Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1-CaNO8_RMnpzKeMx-OMItczEl8.roa
File:                     1-CaNO8_RMnpzKeMx-OMItczEl8.roa (raw, json)
Hash identifier:          CCl7V5Ac7Zg0Z2Ogyr85g8hmFXorBL+LtY9lhKDMctg=
Subject key identifier:   D7:E0:9A:34:EF:3F:44:C9:E9:CC:A7:8C:C7:E3:8C:22:D7:33:12:5F
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019C0FCE66665E3544BB6F4DB18365C3186A
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1-CaNO8_RMnpzKeMx-OMItczEl8.roa
Signing time:             Fri 30 Jan 2026 16:48:30 +0000
ROA not before:           Fri 30 Jan 2026 16:48:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        62.233.54.0/24 maxlen: 24
                          185.226.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:0f:ce:66:66:5e:35:44:bb:6f:4d:b1:83:65:c3:18:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan 30 16:48:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7e09a34ef3f44c9e9cca78cc7e38c22d733125f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:71:41:0b:1a:cd:89:13:9e:54:1a:b0:45:f1:
                    5b:c0:f2:67:16:6b:0c:17:38:89:d8:e9:68:e0:c1:
                    e5:f9:56:70:6d:c6:01:30:a1:0b:f1:21:03:77:90:
                    08:7e:44:8f:e1:cc:c8:bd:c0:0e:d0:4d:ef:d6:a7:
                    06:38:4a:fb:b7:d4:70:5c:1f:6d:ee:76:28:11:78:
                    03:16:62:52:b7:0d:bd:1a:09:70:94:c6:c2:d9:ee:
                    72:8a:05:2c:83:75:4f:76:da:8e:00:45:f3:d0:32:
                    b2:84:b4:71:3b:4d:90:97:c8:fd:cc:0d:27:85:e4:
                    6c:d6:4e:0f:10:b2:40:d2:4e:f4:e1:cc:02:0d:9c:
                    93:05:03:ab:d8:17:34:f2:c9:28:6f:74:53:73:0b:
                    62:9f:13:2e:c5:99:be:f6:0f:f3:9f:0d:35:9b:b1:
                    ee:e3:b1:24:3c:38:29:78:a7:47:02:60:3f:f3:83:
                    a3:68:74:3d:ac:cb:26:2b:f0:88:76:04:90:62:37:
                    dc:fc:f7:f6:b4:69:94:db:6a:62:e2:fb:90:9d:56:
                    1d:47:b3:a8:00:38:7b:7b:bc:3e:21:3e:73:e8:77:
                    ff:0c:27:55:66:d4:57:2f:ce:ac:b8:6f:03:8f:8b:
                    58:73:2f:78:21:6d:de:2a:ec:ac:96:72:84:27:2a:
                    cd:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E0:9A:34:EF:3F:44:C9:E9:CC:A7:8C:C7:E3:8C:22:D7:33:12:5F
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1-CaNO8_RMnpzKeMx-OMItczEl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.54.0/24
                  185.226.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:f3:94:82:35:d1:84:9f:58:f0:f9:08:14:d3:67:1a:bb:fd:
         23:81:cb:48:55:6c:8e:35:32:e8:aa:e3:d0:28:46:da:9c:84:
         90:79:39:cb:49:0b:81:22:cf:c4:ec:c2:ae:12:13:29:fc:29:
         a9:0f:d0:f4:cd:c0:13:fa:98:39:ae:69:81:ef:c1:1e:22:31:
         a9:bd:96:22:4a:c7:23:69:31:26:b3:a4:33:8f:bb:ea:5d:2f:
         04:33:ed:38:7f:02:4c:b2:6b:d6:e3:15:50:d5:4f:bf:1f:34:
         8c:a9:de:43:83:b3:02:22:9f:77:6b:c3:c6:2c:18:21:a2:91:
         76:44:4c:e2:6b:88:6a:fa:3b:ff:10:ec:ea:2c:af:26:aa:02:
         9e:d3:3f:df:1b:3a:20:bb:47:65:74:dc:e9:6e:47:22:40:7e:
         2a:c9:34:05:de:2c:b6:ef:91:53:5a:ec:c9:df:7e:5a:b8:09:
         d7:88:b8:41:77:03:fc:83:69:19:ee:69:2b:3d:e6:fb:3b:d8:
         6e:15:80:d7:14:17:c8:52:4e:bf:ac:33:91:6b:6c:91:9d:5e:
         fa:f0:29:15:7e:81:e8:f1:ea:cb:2c:47:44:a1:32:88:5a:77:
         4e:8a:fa:67:3b:55:e7:c1:e0:f4:e1:cc:63:56:d3:09:23:83:
         79:bc:16:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwPzmZmXjVEu29NsYNlwxhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjYwMTMwMTY0ODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2UwOWEzNGVmM2Y0NGM5ZTljY2E3OGNjN2UzOGMyMmQ3MzMxMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3FBCxrNiROeVBqwRfFbwPJnFmsM
FziJ2Olo4MHl+VZwbcYBMKEL8SEDd5AIfkSP4czIvcAO0E3v1qcGOEr7t9RwXB9t
7nYoEXgDFmJStw29GglwlMbC2e5yigUsg3VPdtqOAEXz0DKyhLRxO02Ql8j9zA0n
heRs1k4PELJA0k704cwCDZyTBQOr2Bc08skob3RTcwtinxMuxZm+9g/znw01m7Hu
47EkPDgpeKdHAmA/84OjaHQ9rMsmK/CIdgSQYjfc/Pf2tGmU22pi4vuQnVYdR7Oo
ADh7e7w+IT5z6Hf/DCdVZtRXL86suG8Dj4tYcy94IW3eKuyslnKEJyrN2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNfgmjTvP0TJ6cynjMfjjCLXMxJfMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvMS1DYU5POF9STW5wektlTXgtT01JdGN6RWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPuk2AwQA
ueK3MA0GCSqGSIb3DQEBCwUAA4IBAQA/85SCNdGEn1jw+QgU02cau/0jgctIVWyO
NTLoquPQKEbanISQeTnLSQuBIs/E7MKuEhMp/CmpD9D0zcAT+pg5rmmB78EeIjGp
vZYiSscjaTEms6Qzj7vqXS8EM+04fwJMsmvW4xVQ1U+/HzSMqd5Dg7MCIp93a8PG
LBghopF2REzia4hq+jv/EOzqLK8mqgKe0z/fGzogu0dldNzpbkciQH4qyTQF3iy2
75FTWuzJ335auAnXiLhBdwP8g2kZ7mkrPeb7O9huFYDXFBfIUk6/rDORa2yRnV76
8CkVfoHo8erLLEdEoTKIWndOivpnO1XnweD04cxjVtMJI4N5vBae
-----END CERTIFICATE-----