Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/36322e3132322e3138382e302f32342d3234203d3e2035363530.roa
File:                     36322e3132322e3138382e302f32342d3234203d3e2035363530.roa (raw, json)
Hash identifier:          b01UE1W2EGfzUcIfvNzwNjLl6EWZ+fK9rU0UVH/isX8=
Subject key identifier:   92:3D:85:89:8C:EB:5E:F3:0F:CF:47:4C:CA:E1:FC:C5:72:5B:61:88
Certificate issuer:       /CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
Certificate serial:       3EBE6E2FC76F75654E87F422803577554DC3D404
Authority key identifier: FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/36322e3132322e3138382e302f32342d3234203d3e2035363530.roa
Signing time:             Thu 26 Feb 2026 15:46:29 +0000
ROA not before:           Thu 26 Feb 2026 15:41:29 +0000
ROA not after:            Thu 25 Feb 2027 15:46:29 +0000
asID:                     5650
IP address blocks:        62.122.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:47:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:be:6e:2f:c7:6f:75:65:4e:87:f4:22:80:35:77:55:4d:c3:d4:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
        Validity
            Not Before: Feb 26 15:41:29 2026 GMT
            Not After : Feb 25 15:46:29 2027 GMT
        Subject: CN=923D85898CEB5EF30FCF474CCAE1FCC5725B6188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:67:9b:c7:f5:b8:99:95:ca:3e:99:46:ab:f2:
                    f5:8e:a8:f9:9b:fe:e0:44:72:cf:5d:2d:72:79:7a:
                    6f:32:3c:4b:75:68:1c:19:fa:aa:43:83:88:6c:56:
                    76:d3:b1:bf:4e:c5:cb:0a:da:68:aa:6e:54:8a:97:
                    75:f9:f4:e5:b3:a2:72:6c:37:f2:81:d9:fe:a8:24:
                    8b:1c:8f:6f:b6:e7:df:8a:27:23:10:f2:35:18:66:
                    08:fa:53:ab:dd:e1:cd:d4:da:84:1c:47:25:fb:0a:
                    5b:ac:4d:bd:78:01:0e:44:79:b7:82:10:2f:45:66:
                    7c:54:26:93:8e:38:15:76:d5:5d:d7:b9:cf:e4:ff:
                    2c:80:04:b0:54:f0:c2:30:ce:6f:e0:9b:3e:f4:e3:
                    d2:9b:4e:1d:53:6a:83:14:f7:ff:a7:03:5b:b2:09:
                    b6:e5:34:68:a9:ce:27:6f:d8:6b:6d:05:ab:6f:47:
                    63:ae:f3:a0:35:19:fa:66:38:e3:65:c2:02:5b:25:
                    eb:28:e1:95:5d:75:40:93:f8:ff:5b:25:40:a3:d7:
                    6c:06:44:e0:29:54:87:92:f0:88:7d:ac:d7:6d:77:
                    02:c2:01:a7:66:28:08:ab:9a:2f:95:3f:02:55:b5:
                    69:0b:68:0a:d3:75:69:8f:72:2f:0f:01:7e:ae:1f:
                    56:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:3D:85:89:8C:EB:5E:F3:0F:CF:47:4C:CA:E1:FC:C5:72:5B:61:88
            X509v3 Authority Key Identifier:
