Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ciZxMEPmxkvCQs6lFA1ZCjNLdyw.roa
File:                     ciZxMEPmxkvCQs6lFA1ZCjNLdyw.roa (raw, json)
Hash identifier:          FuLcIYP5xId039AL6WaXdX3it3eez0+NiRWp3A4f3ok=
Subject key identifier:   72:26:71:30:43:E6:C6:4B:C2:42:CE:A5:14:0D:59:0A:33:4B:77:2C
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D5D3548558C6F1E35E5DBC88DB9DC11B4
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ciZxMEPmxkvCQs6lFA1ZCjNLdyw.roa
Signing time:             Sun 05 Apr 2026 10:34:26 +0000
ROA not before:           Sun 05 Apr 2026 10:34:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        62.192.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5d:35:48:55:8c:6f:1e:35:e5:db:c8:8d:b9:dc:11:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr  5 10:34:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7226713043e6c64bc242cea5140d590a334b772c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b7:11:7e:da:24:24:aa:9d:28:ea:64:ca:8b:
                    0c:3b:d1:43:20:d8:0d:a3:00:bd:5d:9f:ed:3b:67:
                    29:64:45:60:7a:29:8f:9c:2a:d2:bc:b5:c5:ae:72:
                    06:78:9c:96:d8:30:12:da:00:a0:f0:bd:00:44:21:
                    a4:4f:a0:45:3a:9a:3a:e8:6a:3f:d7:38:91:7a:e4:
                    a2:af:d8:d1:1b:67:e0:04:14:2b:5c:d7:ff:46:24:
                    df:88:7f:93:00:40:8a:7b:4c:02:da:96:b9:8f:ee:
                    c7:dd:08:e7:30:84:41:2b:96:9b:31:9f:b4:6b:90:
                    ae:25:cd:83:8c:4f:b0:cb:1d:47:25:f2:94:04:8a:
                    07:bd:6c:41:d9:68:a8:37:df:eb:f3:4f:a4:e6:33:
                    15:aa:10:10:3e:16:87:ef:57:96:95:ab:01:51:e4:
                    1f:d3:97:09:5e:7e:7f:c6:80:d3:ae:b1:6a:db:f2:
                    de:7d:63:e2:32:e7:e8:6c:3c:19:6a:8e:64:6c:32:
                    0e:04:31:1f:80:b0:75:5a:f0:b8:d6:e8:03:f4:b1:
                    72:3d:30:f9:10:24:aa:d6:1d:3f:d2:94:9b:58:be:
                    9b:19:89:a5:06:b2:86:92:d6:fc:4e:9f:ec:86:18:
                    db:38:96:69:d0:ff:1f:19:96:0e:9c:7a:c3:31:d8:
                    65:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:26:71:30:43:E6:C6:4B:C2:42:CE:A5:14:0D:59:0A:33:4B:77:2C
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ciZxMEPmxkvCQs6lFA1ZCjNLdyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:35:53:d5:6a:f3:e2:d4:47:67:b7:d8:9c:27:e0:9d:7d:2b:
         60:bf:e5:19:2c:22:0e:2f:81:be:7e:92:86:14:09:a1:8c:e6:
         77:a8:1e:e9:55:30:d8:f3:64:a0:4d:da:c1:a2:33:e2:e3:9e:
         5a:f5:e6:1a:ae:6f:a8:52:22:21:14:a5:da:cf:13:56:a2:80:
         d8:1d:bd:e7:d6:49:7d:a6:c9:d2:ac:7a:c9:20:fd:d5:41:5f:
         2f:f8:91:3e:1b:e9:9f:ef:3f:09:eb:c8:88:c4:6f:e2:14:2f:
         3c:63:49:ae:02:50:08:1a:97:32:c6:b7:f4:99:77:d6:5d:d2:
         52:d4:a8:eb:df:10:41:4c:ae:20:18:05:6a:81:f6:86:9d:85:
         df:9d:2c:ed:e7:5a:bf:61:19:55:f4:1b:0c:bc:85:48:62:e0:
         a8:3e:b0:cc:21:2d:f9:ca:e9:da:f7:36:ac:15:4a:e3:26:87:
         5e:11:0d:63:b1:20:75:f2:82:98:56:2e:20:9c:1a:18:f5:1f:
         a7:7f:a8:82:86:69:b6:49:1d:ff:58:1e:38:23:49:df:39:2f:
         7b:47:f0:a0:14:12:ff:3e:2b:36:c7:1b:31:c8:a7:e8:ac:14:
         55:85:57:7e:8f:bd:5b:9c:18:a3:e1:9b:7a:f0:34:bc:6d:43:
         75:70:14:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1dNUhVjG8eNeXbyI253BG0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDA1MTAzNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjI2NzEzMDQzZTZjNjRiYzI0MmNlYTUxNDBkNTkwYTMzNGI3NzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbcRftokJKqdKOpkyosMO9FDINgN
owC9XZ/tO2cpZEVgeimPnCrSvLXFrnIGeJyW2DAS2gCg8L0ARCGkT6BFOpo66Go/
1ziReuSir9jRG2fgBBQrXNf/RiTfiH+TAECKe0wC2pa5j+7H3QjnMIRBK5abMZ+0
a5CuJc2DjE+wyx1HJfKUBIoHvWxB2WioN9/r80+k5jMVqhAQPhaH71eWlasBUeQf
05cJXn5/xoDTrrFq2/LefWPiMufobDwZao5kbDIOBDEfgLB1WvC41ugD9LFyPTD5
ECSq1h0/0pSbWL6bGYmlBrKGktb8Tp/shhjbOJZp0P8fGZYOnHrDMdhlLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHImcTBD5sZLwkLOpRQNWQozS3csMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvY2laeE1FUG14a3ZDUXM2bEZBMVpDak5MZHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPsBuMA0G
CSqGSIb3DQEBCwUAA4IBAQB7NVPVavPi1Ednt9icJ+CdfStgv+UZLCIOL4G+fpKG
FAmhjOZ3qB7pVTDY82SgTdrBojPi455a9eYarm+oUiIhFKXazxNWooDYHb3n1kl9
psnSrHrJIP3VQV8v+JE+G+mf7z8J68iIxG/iFC88Y0muAlAIGpcyxrf0mXfWXdJS
1Kjr3xBBTK4gGAVqgfaGnYXfnSzt51q/YRlV9BsMvIVIYuCoPrDMIS35yuna9zas
FUrjJodeEQ1jsSB18oKYVi4gnBoY9R+nf6iChmm2SR3/WB44I0nfOS97R/CgFBL/
Pis2xxsxyKforBRVhVd+j71bnBij4Zt68DS8bUN1cBRA
-----END CERTIFICATE-----