Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mkLSqMpZXUNKPiwpxyZjLrGzh-c.roa
File:                     mkLSqMpZXUNKPiwpxyZjLrGzh-c.roa (raw, json)
Hash identifier:          AsRaaYp2eJ7U3U3WNahyiJ1W3upTewt0NgffIUlX9D0=
Subject key identifier:   9A:42:D2:A8:CA:59:5D:43:4A:3E:2C:29:C7:26:63:2E:B1:B3:87:E7
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019ECF8005952128227D8F1A4DA98C8AC1B1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mkLSqMpZXUNKPiwpxyZjLrGzh-c.roa
Signing time:             Tue 16 Jun 2026 08:15:34 +0000
ROA not before:           Tue 16 Jun 2026 08:15:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219429
IP address blocks:        62.76.235.0/24 maxlen: 24
                          194.58.223.0/24 maxlen: 24
                          194.87.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 07:49:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:80:05:95:21:28:22:7d:8f:1a:4d:a9:8c:8a:c1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun 16 08:15:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a42d2a8ca595d434a3e2c29c726632eb1b387e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a6:f7:67:7a:bd:fb:69:c4:48:22:1a:b5:16:
                    e9:3b:8a:82:42:43:26:77:dd:94:e1:0d:b9:3b:95:
                    9a:f2:51:c6:30:b8:85:62:36:39:6c:7b:d3:72:76:
                    d8:ef:24:ea:68:7f:5b:f3:e4:3f:53:4e:86:55:48:
                    8d:0b:d4:49:eb:6f:02:4b:c5:d4:3f:45:ea:8b:66:
                    8d:4d:e1:e2:b0:7c:7f:86:f2:b1:f2:54:41:10:0e:
                    c1:f5:f7:a4:03:67:af:c7:7d:29:d7:0b:3c:ae:20:
                    57:72:62:a8:0e:ff:a7:6d:b9:59:e4:28:1e:0c:00:
                    41:08:95:4f:38:c6:62:6d:63:9f:73:32:10:5f:6c:
                    de:21:82:1c:22:fc:d9:be:12:8a:c6:95:82:cf:31:
                    59:4f:01:04:5e:67:70:8d:ad:bd:53:9e:7d:63:11:
                    7f:5a:dc:10:f8:cb:36:34:c4:5c:3b:7a:db:d8:bf:
                    a4:7e:9a:71:a6:66:5e:dd:64:cd:9e:43:9e:1d:28:
                    16:48:bb:fa:5c:ff:47:a9:73:0c:45:71:98:69:ff:
                    94:46:cc:2c:c5:d8:3d:67:6b:5d:bc:8b:3a:60:4d:
                    ef:d5:13:ea:08:83:47:69:b8:87:17:89:b8:44:eb:
                    c8:a0:9a:22:b1:1d:63:b5:72:13:20:81:a4:18:7c:
                    5b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:42:D2:A8:CA:59:5D:43:4A:3E:2C:29:C7:26:63:2E:B1:B3:87:E7
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mkLSqMpZXUNKPiwpxyZjLrGzh-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.235.0/24
                  194.58.223.0/24
                  194.87.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:0d:dc:9c:29:2e:ad:17:d3:d1:cd:9b:74:9d:c5:84:a5:b2:
         21:2e:52:cd:0a:dd:f0:9a:f3:50:f7:6a:6e:78:19:a2:ec:b2:
         aa:64:46:97:d5:e0:95:38:fb:f1:6d:e5:4f:a1:fa:01:ef:b5:
         9c:ec:ad:72:18:24:b1:d0:53:e4:b9:b2:86:2f:f9:d0:0b:06:
         32:0c:92:7d:8e:32:15:21:cd:83:cd:d8:ae:02:9e:c5:38:97:
         34:c4:15:30:53:cd:55:d9:ac:af:ac:0c:e8:4d:c8:b5:f6:ae:
         90:46:6a:58:e8:57:c9:56:81:31:e9:76:cf:1b:48:5c:5a:87:
         3f:99:67:cc:15:51:32:a6:7c:34:6e:b8:53:28:26:8c:d5:e6:
         d1:cb:dc:c9:b9:8f:fa:d5:75:23:83:6d:94:df:bc:d4:b8:f2:
         23:58:c5:04:dd:a1:b8:c1:bf:15:dd:8b:34:c5:08:32:b6:af:
         66:cb:a7:6d:b2:86:76:ea:18:a0:1d:9d:b5:1e:92:8e:c1:7a:
         e5:70:1b:4d:c9:cb:c0:6d:f2:71:00:06:4a:3a:f2:05:ec:13:
         ef:10:5c:25:d6:22:e1:66:b2:5d:d6:f2:d7:4e:41:38:c2:39:
         d6:1b:23:b4:95:78:1e:56:e6:8c:d2:02:fc:7e:2b:2e:d3:d3:
         fc:2d:9f:fb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7PgAWVISgifY8aTamMisGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNjE2MDgxNTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQyZDJhOGNhNTk1ZDQzNGEzZTJjMjljNzI2NjMyZWIxYjM4N2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqb3Z3q9+2nESCIatRbpO4qCQkMm
d92U4Q25O5Wa8lHGMLiFYjY5bHvTcnbY7yTqaH9b8+Q/U06GVUiNC9RJ628CS8XU
P0Xqi2aNTeHisHx/hvKx8lRBEA7B9fekA2evx30p1ws8riBXcmKoDv+nbblZ5Cge
DABBCJVPOMZibWOfczIQX2zeIYIcIvzZvhKKxpWCzzFZTwEEXmdwja29U559YxF/
WtwQ+Ms2NMRcO3rb2L+kfppxpmZe3WTNnkOeHSgWSLv6XP9HqXMMRXGYaf+URsws
xdg9Z2tdvIs6YE3v1RPqCINHabiHF4m4ROvIoJoisR1jtXITIIGkGHxb0wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJpC0qjKWV1DSj4sKccmYy6xs4fnMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbWtMU3FNcFpYVU5LUGl3cHh5WmpMckd6aC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPkzrAwQA
wjrfAwQAwlcQMA0GCSqGSIb3DQEBCwUAA4IBAQCCDdycKS6tF9PRzZt0ncWEpbIh
LlLNCt3wmvNQ92pueBmi7LKqZEaX1eCVOPvxbeVPofoB77Wc7K1yGCSx0FPkubKG
L/nQCwYyDJJ9jjIVIc2DzdiuAp7FOJc0xBUwU81V2ayvrAzoTci19q6QRmpY6FfJ
VoEx6XbPG0hcWoc/mWfMFVEypnw0brhTKCaM1ebRy9zJuY/61XUjg22U37zUuPIj
WMUE3aG4wb8V3Ys0xQgytq9my6dtsoZ26higHZ21HpKOwXrlcBtNycvAbfJxAAZK
OvIF7BPvEFwl1iLhZrJd1vLXTkE4wjnWGyO0lXgeVuaM0gL8fisu09P8LZ/7
-----END CERTIFICATE-----