Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/8QklfYuJGxTG9qGkj9CHemZ_vXw.roa
File:                     8QklfYuJGxTG9qGkj9CHemZ_vXw.roa (raw, json)
Hash identifier:          53aFXol2yfZRja56m7vKELw8N6W8tcKzRsgdO1lbbgk=
Subject key identifier:   F1:09:25:7D:8B:89:1B:14:C6:F6:A1:A4:8F:D0:87:7A:66:7F:BD:7C
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DF1874E965EC49C54AD90C364015046E8
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/8QklfYuJGxTG9qGkj9CHemZ_vXw.roa
Signing time:             Mon 04 May 2026 05:47:49 +0000
ROA not before:           Mon 04 May 2026 05:47:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402298
IP address blocks:        212.135.29.0/24 maxlen: 24
                          212.135.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f1:87:4e:96:5e:c4:9c:54:ad:90:c3:64:01:50:46:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May  4 05:47:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f109257d8b891b14c6f6a1a48fd0877a667fbd7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ad:f7:53:73:91:3f:5c:a5:cd:f4:ea:d3:3c:
                    ea:b5:e3:cf:9e:fc:7d:80:e2:cb:0d:a3:e3:e3:f7:
                    10:1b:60:ee:81:d1:84:f6:01:f7:b5:6e:6c:e3:24:
                    75:83:7f:f4:d3:26:cb:32:77:c7:6c:c6:e3:33:29:
                    d1:d7:59:a2:bd:cc:aa:9b:8a:13:33:a2:27:05:55:
                    08:74:4b:8a:9f:f2:db:bb:d0:45:aa:9e:91:cd:72:
                    62:84:07:fd:c4:81:e7:6e:07:2d:e0:c0:39:77:1a:
                    49:40:72:45:93:0f:2e:5e:4e:3d:a4:c9:11:00:c2:
                    cf:f0:dd:d7:ba:cf:d1:81:d6:6e:eb:1d:d5:4e:6d:
                    a8:5d:bc:c9:f4:0c:c0:cd:e1:f1:0c:6e:18:93:01:
                    cb:2b:36:9d:81:40:97:65:43:99:18:e9:aa:56:08:
                    52:9a:42:e4:bd:9d:cd:81:17:22:76:45:2a:7e:77:
                    75:d6:e8:cc:f4:3a:83:a6:df:3b:c6:00:dc:b0:37:
                    c2:99:81:07:c8:0f:93:11:e4:53:c1:8c:48:9c:a4:
                    56:65:7c:d7:63:bc:02:2b:8c:38:ed:c5:46:d7:44:
                    f9:0b:a5:12:e2:89:bd:b2:06:3f:de:26:63:f4:fb:
                    2c:e4:87:71:87:11:10:73:c1:8e:b6:14:ef:2b:1b:
                    c9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:09:25:7D:8B:89:1B:14:C6:F6:A1:A4:8F:D0:87:7A:66:7F:BD:7C
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/8QklfYuJGxTG9qGkj9CHemZ_vXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.29.0/24
                  212.135.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:08:18:53:80:27:c5:b9:6a:c9:ec:5d:e9:47:11:4e:96:a2:
         35:22:72:ae:77:e6:74:f8:f5:d5:e0:3c:1b:19:f0:a0:b8:12:
         b7:5f:fb:4b:e7:2e:7f:3b:e6:b7:b2:34:19:e1:79:3f:e8:d8:
         06:1d:84:7f:28:9f:a3:ff:40:f7:b3:74:33:e1:c1:be:7f:cd:
         11:3a:1e:e7:32:6d:6f:55:dd:a2:f1:d8:e7:27:2e:68:86:39:
         8e:07:c7:ee:88:9d:74:4b:84:31:f7:98:6c:86:67:be:56:49:
         de:c2:04:66:59:89:5e:d0:3e:e1:dd:9b:80:aa:ea:f8:65:a0:
         ab:77:d7:56:a0:7b:b9:99:5e:75:a8:c1:a0:9e:d7:b5:8c:8f:
         1b:8f:8e:bd:67:48:5e:7e:ea:58:c6:32:50:82:e7:7f:63:cc:
         fa:5b:08:d4:c1:10:e2:1a:ca:c7:8f:86:9c:80:91:3f:16:c8:
         b1:83:02:4d:22:3b:21:4e:8b:35:14:43:5a:f4:9b:64:b1:12:
         a7:b6:56:ee:19:4e:52:b6:2a:69:6a:e5:5d:c3:4e:ac:ff:09:
         b2:5b:eb:2c:93:dc:fd:d2:9a:3e:9e:58:28:fc:c6:a1:38:e9:
         ef:23:49:49:93:53:98:9e:d9:0e:ef:ce:0b:f3:3f:59:f2:88:
         0b:8f:c2:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3xh06WXsScVK2Qw2QBUEboMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTA0MDU0NzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTA5MjU3ZDhiODkxYjE0YzZmNmExYTQ4ZmQwODc3YTY2N2ZiZDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzq33U3ORP1ylzfTq0zzqtePPnvx9
gOLLDaPj4/cQG2DugdGE9gH3tW5s4yR1g3/00ybLMnfHbMbjMynR11mivcyqm4oT
M6InBVUIdEuKn/Lbu9BFqp6RzXJihAf9xIHnbgct4MA5dxpJQHJFkw8uXk49pMkR
AMLP8N3Xus/RgdZu6x3VTm2oXbzJ9AzAzeHxDG4YkwHLKzadgUCXZUOZGOmqVghS
mkLkvZ3NgRcidkUqfnd11ujM9DqDpt87xgDcsDfCmYEHyA+TEeRTwYxInKRWZXzX
Y7wCK4w47cVG10T5C6US4om9sgY/3iZj9Pss5IdxhxEQc8GOthTvKxvJRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPEJJX2LiRsUxvahpI/Qh3pmf718MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvOFFrbGZZdUpHeFRHOXFHa2o5Q0hlbVpfdlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IcdAwQA
1IeBMA0GCSqGSIb3DQEBCwUAA4IBAQCzCBhTgCfFuWrJ7F3pRxFOlqI1InKud+Z0
+PXV4DwbGfCguBK3X/tL5y5/O+a3sjQZ4Xk/6NgGHYR/KJ+j/0D3s3Qz4cG+f80R
Oh7nMm1vVd2i8djnJy5ohjmOB8fuiJ10S4Qx95hshme+VknewgRmWYle0D7h3ZuA
qur4ZaCrd9dWoHu5mV51qMGgnte1jI8bj469Z0hefupYxjJQgud/Y8z6WwjUwRDi
GsrHj4acgJE/FsixgwJNIjshTos1FENa9JtksRKntlbuGU5StippauVdw06s/wmy
W+ssk9z90po+nlgo/MahOOnvI0lJk1OYntkO784L8z9Z8ogLj8Ix
-----END CERTIFICATE-----