                keyid:FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/36322e3132322e3138382e302f32342d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:67:08:86:ca:48:0e:c2:4f:c2:3b:59:b7:c4:4a:6a:8e:0d:
         9c:35:1a:af:99:5b:27:20:7b:5b:af:83:71:1b:e7:fe:13:89:
         00:e8:ce:34:9c:f6:0e:e1:89:4f:2a:e1:1a:f8:04:36:c7:02:
         ea:b5:82:92:e6:67:3b:00:dd:3d:17:87:38:d3:97:42:9d:5f:
         ee:ee:bf:9d:ef:74:24:80:a1:fa:63:51:2b:45:03:50:32:b3:
         e7:33:c8:7a:aa:5d:6f:e5:9e:46:19:54:9c:a3:0a:34:95:94:
         ed:a1:c8:60:73:b1:de:5f:2c:a4:5a:b9:53:49:87:59:96:e6:
         66:18:a5:e4:da:ff:fb:11:c3:49:6c:5c:6e:54:70:10:a0:fd:
         24:30:30:1c:2a:ff:08:b1:6f:09:f4:e2:5c:85:fa:4c:95:ca:
         e0:69:94:5d:5a:7d:10:70:fb:aa:41:f2:37:9b:c0:f0:5f:78:
         fa:fa:42:e7:3a:65:8b:ae:96:f9:eb:64:63:f8:82:6f:c3:d5:
         01:59:71:39:6b:8b:51:a5:0d:56:51:99:c5:32:7d:fb:b7:1d:
         91:27:e5:4f:cb:e4:09:47:d3:15:60:32:ca:69:df:a8:0e:8a:
         2c:7a:1a:f0:d4:ef:32:36:ec:75:8d:c9:05:d3:7a:86:dc:37:
         96:55:9f:50
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPr5uL8dvdWVOh/QigDV3VU3D1AQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmY0MjZmMTliYTY3YmM4OWRlNWFlNmRmNDg3YzFjOGMx
ZTc1MmUyNzAeFw0yNjAyMjYxNTQxMjlaFw0yNzAyMjUxNTQ2MjlaMDMxMTAvBgNV
BAMTKDkyM0Q4NTg5OENFQjVFRjMwRkNGNDc0Q0NBRTFGQ0M1NzI1QjYxODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDZ5vH9biZlco+mUar8vWOqPmb
/uBEcs9dLXJ5em8yPEt1aBwZ+qpDg4hsVnbTsb9OxcsK2miqblSKl3X59OWzonJs
N/KB2f6oJIscj2+259+KJyMQ8jUYZgj6U6vd4c3U2oQcRyX7ClusTb14AQ5EebeC
EC9FZnxUJpOOOBV21V3Xuc/k/yyABLBU8MIwzm/gmz7049KbTh1TaoMU9/+nA1uy
CbblNGipzidv2GttBatvR2Ou86A1GfpmOONlwgJbJeso4ZVddUCT+P9bJUCj12wG
ROApVIeS8Ih9rNdtdwLCAadmKAirmi+VPwJVtWkLaArTdWmPci8PAX6uH1Y9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkj2FiYzrXvMPz0dMyuH8xXJbYYgwHwYDVR0j
BBgwFoAU/0JvGbpnvIneWubfSHwcjB51LicwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUtYmE5My00NjVmLTliNmUtN2ZiZDYzYmRm
ZjYzLzAvRkY0MjZGMTlCQTY3QkM4OURFNUFFNkRGNDg3QzFDOEMxRTc1MkUyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL18wSnZHYnBudkluZVd1YmZTSHdjakI1
MUxpYy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUt
YmE5My00NjVmLTliNmUtN2ZiZDYzYmRmZjYzLzAvMzYzMjJlMzEzMjMyMmUzMTM4
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD56
vDANBgkqhkiG9w0BAQsFAAOCAQEAaGcIhspIDsJPwjtZt8RKao4NnDUar5lbJyB7
W6+DcRvn/hOJAOjONJz2DuGJTyrhGvgENscC6rWCkuZnOwDdPReHONOXQp1f7u6/
ne90JICh+mNRK0UDUDKz5zPIeqpdb+WeRhlUnKMKNJWU7aHIYHOx3l8spFq5U0mH
WZbmZhil5Nr/+xHDSWxcblRwEKD9JDAwHCr/CLFvCfTiXIX6TJXK4GmUXVp9EHD7
qkHyN5vA8F94+vpC5zpli66W+etkY/iCb8PVAVlxOWuLUaUNVlGZxTJ9+7cdkSfl
T8vkCUfTFWAyymnfqA6KLHoa8NTvMjbsdY3JBdN6htw3llWfUA==
-----END CERTIFICATE-----