Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/03fd42-6589-46ba-a673-0b02a4732479/1/iXKcLuJmGyAb1eHjCTVSp7W3GfM.roa
File:                     iXKcLuJmGyAb1eHjCTVSp7W3GfM.roa (raw, json)
Hash identifier:          fKesRGsQOYtr1MHvJTlZYCSawG7ul48aKfBiS+3ImGM=
Subject key identifier:   89:72:9C:2E:E2:66:1B:20:1B:D5:E1:E3:09:35:52:A7:B5:B7:19:F3
Certificate issuer:       /CN=4137b6daa20b5e061862b6fb99e236ac2c2e34f8
Certificate serial:       019D72CA65C5249740F9B4C75A846E033F49
Authority key identifier: 41:37:B6:DA:A2:0B:5E:06:18:62:B6:FB:99:E2:36:AC:2C:2E:34:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QTe22qILXgYYYrb7meI2rCwuNPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/03fd42-6589-46ba-a673-0b02a4732479/1/iXKcLuJmGyAb1eHjCTVSp7W3GfM.roa
Signing time:             Thu 09 Apr 2026 15:09:19 +0000
ROA not before:           Thu 09 Apr 2026 15:09:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199292
IP address blocks:        62.68.84.0/24 maxlen: 24
                          92.249.7.0/24 maxlen: 24
                          2a14:12c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/03fd42-6589-46ba-a673-0b02a4732479/1/QTe22qILXgYYYrb7meI2rCwuNPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/03fd42-6589-46ba-a673-0b02a4732479/1/QTe22qILXgYYYrb7meI2rCwuNPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QTe22qILXgYYYrb7meI2rCwuNPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:ca:65:c5:24:97:40:f9:b4:c7:5a:84:6e:03:3f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4137b6daa20b5e061862b6fb99e236ac2c2e34f8
        Validity
            Not Before: Apr  9 15:09:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89729c2ee2661b201bd5e1e3093552a7b5b719f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a2:22:3f:0f:9a:95:1d:8d:32:86:ae:a5:ed:
                    ff:d0:2a:b2:88:b4:8e:8b:75:f6:a3:b4:32:41:72:
                    3b:be:c8:37:ed:fa:ff:75:31:3d:3f:d3:11:d8:f5:
                    33:b3:ed:3c:c1:ff:4c:e1:c5:40:c9:f7:4c:b5:cb:
                    db:cc:58:60:9b:fb:f3:8e:a1:d6:18:f3:78:95:bb:
                    75:69:ec:39:aa:b2:d2:0a:d5:80:7c:4c:03:e1:62:
                    45:9d:a1:89:96:65:61:63:53:e9:31:c5:87:ac:80:
                    cb:48:65:3c:99:2d:3f:2b:01:03:8c:94:54:70:6c:
                    12:90:ae:11:ce:37:cb:18:9a:aa:6a:ff:ba:dc:ab:
                    da:4d:bf:3f:3a:d1:45:ab:aa:d2:da:17:9b:09:60:
                    26:d2:34:4a:9a:c6:c9:61:6b:00:5a:d5:fc:a9:7c:
                    82:18:70:dc:7e:1a:24:ca:da:a6:e7:9e:a6:5f:0b:
                    b0:7b:91:c0:94:b5:66:3b:bf:54:da:e6:c1:10:4c:
                    96:4a:2b:53:40:2b:09:74:6c:85:1d:af:be:da:e5:
                    36:e3:2c:6f:d6:0c:f3:a5:ee:16:f1:8d:f8:de:b1:
                    f0:50:1b:d2:79:50:5c:0d:23:f6:7c:13:18:dc:80:
                    5e:3f:0e:d6:ab:f2:a9:6e:23:6c:f6:f9:a7:e6:d0:
                    cc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:72:9C:2E:E2:66:1B:20:1B:D5:E1:E3:09:35:52:A7:B5:B7:19:F3
            X509v3 Authority Key Identifier:
