Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/485305-4c23-4f37-854b-a9d3eef06c67/1/Pz-QEe29fm3Rmb-1Kr5ywB2dwNw.roa
File:                     Pz-QEe29fm3Rmb-1Kr5ywB2dwNw.roa (raw, json)
Hash identifier:          8K+mxkJc1YUhNCq1Ef1EX6Q0ZFsYA3sXxCTuzVabT3A=
Subject key identifier:   3F:3F:90:11:ED:BD:7E:6D:D1:99:BF:B5:2A:BE:72:C0:1D:9D:C0:DC
Certificate issuer:       /CN=58a26c2bc503a7c68128d2ae1ab4cd37deb99325
Certificate serial:       019E7DA63D319B76D86ED5102C3C2BB5077B
Authority key identifier: 58:A2:6C:2B:C5:03:A7:C6:81:28:D2:AE:1A:B4:CD:37:DE:B9:93:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKJsK8UDp8aBKNKuGrTNN965kyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/485305-4c23-4f37-854b-a9d3eef06c67/1/Pz-QEe29fm3Rmb-1Kr5ywB2dwNw.roa
Signing time:             Sun 31 May 2026 10:48:26 +0000
ROA not before:           Sun 31 May 2026 10:48:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44517
IP address blocks:        62.68.67.0/24 maxlen: 24
                          2a12:c340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/485305-4c23-4f37-854b-a9d3eef06c67/1/WKJsK8UDp8aBKNKuGrTNN965kyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/485305-4c23-4f37-854b-a9d3eef06c67/1/WKJsK8UDp8aBKNKuGrTNN965kyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKJsK8UDp8aBKNKuGrTNN965kyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7d:a6:3d:31:9b:76:d8:6e:d5:10:2c:3c:2b:b5:07:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a26c2bc503a7c68128d2ae1ab4cd37deb99325
        Validity
            Not Before: May 31 10:48:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f3f9011edbd7e6dd199bfb52abe72c01d9dc0dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e3:6a:b6:d8:c5:d6:f4:94:59:9f:21:24:34:
                    46:1d:be:c0:e1:57:1d:14:eb:d2:cf:f1:a4:b8:52:
                    7f:ab:e4:ed:6a:97:e9:53:67:8e:a2:78:99:b9:ef:
                    21:67:19:f7:4e:bb:6e:ef:da:af:79:2a:10:ee:5e:
                    2c:01:c3:88:c0:9d:b2:24:90:66:84:70:f5:c3:ea:
                    28:41:c0:1e:3e:9d:91:e0:74:be:66:0d:a1:fe:09:
                    8b:1b:a4:de:d5:27:5e:db:01:88:39:bc:f3:96:16:
                    a0:0a:5a:eb:44:16:00:80:ae:6f:54:a9:cf:5a:90:
                    02:7c:13:68:93:72:33:32:f3:e8:b7:6e:a7:f0:26:
                    4d:60:da:a2:7e:78:2d:4c:c1:59:0a:02:f9:3a:c0:
                    28:f4:18:5f:16:2f:cb:de:5c:94:7e:6d:0e:70:15:
                    ee:e3:6a:08:7e:b3:60:6e:01:d7:b7:c7:99:bf:98:
                    a0:56:ac:d8:b0:a9:9f:6f:75:d9:af:44:19:92:eb:
                    41:39:4a:2f:fa:89:01:22:a5:27:41:4c:72:1b:3c:
                    23:45:25:1a:5e:ad:ad:47:7a:78:2f:f2:cb:8a:2e:
                    bd:46:80:02:73:4b:58:cc:59:35:66:4e:9f:7b:3d:
                    43:23:27:c4:cd:0a:eb:02:b2:8f:37:89:0b:de:41:
                    be:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:3F:90:11:ED:BD:7E:6D:D1:99:BF:B5:2A:BE:72:C0:1D:9D:C0:DC
            X509v3 Authority Key Identifier:
