Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/3knEtGaEOuvlHTO_XLwXlBV6Sn8.roa
File:                     3knEtGaEOuvlHTO_XLwXlBV6Sn8.roa (raw, json)
Hash identifier:          nLPzD4XBVbrHz76s9UO3pfWt0xjXXOXJNNBYrSDpcYM=
Subject key identifier:   DE:49:C4:B4:66:84:3A:EB:E5:1D:33:BF:5C:BC:17:94:15:7A:4A:7F
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E1C80AAFF379CB4607A2828A719673C7B
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/3knEtGaEOuvlHTO_XLwXlBV6Sn8.roa
Signing time:             Tue 12 May 2026 14:04:14 +0000
ROA not before:           Tue 12 May 2026 14:04:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212980
IP address blocks:        212.134.176.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:80:aa:ff:37:9c:b4:60:7a:28:28:a7:19:67:3c:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May 12 14:04:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de49c4b466843aebe51d33bf5cbc1794157a4a7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ce:b6:32:df:2d:9d:ff:59:9e:60:f8:e2:59:
                    06:67:7e:de:aa:f7:3a:b8:fc:f6:79:d8:10:98:85:
                    22:6d:97:fc:35:a8:37:f3:22:f7:57:7b:8f:3f:d4:
                    cf:83:cd:04:25:e0:23:f1:ca:67:e1:ba:d1:22:44:
                    cd:57:6e:ca:ef:bd:be:75:e1:96:d8:58:e0:dd:ad:
                    66:d8:91:d3:c1:d1:03:e2:bd:7f:32:1e:f1:9f:08:
                    0b:20:cc:c7:9d:42:5d:c5:fc:ba:23:64:2d:42:f9:
                    a2:ea:3f:52:16:c3:86:be:bb:77:bd:1f:8b:41:a5:
                    a7:b7:9e:8b:8f:ec:cb:71:26:d5:b2:3a:21:fe:bd:
                    13:12:95:62:6d:b0:f3:b4:e6:8c:d3:5e:22:c7:b1:
                    00:72:74:ee:7f:22:f2:8f:62:60:bf:82:0d:90:24:
                    d8:58:20:3c:2c:95:6a:e4:36:36:b0:87:78:36:bb:
                    e7:37:03:cd:dc:0a:7f:4b:b8:93:d4:d8:0c:3b:8a:
                    f9:8b:24:1e:d9:f8:14:bb:b7:e4:f9:8c:77:4c:a4:
                    cb:8c:09:1f:e7:ee:4c:ba:7f:3c:7d:2d:bd:c1:63:
                    ae:c2:fb:a5:ff:a3:1f:97:a2:37:6e:82:6e:df:96:
                    8c:ac:51:20:77:29:1d:3d:df:a9:61:fa:fb:de:3e:
                    a7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:49:C4:B4:66:84:3A:EB:E5:1D:33:BF:5C:BC:17:94:15:7A:4A:7F
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/3knEtGaEOuvlHTO_XLwXlBV6Sn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:cf:e9:63:6e:1f:2a:1e:97:35:a9:1f:2e:ac:42:b3:1a:39:
         e7:eb:b8:ec:7c:3f:55:3e:7b:4f:ac:cb:df:c3:56:67:92:d0:
         65:58:9f:3f:8f:bb:bd:66:8a:aa:cc:03:a8:e0:6b:fb:b3:bf:
         a2:1a:2a:55:e0:82:99:de:50:31:89:88:a3:b0:a3:ac:85:c9:
         2d:e2:77:6f:de:a3:42:4b:0b:c3:28:f6:9d:95:29:3f:3d:8b:
         85:1d:95:8d:28:94:d5:c8:66:6d:04:55:d0:8a:ac:2c:a0:e2:
         fb:b0:3a:83:d2:06:11:9c:68:00:38:fd:f9:b5:b9:c0:46:c2:
         3f:79:39:8e:32:b4:03:96:6f:4b:ea:b4:61:73:cb:2d:b2:2b:
         2b:c4:6b:1a:e5:f8:d9:99:bb:93:6f:a4:aa:94:6b:99:8e:c5:
         f2:9a:ea:1b:b2:17:49:52:46:7a:7e:fe:92:91:74:6c:c6:1a:
         21:b8:8d:79:6e:48:66:22:dc:ff:b9:45:58:7f:fb:af:f5:9c:
         5d:dd:85:f8:82:6f:3a:47:38:b9:12:3d:f5:fb:75:78:46:8c:
         89:31:1a:46:85:6e:e9:53:47:9e:52:73:c5:f0:5e:22:2f:bb:
         de:db:b0:9a:6c:f4:42:35:1a:05:ea:31:52:53:e5:31:3f:64:
         50:a4:d4:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4cgKr/N5y0YHooKKcZZzx7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTEyMTQwNDE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTQ5YzRiNDY2ODQzYWViZTUxZDMzYmY1Y2JjMTc5NDE1N2E0YTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAss62Mt8tnf9ZnmD44lkGZ37eqvc6
uPz2edgQmIUibZf8Nag38yL3V3uPP9TPg80EJeAj8cpn4brRIkTNV27K772+deGW
2Fjg3a1m2JHTwdED4r1/Mh7xnwgLIMzHnUJdxfy6I2QtQvmi6j9SFsOGvrt3vR+L
QaWnt56Lj+zLcSbVsjoh/r0TEpVibbDztOaM014ix7EAcnTufyLyj2Jgv4INkCTY
WCA8LJVq5DY2sId4NrvnNwPN3Ap/S7iT1NgMO4r5iyQe2fgUu7fk+Yx3TKTLjAkf
5+5Mun88fS29wWOuwvul/6Mfl6I3boJu35aMrFEgdykdPd+pYfr73j6nQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5JxLRmhDrr5R0zv1y8F5QVekp/MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvM2tuRXRHYUVPdXZsSFRPX1hMd1hsQlY2U244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1IawMA0G
CSqGSIb3DQEBCwUAA4IBAQChz+ljbh8qHpc1qR8urEKzGjnn67jsfD9VPntPrMvf
w1ZnktBlWJ8/j7u9ZoqqzAOo4Gv7s7+iGipV4IKZ3lAxiYijsKOshckt4ndv3qNC
SwvDKPadlSk/PYuFHZWNKJTVyGZtBFXQiqwsoOL7sDqD0gYRnGgAOP35tbnARsI/
eTmOMrQDlm9L6rRhc8stsisrxGsa5fjZmbuTb6SqlGuZjsXymuobshdJUkZ6fv6S
kXRsxhohuI15bkhmItz/uUVYf/uv9Zxd3YX4gm86Rzi5Ej31+3V4RoyJMRpGhW7p
U0eeUnPF8F4iL7ve27CabPRCNRoF6jFSU+UxP2RQpNSZ
-----END CERTIFICATE-----