Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/iS_IteKYOEO3aqQ6EFMAokejebE.roa
File:                     iS_IteKYOEO3aqQ6EFMAokejebE.roa (raw, json)
Hash identifier:          QJNjPBPOKdt2Y0iNlpFoOGbtCBY3Zi1u+aqO17hBnjs=
Subject key identifier:   89:2F:C8:B5:E2:98:38:43:B7:6A:A4:3A:10:53:00:A2:47:A3:79:B1
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019C1362D66364B16D1097481EC4426F811B
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/iS_IteKYOEO3aqQ6EFMAokejebE.roa
Signing time:             Sat 31 Jan 2026 09:29:30 +0000
ROA not before:           Sat 31 Jan 2026 09:29:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        62.233.54.0/24 maxlen: 24
                          185.226.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:13:62:d6:63:64:b1:6d:10:97:48:1e:c4:42:6f:81:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan 31 09:29:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=892fc8b5e2983843b76aa43a105300a247a379b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:81:93:95:a8:57:9b:40:89:ed:6c:80:7c:67:
                    2b:29:a1:7e:4c:15:91:c9:e5:15:4e:88:46:b7:01:
                    ef:a7:9c:76:98:e7:7b:a1:0a:93:03:b2:fe:72:d4:
                    7d:6e:aa:2b:ac:c5:c5:19:d0:54:4b:d5:c6:c0:7c:
                    1d:b7:ca:b0:51:bd:d4:23:25:58:d7:2c:55:60:06:
                    0d:1e:bf:69:4b:0a:87:64:50:a9:3f:28:9b:14:f1:
                    1f:18:a6:9b:33:34:54:01:f0:87:e5:ef:a6:96:2c:
                    58:60:ef:2e:5f:53:85:7d:18:49:08:d0:b1:d7:4b:
                    07:db:b8:eb:8a:86:32:74:54:89:09:bf:0e:35:a8:
                    22:92:0b:8f:1a:32:85:0f:59:ee:08:dd:1e:25:45:
                    9e:10:9c:b6:fe:40:32:ec:ba:1a:9b:e4:a6:f1:0d:
                    bd:ab:5d:9d:b9:ea:8e:f5:9a:f3:26:39:7a:33:45:
                    62:71:7e:dd:41:ef:ce:02:23:ba:fa:82:c9:d8:b8:
                    f7:32:1b:d7:a6:1a:f6:34:ce:50:20:fe:1c:7d:c8:
                    8a:75:28:fd:29:2c:07:d5:8b:30:44:ed:be:e8:47:
                    5c:6a:e9:fd:8a:e2:5d:05:52:af:3a:c0:34:b2:f2:
                    88:d0:4c:f0:bb:1a:8d:94:b1:c2:ae:50:5e:2a:3f:
                    cb:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2F:C8:B5:E2:98:38:43:B7:6A:A4:3A:10:53:00:A2:47:A3:79:B1
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/iS_IteKYOEO3aqQ6EFMAokejebE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.54.0/24
                  185.226.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:9a:a3:d3:84:cb:66:58:7d:2f:e4:ef:ae:68:83:3a:ca:c8:
         54:45:e6:53:a0:3a:c1:41:1d:92:c8:f5:cf:da:aa:95:e8:ee:
         f4:72:b4:50:bc:fa:b6:a9:30:d3:78:81:29:8c:ae:db:c2:27:
         c9:5e:95:45:39:00:a4:c2:b7:4f:0d:94:44:db:e5:bb:83:3c:
         eb:ed:29:6a:86:06:d7:c8:35:00:1e:34:98:0b:97:48:d4:1e:
         b9:e4:6f:49:c6:66:cd:55:42:0d:9f:53:b6:ab:79:e5:46:9e:
         ba:9a:75:b0:bc:3a:01:77:64:fd:1c:11:0d:bf:52:85:ad:d0:
         82:14:75:04:5a:80:83:34:e5:4c:db:a3:02:81:94:63:1e:48:
         7e:a9:83:ff:20:84:b2:88:e7:a1:44:28:7d:69:94:35:72:33:
         9a:75:f0:9d:7b:63:75:1c:d3:44:20:82:53:46:78:90:00:8e:
         38:5e:f6:39:ae:4a:30:8f:14:70:af:f8:cf:dd:cb:5a:56:12:
         22:97:d0:54:a9:17:8b:67:1a:3f:b3:55:5e:e7:9b:d4:c3:a8:
         f0:38:06:d5:56:0a:07:d6:e3:9f:9d:cd:3c:ea:18:fd:88:6e:
         3d:0a:ad:69:9c:ad:50:15:eb:8d:9e:ed:4c:72:a2:de:93:1c:
         15:34:cb:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwTYtZjZLFtEJdIHsRCb4EbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjYwMTMxMDkyOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTJmYzhiNWUyOTgzODQzYjc2YWE0M2ExMDUzMDBhMjQ3YTM3OWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIGTlahXm0CJ7WyAfGcrKaF+TBWR
yeUVTohGtwHvp5x2mOd7oQqTA7L+ctR9bqorrMXFGdBUS9XGwHwdt8qwUb3UIyVY
1yxVYAYNHr9pSwqHZFCpPyibFPEfGKabMzRUAfCH5e+mlixYYO8uX1OFfRhJCNCx
10sH27jrioYydFSJCb8ONagikguPGjKFD1nuCN0eJUWeEJy2/kAy7Loam+Sm8Q29
q12dueqO9ZrzJjl6M0VicX7dQe/OAiO6+oLJ2Lj3MhvXphr2NM5QIP4cfciKdSj9
KSwH1YswRO2+6Edcaun9iuJdBVKvOsA0svKI0EzwuxqNlLHCrlBeKj/LCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIkvyLXimDhDt2qkOhBTAKJHo3mxMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvaVNfSXRlS1lPRU8zYXFRNkVGTUFva2VqZWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPuk2AwQA
ueK3MA0GCSqGSIb3DQEBCwUAA4IBAQCSmqPThMtmWH0v5O+uaIM6yshUReZToDrB
QR2SyPXP2qqV6O70crRQvPq2qTDTeIEpjK7bwifJXpVFOQCkwrdPDZRE2+W7gzzr
7SlqhgbXyDUAHjSYC5dI1B655G9JxmbNVUINn1O2q3nlRp66mnWwvDoBd2T9HBEN
v1KFrdCCFHUEWoCDNOVM26MCgZRjHkh+qYP/IISyiOehRCh9aZQ1cjOadfCde2N1
HNNEIIJTRniQAI44XvY5rkowjxRwr/jP3ctaVhIil9BUqReLZxo/s1Ve55vUw6jw
OAbVVgoH1uOfnc086hj9iG49Cq1pnK1QFeuNnu1McqLekxwVNMu7
-----END CERTIFICATE-----