Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/RM00pEOnjdUoQZ1uOORIvICjLRc.roa
File:                     RM00pEOnjdUoQZ1uOORIvICjLRc.roa (raw, json)
Hash identifier:          1q7noK5WwG38lLIIHMiI0dpQ1QOgidIvosSPHpVKMS8=
Subject key identifier:   44:CD:34:A4:43:A7:8D:D5:28:41:9D:6E:38:E4:48:BC:80:A3:2D:17
Certificate issuer:       /CN=ec9c685cf6671cc656f92e764557a38378f2827c
Certificate serial:       019DDCEA32F5D2569D81F8D75914C6DD3605
Authority key identifier: EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/RM00pEOnjdUoQZ1uOORIvICjLRc.roa
Signing time:             Thu 30 Apr 2026 05:43:49 +0000
ROA not before:           Thu 30 Apr 2026 05:43:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        212.114.40.0/24 maxlen: 24
                          212.114.45.0/24 maxlen: 24
                          212.114.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:dc:ea:32:f5:d2:56:9d:81:f8:d7:59:14:c6:dd:36:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9c685cf6671cc656f92e764557a38378f2827c
        Validity
            Not Before: Apr 30 05:43:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44cd34a443a78dd528419d6e38e448bc80a32d17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:f2:62:ec:70:5c:96:68:60:e5:d3:04:12:e5:
                    a5:9c:c5:e3:40:34:99:1c:91:02:29:1d:0c:0e:96:
                    80:47:a5:0b:da:6a:f7:6c:87:68:84:64:25:43:cb:
                    7f:09:de:07:89:f6:fe:15:6b:54:fa:0c:19:07:4a:
                    2a:0d:0b:f6:98:a7:62:ac:ef:b1:64:86:c9:5c:3c:
                    2c:fa:c2:d1:17:98:45:5d:4a:eb:3d:6f:f8:78:11:
                    6b:f7:e3:47:7a:b7:65:72:4f:6b:3a:af:bd:27:e7:
                    91:c5:4a:82:a1:2a:84:96:cc:75:5c:e0:9e:4b:c0:
                    2e:5c:dc:28:f0:a8:b6:28:41:b3:4e:e6:47:9e:33:
                    2f:06:4d:aa:0c:97:83:c8:10:bf:df:4a:bd:87:9e:
                    24:07:14:19:92:7a:92:e4:e2:19:cc:71:34:e1:a2:
                    60:30:3e:e5:db:07:b3:cf:ba:25:d3:5a:2b:03:e8:
                    11:9f:a0:5d:dd:d8:de:1d:f0:99:5e:87:78:08:a0:
                    70:95:b5:d0:68:8f:42:ce:62:c0:8f:fe:fb:5e:20:
                    94:0c:db:6b:dc:27:d2:53:73:b5:f5:51:1a:33:92:
                    46:d6:fd:91:79:a8:1d:b2:46:2c:01:c2:dd:a8:27:
                    36:cf:e1:52:46:11:16:ff:ea:b8:f3:c6:81:16:07:
                    64:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:CD:34:A4:43:A7:8D:D5:28:41:9D:6E:38:E4:48:BC:80:A3:2D:17
            X509v3 Authority Key Identifier:
                keyid:EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/RM00pEOnjdUoQZ1uOORIvICjLRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.40.0/24
                  212.114.45.0-212.114.46.255

    Signature Algorithm: sha256WithRSAEncryption
         7c:c5:e0:fe:0e:08:7e:6c:82:43:83:1c:ff:9d:71:05:ed:b3:
         cb:6a:a6:98:ce:9e:0b:d7:2a:67:cb:4e:38:6c:a9:13:4d:16:
         eb:9a:35:56:5a:83:da:14:3c:3d:4d:43:e9:50:7a:6f:df:4d:
         9e:3a:1a:52:23:3a:d2:b1:6a:64:70:49:1a:90:52:39:b7:17:
         34:7f:d6:af:7e:6c:c6:7f:d7:38:ee:49:19:82:92:fd:44:5c:
         d0:61:44:6f:c2:df:52:a4:24:40:eb:e0:7e:c7:bd:e6:e8:8c:
         8a:26:e8:83:b7:de:a0:48:1e:31:e6:b4:96:43:65:1a:ab:89:
         da:66:1b:ad:26:2a:a7:ff:45:75:16:95:5c:29:97:f2:be:fa:
         c7:99:67:99:a5:c6:85:74:bd:a0:ef:dc:bf:98:f2:29:c2:92:
         ad:a8:ed:09:29:21:02:fa:7f:96:36:93:64:de:60:1d:dc:14:
         2c:db:67:6c:c7:88:22:8f:c2:e4:2d:c9:e4:dc:9e:5b:f3:80:
         b7:91:69:35:c7:df:de:75:75:03:f6:a8:90:e7:e3:8f:e9:02:
         ab:39:f6:f1:a0:32:92:be:77:c9:e2:65:80:91:aa:59:af:a1:
         38:04:bc:0e:92:2d:3b:30:54:02:ae:c1:6e:42:ad:1c:a6:89:
         9f:8e:b2:1d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ3c6jL10ladgfjXWRTG3TYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWM2ODVjZjY2NzFjYzY1NmY5MmU3NjQ1NTdhMzgzNzhm
MjgyN2MwHhcNMjYwNDMwMDU0MzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGNkMzRhNDQzYTc4ZGQ1Mjg0MTlkNmUzOGU0NDhiYzgwYTMyZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7fJi7HBclmhg5dMEEuWlnMXjQDSZ
HJECKR0MDpaAR6UL2mr3bIdohGQlQ8t/Cd4Hifb+FWtU+gwZB0oqDQv2mKdirO+x
ZIbJXDws+sLRF5hFXUrrPW/4eBFr9+NHerdlck9rOq+9J+eRxUqCoSqElsx1XOCe
S8AuXNwo8Ki2KEGzTuZHnjMvBk2qDJeDyBC/30q9h54kBxQZknqS5OIZzHE04aJg
MD7l2wezz7ol01orA+gRn6Bd3djeHfCZXod4CKBwlbXQaI9CzmLAj/77XiCUDNtr
3CfSU3O19VEaM5JG1v2ReagdskYsAcLdqCc2z+FSRhEW/+q488aBFgdk2QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFETNNKRDp43VKEGdbjjkSLyAoy0XMB8GA1UdIwQY
MBaAFOycaFz2ZxzGVvkudkVXo4N48oJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUt
YmFiNDhkYWI0Y2Q2LzEvUk0wMHBFT25qZFVvUVoxdU9PUkl2SUNqTFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUtYmFiNDhkYWI0Y2Q2
LzEvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQA1HIoMAwD
BADUci0DBADUci4wDQYJKoZIhvcNAQELBQADggEBAHzF4P4OCH5sgkODHP+dcQXt
s8tqppjOngvXKmfLTjhsqRNNFuuaNVZag9oUPD1NQ+lQem/fTZ46GlIjOtKxamRw
SRqQUjm3FzR/1q9+bMZ/1zjuSRmCkv1EXNBhRG/C31KkJEDr4H7HvebojIom6IO3
3qBIHjHmtJZDZRqridpmG60mKqf/RXUWlVwpl/K++seZZ5mlxoV0vaDv3L+Y8inC
kq2o7QkpIQL6f5Y2k2TeYB3cFCzbZ2zHiCKPwuQtyeTcnlvzgLeRaTXH3951dQP2
qJDn44/pAqs59vGgMpK+d8niZYCRqlmvoTgEvA6SLTswVAKuwW5CrRymiZ+Osh0=
-----END CERTIFICATE-----