Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/5-mJcpQJ6lmmdHeFa5pSIkIsaxk.roa
File:                     5-mJcpQJ6lmmdHeFa5pSIkIsaxk.roa (raw, json)
Hash identifier:          ATcNSWb6qXMBmwiZUWFjJYDmGfWgxLZz9XaOV4+FkUA=
Subject key identifier:   E7:E9:89:72:94:09:EA:59:A6:74:77:85:6B:9A:52:22:42:2C:6B:19
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D28A33BF705CBACE47FA5F52EFEA7E506
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/5-mJcpQJ6lmmdHeFa5pSIkIsaxk.roa
Signing time:             Thu 26 Mar 2026 05:34:39 +0000
ROA not before:           Thu 26 Mar 2026 05:34:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        212.134.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 11:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:28:a3:3b:f7:05:cb:ac:e4:7f:a5:f5:2e:fe:a7:e5:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 26 05:34:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e7e989729409ea59a67477856b9a5222422c6b19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4e:a5:e9:94:7e:f5:24:76:2f:74:d8:80:9a:
                    29:9a:4b:3e:cf:64:f0:d3:16:bb:c7:39:4c:95:92:
                    18:f9:54:3e:3d:2f:ad:80:fc:77:54:f7:c3:8b:f0:
                    7b:cf:15:f1:76:49:63:45:85:af:53:eb:67:44:4c:
                    47:2f:7c:2f:0b:f4:c2:c8:96:f1:f6:df:1c:1b:bc:
                    35:dd:7f:c2:ed:6d:76:e9:5c:84:48:61:67:25:12:
                    1c:2e:45:c1:c8:b2:bd:e4:bd:ab:85:eb:ac:36:44:
                    13:16:44:5c:00:9c:d1:6f:cc:85:0f:c1:48:9c:01:
                    b2:44:bd:c8:57:9a:ec:92:02:07:9f:2c:f7:fe:f2:
                    f6:ef:79:90:a4:95:37:bf:75:ec:02:45:c8:b1:db:
                    fd:07:1f:e3:6e:ae:9e:85:10:35:1d:a4:8a:9b:e5:
                    15:e7:c5:f0:9e:52:d9:51:7f:c0:f2:a9:aa:f0:1c:
                    88:4b:34:70:79:72:df:50:92:5e:be:77:e8:c8:f4:
                    e6:f5:45:49:ed:4d:c0:0d:51:9d:10:3d:2d:9a:7b:
                    bf:e7:65:df:c5:0b:9d:bd:73:0a:ac:0f:3c:09:3e:
                    bd:54:6b:91:c2:f2:8d:24:b5:de:6a:a2:da:dc:44:
                    8a:b3:b0:0d:ca:83:fe:b8:b2:6d:ac:3b:cb:29:26:
                    54:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E9:89:72:94:09:EA:59:A6:74:77:85:6B:9A:52:22:42:2C:6B:19
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/5-mJcpQJ6lmmdHeFa5pSIkIsaxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:83:c8:5b:27:d4:c1:b1:85:c2:44:ca:c8:57:2b:ca:9c:24:
         95:e1:88:26:bb:24:00:06:07:9c:f8:2c:e0:bb:24:ed:6b:6a:
         18:49:52:91:68:84:dd:15:05:d1:71:d6:97:01:25:87:f4:11:
         5c:bf:46:b7:d1:1e:ad:b2:c3:5b:a5:7a:1a:df:dd:16:42:9c:
         94:4d:55:26:86:10:6a:6a:cc:2d:7e:64:31:c7:03:86:3e:7e:
         5a:c4:ab:4f:3f:f8:4e:e6:c6:1a:ba:9d:e7:56:3a:fe:26:79:
         4a:18:c3:bc:7c:74:e1:0e:16:58:05:e3:b5:13:55:50:89:c5:
         19:1e:7b:8a:74:a0:66:73:ac:38:2b:7b:5a:01:42:19:8f:aa:
         39:0d:e5:b2:4f:5b:54:ef:a2:3e:7c:b6:2d:70:68:ec:66:d1:
         b4:d6:8a:a4:0c:0d:54:2a:93:ba:d5:a2:86:c2:b6:5d:c7:0f:
         ba:76:e7:78:17:71:0e:16:8e:7f:f5:f0:6f:23:e8:17:85:6e:
         15:74:8d:de:ed:86:c4:bc:61:77:46:62:fd:b7:50:36:b6:da:
         0d:d6:e4:02:3c:29:20:d5:a9:91:23:80:ab:7f:66:83:f2:89:
         0c:76:ce:f9:19:d8:91:a1:9f:08:49:25:56:b1:6e:14:1b:2e:
         b6:6a:a1:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0oozv3Bcus5H+l9S7+p+UGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzI2MDUzNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2U5ODk3Mjk0MDllYTU5YTY3NDc3ODU2YjlhNTIyMjQyMmM2YjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnk6l6ZR+9SR2L3TYgJopmks+z2Tw
0xa7xzlMlZIY+VQ+PS+tgPx3VPfDi/B7zxXxdkljRYWvU+tnRExHL3wvC/TCyJbx
9t8cG7w13X/C7W126VyESGFnJRIcLkXByLK95L2rheusNkQTFkRcAJzRb8yFD8FI
nAGyRL3IV5rskgIHnyz3/vL273mQpJU3v3XsAkXIsdv9Bx/jbq6ehRA1HaSKm+UV
58XwnlLZUX/A8qmq8ByISzRweXLfUJJevnfoyPTm9UVJ7U3ADVGdED0tmnu/52Xf
xQudvXMKrA88CT69VGuRwvKNJLXeaqLa3ESKs7ANyoP+uLJtrDvLKSZUuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfpiXKUCepZpnR3hWuaUiJCLGsZMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvNS1tSmNwUUo2bG1tZEhlRmE1cFNJa0lzYXhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IaEMA0G
CSqGSIb3DQEBCwUAA4IBAQAcg8hbJ9TBsYXCRMrIVyvKnCSV4YgmuyQABgec+Czg
uyTta2oYSVKRaITdFQXRcdaXASWH9BFcv0a30R6tssNbpXoa390WQpyUTVUmhhBq
aswtfmQxxwOGPn5axKtPP/hO5sYaup3nVjr+JnlKGMO8fHThDhZYBeO1E1VQicUZ
HnuKdKBmc6w4K3taAUIZj6o5DeWyT1tU76I+fLYtcGjsZtG01oqkDA1UKpO61aKG
wrZdxw+6dud4F3EOFo5/9fBvI+gXhW4VdI3e7YbEvGF3RmL9t1A2ttoN1uQCPCkg
1amRI4Crf2aD8okMds75GdiRoZ8ISSVWsW4UGy62aqE4
-----END CERTIFICATE-----