Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ropX3Fy5migpqy4D3RPwTFPp_Ww.roa
File:                     ropX3Fy5migpqy4D3RPwTFPp_Ww.roa (raw, json)
Hash identifier:          1iDN/QfYgVYe6xZKV+HjpbMZLzVmRHLM3lYIEW5cAME=
Subject key identifier:   AE:8A:57:DC:5C:B9:9A:28:29:AB:2E:03:DD:13:F0:4C:53:E9:FD:6C
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019D91A3BDE1ECC5EBC4738112D38CE64BD5
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ropX3Fy5migpqy4D3RPwTFPp_Ww.roa
Signing time:             Wed 15 Apr 2026 14:55:20 +0000
ROA not before:           Wed 15 Apr 2026 14:55:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25515
IP address blocks:        62.233.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:a3:bd:e1:ec:c5:eb:c4:73:81:12:d3:8c:e6:4b:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Apr 15 14:55:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae8a57dc5cb99a2829ab2e03dd13f04c53e9fd6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0b:ea:80:00:06:5a:47:2f:5f:c4:85:1b:f0:
                    a0:d7:14:41:77:b4:7a:5c:93:83:6c:97:d0:f3:17:
                    dd:a3:da:eb:44:42:19:c5:6e:ef:4f:fa:51:f5:6a:
                    cc:56:83:70:c8:d9:6f:20:81:92:c3:64:40:60:40:
                    89:1d:e8:8c:fc:c3:11:33:2b:84:69:98:61:27:d5:
                    1b:32:7f:f4:f5:e1:e0:e4:8e:a0:73:66:f7:45:a4:
                    6b:a7:fd:57:6e:25:ec:08:37:49:b3:3e:27:03:9e:
                    7d:f4:33:a2:9a:28:d4:2e:a7:35:b7:f3:3f:5b:07:
                    b7:54:05:b7:1a:74:9d:81:e9:92:4f:d7:49:b8:eb:
                    a2:8f:60:62:c9:c1:6a:ad:77:7b:05:08:46:c2:b1:
                    0e:2e:ee:5e:8f:4d:49:7e:fc:b8:f2:7f:e3:84:d0:
                    76:8b:8f:cf:ec:3d:0f:f4:bf:43:54:0e:b8:bc:b8:
                    4d:4d:11:a7:70:53:eb:a6:76:49:6c:f2:b6:e1:76:
                    37:8b:88:d0:50:e7:59:b4:02:6e:5e:67:9e:94:3b:
                    00:29:b1:b4:bc:ab:e2:f1:d0:a5:bb:a6:ba:87:b6:
                    f8:10:fd:71:0d:fb:71:b9:0d:06:63:46:2f:50:c1:
                    66:7d:f7:16:64:20:74:78:99:8b:b4:95:da:43:0d:
                    e8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:8A:57:DC:5C:B9:9A:28:29:AB:2E:03:DD:13:F0:4C:53:E9:FD:6C
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ropX3Fy5migpqy4D3RPwTFPp_Ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:fc:35:65:76:5a:48:33:ea:22:f2:91:e3:0b:63:96:50:65:
         98:07:14:34:6e:5f:51:8d:0c:b8:c7:86:a4:91:18:c2:d0:ad:
         bd:6a:ca:d5:65:0e:47:da:34:f7:a0:84:38:c8:e8:2e:5a:94:
         e1:24:60:b9:c5:e0:a4:cb:57:ca:fe:ad:d1:63:d2:6d:e8:b1:
         60:51:72:fb:d3:29:71:b2:eb:33:51:c4:30:03:4b:6a:b7:9d:
         d8:c9:68:b9:f9:8c:98:e7:fc:e6:d3:c7:e1:2b:9e:bd:1d:8e:
         f8:30:df:4f:74:e7:63:2f:72:f7:af:92:ed:9e:9f:42:c5:a2:
         8d:72:66:52:47:43:81:db:c8:ad:30:e9:e5:43:3a:28:16:26:
         28:9d:da:ff:5f:38:95:a5:e6:e3:1f:7c:00:31:a4:c6:9d:70:
         7d:ee:3a:95:75:77:28:96:57:3a:29:50:65:39:2f:20:f1:49:
         36:c9:53:b5:1d:07:eb:a8:25:f9:e8:42:e2:b5:0b:ea:5c:d8:
         81:fb:f8:d1:81:59:6a:c4:40:26:94:44:45:75:0c:d1:79:87:
         08:5a:62:6e:3b:77:e9:51:76:4b:bd:5e:ac:e0:b1:50:34:18:
         35:a7:0c:5d:52:b3:13:87:8f:0c:f8:22:fe:ee:d7:43:8d:04:
         d8:a5:d7:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Ro73h7MXrxHOBEtOM5kvVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwNDE1MTQ1NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZThhNTdkYzVjYjk5YTI4MjlhYjJlMDNkZDEzZjA0YzUzZTlmZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwvqgAAGWkcvX8SFG/Cg1xRBd7R6
XJODbJfQ8xfdo9rrREIZxW7vT/pR9WrMVoNwyNlvIIGSw2RAYECJHeiM/MMRMyuE
aZhhJ9UbMn/09eHg5I6gc2b3RaRrp/1XbiXsCDdJsz4nA5599DOimijULqc1t/M/
Wwe3VAW3GnSdgemST9dJuOuij2BiycFqrXd7BQhGwrEOLu5ej01Jfvy48n/jhNB2
i4/P7D0P9L9DVA64vLhNTRGncFPrpnZJbPK24XY3i4jQUOdZtAJuXmeelDsAKbG0
vKvi8dClu6a6h7b4EP1xDftxuQ0GY0YvUMFmffcWZCB0eJmLtJXaQw3oxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6KV9xcuZooKasuA90T8ExT6f1sMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvcm9wWDNGeTVtaWdwcXk0RDNSUHdURlBwX1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPukvMA0G
CSqGSIb3DQEBCwUAA4IBAQBk/DVldlpIM+oi8pHjC2OWUGWYBxQ0bl9RjQy4x4ak
kRjC0K29asrVZQ5H2jT3oIQ4yOguWpThJGC5xeCky1fK/q3RY9Jt6LFgUXL70ylx
suszUcQwA0tqt53YyWi5+YyY5/zm08fhK569HY74MN9PdOdjL3L3r5Ltnp9CxaKN
cmZSR0OB28itMOnlQzooFiYondr/XziVpebjH3wAMaTGnXB97jqVdXcollc6KVBl
OS8g8Uk2yVO1HQfrqCX56ELitQvqXNiB+/jRgVlqxEAmlERFdQzReYcIWmJuO3fp
UXZLvV6s4LFQNBg1pwxdUrMTh48M+CL+7tdDjQTYpddO
-----END CERTIFICATE-----