                keyid:58:A2:6C:2B:C5:03:A7:C6:81:28:D2:AE:1A:B4:CD:37:DE:B9:93:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKJsK8UDp8aBKNKuGrTNN965kyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/485305-4c23-4f37-854b-a9d3eef06c67/1/Pz-QEe29fm3Rmb-1Kr5ywB2dwNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/485305-4c23-4f37-854b-a9d3eef06c67/1/WKJsK8UDp8aBKNKuGrTNN965kyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.67.0/24
                IPv6:
                  2a12:c340::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:5b:09:99:d9:4c:d1:46:a0:11:54:e9:53:24:b8:68:e7:09:
         8c:40:45:1a:89:4c:8c:70:86:12:96:bd:1b:c8:ca:f5:15:ff:
         df:82:df:04:82:9e:45:70:2b:b9:02:fd:3f:23:a5:cf:a8:40:
         42:4a:a3:8b:44:be:e5:c0:c9:d4:4a:b2:43:25:e2:36:e0:bf:
         c7:6c:fc:43:9b:f4:2d:b5:6f:cd:8d:84:0d:d1:41:91:a1:30:
         a9:e6:13:d0:28:64:d7:4f:42:27:d6:62:28:6b:1b:f0:b4:c5:
         c4:be:cc:a2:da:7a:2a:8d:db:c5:ec:fc:69:50:95:d2:9b:45:
         fa:3c:96:ab:61:41:15:84:c9:d2:30:c7:bc:30:1e:e4:b6:e8:
         87:1d:14:e7:13:6c:f2:ff:05:75:1f:17:5b:24:60:58:73:17:
         69:64:b4:93:25:53:44:96:94:7c:fa:3f:9f:18:4f:e2:db:b1:
         70:1e:52:03:10:c3:45:94:8a:91:65:64:1c:8e:78:1c:75:ca:
         e8:a3:a8:98:0b:fd:bf:b9:41:e8:db:22:ef:fd:33:c5:9f:fb:
         7d:54:b3:d8:7e:55:79:ca:98:4a:81:02:d9:d1:00:4c:7b:e7:
         3b:83:72:9e:3d:c7:f4:ab:d1:a9:90:ff:32:e7:a5:83:b7:0f:
         61:5b:be:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ59pj0xm3bYbtUQLDwrtQd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTI2YzJiYzUwM2E3YzY4MTI4ZDJhZTFhYjRjZDM3ZGVi
OTkzMjUwHhcNMjYwNTMxMTA0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjNmOTAxMWVkYmQ3ZTZkZDE5OWJmYjUyYWJlNzJjMDFkOWRjMGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkONqttjF1vSUWZ8hJDRGHb7A4Vcd
FOvSz/GkuFJ/q+TtapfpU2eOoniZue8hZxn3Trtu79qveSoQ7l4sAcOIwJ2yJJBm
hHD1w+ooQcAePp2R4HS+Zg2h/gmLG6Te1Sde2wGIObzzlhagClrrRBYAgK5vVKnP
WpACfBNok3IzMvPot26n8CZNYNqifngtTMFZCgL5OsAo9BhfFi/L3lyUfm0OcBXu
42oIfrNgbgHXt8eZv5igVqzYsKmfb3XZr0QZkutBOUov+okBIqUnQUxyGzwjRSUa
Xq2tR3p4L/LLii69RoACc0tYzFk1Zk6fez1DIyfEzQrrArKPN4kL3kG+pwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD8/kBHtvX5t0Zm/tSq+csAdncDcMB8GA1UdIwQY
MBaAFFiibCvFA6fGgSjSrhq0zTfeuZMlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0tKc0s4VURwOGFCS05LdUdyVE5OOTY1a3lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80ODUzMDUtNGMyMy00ZjM3LTg1NGIt
YTlkM2VlZjA2YzY3LzEvUHotUUVlMjlmbTNSbWItMUtyNXl3QjJkd053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80ODUzMDUtNGMyMy00ZjM3LTg1NGItYTlkM2VlZjA2YzY3
LzEvV0tKc0s4VURwOGFCS05LdUdyVE5OOTY1a3lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAPkRDMA0E
AgACMAcDBQMqEsNAMA0GCSqGSIb3DQEBCwUAA4IBAQCJWwmZ2UzRRqARVOlTJLho
5wmMQEUaiUyMcIYSlr0byMr1Ff/fgt8Egp5FcCu5Av0/I6XPqEBCSqOLRL7lwMnU
SrJDJeI24L/HbPxDm/QttW/NjYQN0UGRoTCp5hPQKGTXT0In1mIoaxvwtMXEvsyi
2noqjdvF7PxpUJXSm0X6PJarYUEVhMnSMMe8MB7ktuiHHRTnE2zy/wV1HxdbJGBY
cxdpZLSTJVNElpR8+j+fGE/i27FwHlIDEMNFlIqRZWQcjngcdcroo6iYC/2/uUHo
2yLv/TPFn/t9VLPYflV5yphKgQLZ0QBMe+c7g3KePcf0q9GpkP8y56WDtw9hW75L
-----END CERTIFICATE-----