNdrWLFWYRuok4UUAv-RePXUfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/2e0337-477a-47fb-ad7e-a7fa967b6448/1/NdNdrWLFWYRuok4UUAv-RePXUfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NdNdrWLFWYRuok4UUAv-RePXUfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 15:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d9:94:26:48:f3:05:dc:a4:cb:8d:fc:71:9c:fc:ff:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35d35dad62c559846ea24e14500bfe45e3d751f2
        Validity
            Not Before: Mar 10 21:08:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=039db190e27782df673a53c771fb19a85c330cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:42:a4:4b:ec:99:f3:c3:b6:75:83:ee:c6:cc:
                    37:04:8e:68:f1:79:01:06:b2:51:37:c5:14:a3:19:
                    09:67:d9:ab:14:c3:2d:a3:45:69:aa:df:aa:38:e3:
                    76:9e:d1:74:5d:0c:62:d0:c0:87:b2:f3:93:d9:bb:
                    3d:c1:85:94:f7:66:92:0e:db:10:23:1d:4b:8b:26:
                    66:35:87:72:d4:35:f7:0a:2b:10:4f:15:1c:b7:50:
                    9d:78:a4:0e:6f:77:82:a7:32:99:4b:a0:2e:d9:ba:
                    24:a1:77:0d:93:26:9d:88:12:bb:12:ba:cf:2e:0f:
                    ca:e2:a8:11:02:b8:b5:3d:47:b1:fe:be:b5:7b:20:
                    67:2d:c2:5c:57:65:ea:e8:16:03:10:d0:f4:3b:7d:
                    03:7e:f5:a7:31:e3:97:5c:e5:99:74:11:ca:1f:5c:
                    50:a5:0a:f1:99:8e:b2:26:44:b6:a4:19:98:ee:99:
                    49:a3:76:3d:3d:04:57:69:e8:57:1b:ff:66:15:2a:
                    31:65:63:10:82:33:12:b3:d5:e5:6b:af:87:d7:fc:
                    cb:5c:da:9c:a5:fb:db:cb:23:42:79:f1:53:52:1e:
                    72:9b:3c:56:19:55:c7:f7:88:42:66:64:64:e0:2f:
                    45:18:4e:8a:26:d7:e0:e6:59:05:75:13:a2:b0:77:
                    f5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:9D:B1:90:E2:77:82:DF:67:3A:53:C7:71:FB:19:A8:5C:33:0C:AE
            X509v3 Authority Key Identifier:
                keyid:35:D3:5D:AD:62:C5:59:84:6E:A2:4E:14:50:0B:FE:45:E3:D7:51:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NdNdrWLFWYRuok4UUAv-RePXUfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/2e0337-477a-47fb-ad7e-a7fa967b6448/1/A52xkOJ3gt9nOlPHcfsZqFwzDK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/2e0337-477a-47fb-ad7e-a7fa967b6448/1/NdNdrWLFWYRuok4UUAv-RePXUfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.73.208.0/20
                  185.122.40.0/22
                IPv6:
                  2a00:1808::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:2e:77:5b:86:e9:90:b4:87:5e:74:af:0d:2a:0e:29:3a:86:
         d1:a2:d2:ea:ff:cf:0f:f1:1e:2f:5d:9f:15:7c:31:4e:63:1d:
         f2:ed:95:e6:2f:e3:87:85:96:ae:2f:ce:c0:e8:93:84:ab:5c:
         cd:6b:f1:6b:65:52:05:ae:37:50:2a:40:a0:8f:3d:3d:34:5a:
         f9:e8:d7:33:38:ca:a0:0b:50:3a:9c:cb:b4:49:ac:f0:df:4d:
         2a:77:4e:ae:b5:1f:be:a1:b5:d9:21:f8:d4:85:11:88:b7:23:
         71:7a:25:bc:12:ba:61:51:10:c3:2e:7a:f0:77:fe:fa:ee:c0:
         9b:6a:e9:d6:0d:c2:2d:37:c3:8a:ff:2b:98:76:42:c4:9f:b5:
         ff:ca:59:9b:f4:31:68:cc:b8:24:c0:30:c0:60:f3:03:4c:2c:
         83:7c:64:ba:c4:4e:c9:a3:f0:3a:f4:8a:83:89:e2:aa:03:a5:
         f8:1a:44:c3:49:15:56:b7:f4:87:d7:89:dd:0f:a5:64:04:1d:
         1c:c3:f6:80:d0:09:78:4b:92:fc:c7:08:99:08:a1:35:d7:32:
         e7:12:48:2d:ea:15:62:50:4a:12:64:59:36:19:b3:5f:28:98:
         fd:33:00:25:a3:15:06:ce:b8:7d:4d:55:bb:59:c1:81:9a:27:
         8d:9c:ce:a2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZzZlCZI8wXcpMuN/HGc/P9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZDM1ZGFkNjJjNTU5ODQ2ZWEyNGUxNDUwMGJmZTQ1ZTNk
NzUxZjIwHhcNMjYwMzEwMjEwODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzlkYjE5MGUyNzc4MmRmNjczYTUzYzc3MWZiMTlhODVjMzMwY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkKkS+yZ88O2dYPuxsw3BI5o8XkB
BrJRN8UUoxkJZ9mrFMMto0Vpqt+qOON2ntF0XQxi0MCHsvOT2bs9wYWU92aSDtsQ
Ix1LiyZmNYdy1DX3CisQTxUct1CdeKQOb3eCpzKZS6Au2bokoXcNkyadiBK7ErrP
Lg/K4qgRAri1PUex/r61eyBnLcJcV2Xq6BYDEND0O30DfvWnMeOXXOWZdBHKH1xQ
pQrxmY6yJkS2pBmY7plJo3Y9PQRXaehXG/9mFSoxZWMQgjMSs9Xla6+H1/zLXNqc
pfvbyyNCefFTUh5ymzxWGVXH94hCZmRk4C9FGE6KJtfg5lkFdROisHf16QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAOdsZDid4LfZzpTx3H7GahcMwyuMB8GA1UdIwQY
MBaAFDXTXa1ixVmEbqJOFFAL/kXj11HyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmROZHJXTEZXWVJ1b2s0VVVBdi1SZVBYVWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8yZTAzMzctNDc3YS00N2ZiLWFkN2Ut
YTdmYTk2N2I2NDQ4LzEvQTUyeGtPSjNndDluT2xQSGNmc1pxRnd6REs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8yZTAzMzctNDc3YS00N2ZiLWFkN2UtYTdmYTk2N2I2NDQ4
LzEvTmROZHJXTEZXWVJ1b2s0VVVBdi1SZVBYVWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEbUnQAwQC
uXooMA0EAgACMAcDBQAqABgIMA0GCSqGSIb3DQEBCwUAA4IBAQAtLndbhumQtIde
dK8NKg4pOobRotLq/88P8R4vXZ8VfDFOYx3y7ZXmL+OHhZauL87A6JOEq1zNa/Fr
ZVIFrjdQKkCgjz09NFr56NczOMqgC1A6nMu0Sazw300qd06utR++obXZIfjUhRGI
tyNxeiW8ErphURDDLnrwd/767sCbaunWDcItN8OK/yuYdkLEn7X/ylmb9DFozLgk
wDDAYPMDTCyDfGS6xE7Jo/A69IqDieKqA6X4GkTDSRVWt/SH14ndD6VkBB0cw/aA
0Al4S5L8xwiZCKE11zLnEkgt6hViUEoSZFk2GbNfKJj9MwAloxUGzrh9TVW7WcGB
mieNnM6i
-----END CERTIFICATE-----