Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Cb7u_JmB6yiwG89-XJSiZaWzn3Q.roa
File:                     Cb7u_JmB6yiwG89-XJSiZaWzn3Q.roa (raw, json)
Hash identifier:          HsF3r4b7z9CIg+LatxeUsYf1mhIBwFeu3X5VXGWjmzI=
Subject key identifier:   09:BE:EE:FC:99:81:EB:28:B0:1B:CF:7E:5C:94:A2:65:A5:B3:9F:74
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DF1874E64A9B2E7E255FDE39A46EE8BC5
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Cb7u_JmB6yiwG89-XJSiZaWzn3Q.roa
Signing time:             Mon 04 May 2026 05:47:49 +0000
ROA not before:           Mon 04 May 2026 05:47:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32418
IP address blocks:        212.134.98.0/24 maxlen: 24
                          212.135.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f1:87:4e:64:a9:b2:e7:e2:55:fd:e3:9a:46:ee:8b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May  4 05:47:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09beeefc9981eb28b01bcf7e5c94a265a5b39f74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a7:1c:cf:e4:dc:ab:0c:ee:92:f3:1f:b7:f6:
                    bd:a8:8b:f1:45:76:09:62:bc:c8:34:bb:ce:57:4d:
                    0b:4c:2c:db:6e:94:69:8c:2c:6b:44:0a:ed:a8:e8:
                    20:36:c3:e9:4c:c5:d6:ed:dd:6d:f8:f0:f4:80:77:
                    8c:ab:af:11:9b:a7:92:91:35:63:ef:11:f6:72:c8:
                    a2:11:87:01:58:21:45:86:47:bd:b9:c6:37:18:e3:
                    6d:57:0c:82:18:ca:1f:1e:bb:56:14:8f:2e:0b:b2:
                    35:a4:8e:cf:bc:77:83:49:4b:75:3a:ab:cb:d9:7b:
                    1b:60:36:ef:46:cf:8c:ec:ad:7b:0c:7c:74:35:d2:
                    f6:6f:8f:75:b6:a5:81:f8:1d:d5:aa:cf:1e:a2:c8:
                    8b:74:53:45:dd:f2:79:56:38:d6:e1:38:2e:f7:2b:
                    f8:d4:d5:7e:1f:7d:9e:a7:88:4b:15:55:58:6f:50:
                    68:b4:af:61:a6:0c:99:56:59:24:04:1e:7e:5b:67:
                    0c:6c:cc:23:12:e4:88:55:54:0d:ad:a4:30:0a:74:
                    3e:37:ee:8f:a7:45:a4:b8:90:d3:a2:06:30:9c:1f:
                    28:d3:29:2a:8d:df:39:11:61:61:f4:cc:78:76:af:
                    be:88:6c:6c:8f:9a:97:31:69:75:17:0b:2f:7f:99:
                    06:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:BE:EE:FC:99:81:EB:28:B0:1B:CF:7E:5C:94:A2:65:A5:B3:9F:74
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Cb7u_JmB6yiwG89-XJSiZaWzn3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.98.0/24
                  212.135.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:db:ed:57:4e:58:be:ae:04:91:08:1c:90:22:5a:5f:bd:b5:
         ef:28:26:06:12:41:b1:2c:c9:e3:e9:fd:36:93:9a:68:37:97:
         24:7d:a9:34:f6:42:6e:3c:6b:03:ed:7b:09:2f:35:b3:ea:96:
         b8:3d:63:8d:9b:04:69:fa:e6:67:07:83:6b:6d:89:58:c0:87:
         d0:09:38:8f:bb:a7:ea:43:a2:c3:47:29:b5:52:04:ac:8d:94:
         a0:5d:48:e3:b1:e5:2b:c0:80:0a:85:9c:e3:15:3c:15:e6:a2:
         f6:d7:3a:0f:7c:bc:97:ab:c9:b7:fe:81:7e:f3:19:35:f5:34:
         36:a6:01:68:13:a9:1a:03:08:30:8e:96:83:14:4e:5e:38:38:
         af:31:27:bf:d4:9f:19:cf:53:25:45:c8:ff:56:56:fb:2a:15:
         b8:35:8a:4d:a0:39:07:c6:97:b5:d1:8c:aa:7c:c8:0b:f9:00:
         77:eb:ac:af:da:c1:58:54:cb:00:69:e0:c6:fa:16:61:66:00:
         c5:51:7e:87:da:87:03:0f:73:2a:e3:15:36:0b:19:8f:5d:9e:
         4f:93:ca:69:bf:61:e9:b8:bd:d8:90:37:9c:72:7f:02:ec:37:
         e5:76:93:0a:c9:4d:59:0d:0c:f5:6c:f3:6b:ea:7c:3d:56:41:
         46:f2:68:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3xh05kqbLn4lX945pG7ovFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTA0MDU0NzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWJlZWVmYzk5ODFlYjI4YjAxYmNmN2U1Yzk0YTI2NWE1YjM5Zjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6ccz+TcqwzukvMft/a9qIvxRXYJ
YrzINLvOV00LTCzbbpRpjCxrRArtqOggNsPpTMXW7d1t+PD0gHeMq68Rm6eSkTVj
7xH2csiiEYcBWCFFhke9ucY3GONtVwyCGMofHrtWFI8uC7I1pI7PvHeDSUt1OqvL
2XsbYDbvRs+M7K17DHx0NdL2b491tqWB+B3Vqs8eosiLdFNF3fJ5VjjW4Tgu9yv4
1NV+H32ep4hLFVVYb1BotK9hpgyZVlkkBB5+W2cMbMwjEuSIVVQNraQwCnQ+N+6P
p0WkuJDTogYwnB8o0ykqjd85EWFh9Mx4dq++iGxsj5qXMWl1Fwsvf5kGXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAm+7vyZgesosBvPflyUomWls590MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvQ2I3dV9KbUI2eWl3Rzg5LVhKU2laYVd6bjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IZiAwQA
1If7MA0GCSqGSIb3DQEBCwUAA4IBAQCg2+1XTli+rgSRCByQIlpfvbXvKCYGEkGx
LMnj6f02k5poN5ckfak09kJuPGsD7XsJLzWz6pa4PWONmwRp+uZnB4NrbYlYwIfQ
CTiPu6fqQ6LDRym1UgSsjZSgXUjjseUrwIAKhZzjFTwV5qL21zoPfLyXq8m3/oF+
8xk19TQ2pgFoE6kaAwgwjpaDFE5eODivMSe/1J8Zz1MlRcj/Vlb7KhW4NYpNoDkH
xpe10YyqfMgL+QB366yv2sFYVMsAaeDG+hZhZgDFUX6H2ocDD3Mq4xU2CxmPXZ5P
k8ppv2HpuL3YkDeccn8C7DfldpMKyU1ZDQz1bPNr6nw9VkFG8mgZ
-----END CERTIFICATE-----