                keyid:41:37:B6:DA:A2:0B:5E:06:18:62:B6:FB:99:E2:36:AC:2C:2E:34:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QTe22qILXgYYYrb7meI2rCwuNPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/03fd42-6589-46ba-a673-0b02a4732479/1/iXKcLuJmGyAb1eHjCTVSp7W3GfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/03fd42-6589-46ba-a673-0b02a4732479/1/QTe22qILXgYYYrb7meI2rCwuNPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.84.0/24
                  92.249.7.0/24
                IPv6:
                  2a14:12c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:08:a9:92:60:b9:13:07:da:fa:65:98:36:c6:73:57:81:58:
         57:48:dd:09:6e:ec:22:a7:29:e2:9e:79:ee:85:d9:48:d3:37:
         4d:02:81:d9:da:d5:60:62:18:96:24:8f:b5:c7:2a:db:48:87:
         f8:3c:02:0b:fb:8b:ec:f3:3c:a2:45:14:30:1d:34:fd:76:c8:
         06:32:09:5d:34:7d:a2:f4:bf:5d:f7:52:5b:87:ef:66:bc:d9:
         45:b2:65:89:c3:28:cb:39:25:97:8f:d1:70:88:0b:bd:34:64:
         42:a7:ec:71:b2:d6:41:80:cb:5c:5a:33:9a:a3:9d:7a:06:05:
         1d:b8:4e:84:df:86:cd:19:b7:95:3d:1b:04:6b:93:0b:7a:c7:
         18:24:2f:4b:21:a6:52:4e:f9:dd:38:0e:03:31:c3:7b:7f:4f:
         ca:07:ba:85:64:f5:8a:61:ea:2c:71:36:02:4e:20:0f:58:31:
         83:bf:ee:c3:b7:34:1e:0c:c3:85:a0:6f:00:2b:12:f9:a9:d4:
         b7:02:73:46:8c:c4:8d:28:c5:00:f5:1f:67:91:8b:b3:9b:67:
         2e:b8:e5:45:d5:88:91:a6:30:e0:4e:ae:65:56:ba:96:e8:dc:
         2f:8a:3f:fa:74:c3:26:59:5f:4f:1d:09:f7:14:76:b1:51:67:
         71:21:c5:3f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ1yymXFJJdA+bTHWoRuAz9JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMzdiNmRhYTIwYjVlMDYxODYyYjZmYjk5ZTIzNmFjMmMy
ZTM0ZjgwHhcNMjYwNDA5MTUwOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTcyOWMyZWUyNjYxYjIwMWJkNWUxZTMwOTM1NTJhN2I1YjcxOWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaIiPw+alR2NMoaupe3/0CqyiLSO
i3X2o7QyQXI7vsg37fr/dTE9P9MR2PUzs+08wf9M4cVAyfdMtcvbzFhgm/vzjqHW
GPN4lbt1aew5qrLSCtWAfEwD4WJFnaGJlmVhY1PpMcWHrIDLSGU8mS0/KwEDjJRU
cGwSkK4RzjfLGJqqav+63KvaTb8/OtFFq6rS2hebCWAm0jRKmsbJYWsAWtX8qXyC
GHDcfhokytqm556mXwuwe5HAlLVmO79U2ubBEEyWSitTQCsJdGyFHa++2uU24yxv
1gzzpe4W8Y343rHwUBvSeVBcDSP2fBMY3IBePw7Wq/KpbiNs9vmn5tDMbQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIlynC7iZhsgG9Xh4wk1Uqe1txnzMB8GA1UdIwQY
MBaAFEE3ttqiC14GGGK2+5niNqwsLjT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVRlMjJxSUxYZ1lZWXJiN21lSTJyQ3d1TlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8wM2ZkNDItNjU4OS00NmJhLWE2NzMt
MGIwMmE0NzMyNDc5LzEvaVhLY0x1Sm1HeUFiMWVIakNUVlNwN1czR2ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8wM2ZkNDItNjU4OS00NmJhLWE2NzMtMGIwMmE0NzMyNDc5
LzEvUVRlMjJxSUxYZ1lZWXJiN21lSTJyQ3d1TlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAPkRUAwQA
XPkHMA0EAgACMAcDBQAqFBLAMA0GCSqGSIb3DQEBCwUAA4IBAQAFCKmSYLkTB9r6
ZZg2xnNXgVhXSN0JbuwipyninnnuhdlI0zdNAoHZ2tVgYhiWJI+1xyrbSIf4PAIL
+4vs8zyiRRQwHTT9dsgGMgldNH2i9L9d91Jbh+9mvNlFsmWJwyjLOSWXj9FwiAu9
NGRCp+xxstZBgMtcWjOao516BgUduE6E34bNGbeVPRsEa5MLescYJC9LIaZSTvnd
OA4DMcN7f0/KB7qFZPWKYeoscTYCTiAPWDGDv+7DtzQeDMOFoG8AKxL5qdS3AnNG
jMSNKMUA9R9nkYuzm2cuuOVF1YiRpjDgTq5lVrqW6Nwvij/6dMMmWV9PHQn3FHax
UWdxIcU/
-----END CERTIFICATE-----