Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/GlBRoGYcLUET7QpZS1FYsye-Tdc.roa
File:                     GlBRoGYcLUET7QpZS1FYsye-Tdc.roa (raw, json)
Hash identifier:          HUDyXu3DL3EnQlpvbkttoI5YFWWeSK2HDyDAJUx7NJo=
Subject key identifier:   1A:50:51:A0:66:1C:2D:41:13:ED:0A:59:4B:51:58:B3:27:BE:4D:D7
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D1FA1EDA54785CAE16FC96E81CDD4B454
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/GlBRoGYcLUET7QpZS1FYsye-Tdc.roa
Signing time:             Tue 24 Mar 2026 11:36:39 +0000
ROA not before:           Tue 24 Mar 2026 11:36:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402187
IP address blocks:        212.134.133.0/24 maxlen: 24
                          212.134.251.0/24 maxlen: 24
                          212.134.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:a1:ed:a5:47:85:ca:e1:6f:c9:6e:81:cd:d4:b4:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 24 11:36:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a5051a0661c2d4113ed0a594b5158b327be4dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0d:b1:cf:4e:1c:b0:37:6b:3d:51:4b:fc:b6:
                    a9:4c:97:ce:1c:eb:2e:fd:39:18:7c:ea:1c:22:cc:
                    4f:47:0b:ad:be:df:4f:46:68:af:ff:bd:2b:f4:19:
                    10:fa:6d:3b:53:ce:8b:a3:e1:47:95:2e:56:ba:1a:
                    49:14:c1:13:6a:1f:77:17:7d:c6:dc:1a:14:58:69:
                    41:45:39:c3:90:c2:82:0c:86:93:20:ae:10:71:0f:
                    9c:5d:b2:29:45:b4:07:9b:55:59:06:dc:57:af:a1:
                    42:32:2a:58:d3:8b:5b:af:57:18:da:c6:4c:3a:25:
                    54:ab:2a:88:99:ce:06:fd:aa:25:31:36:cf:cd:7f:
                    b9:90:2d:75:02:68:cb:f9:b0:b2:49:f0:94:3c:00:
                    e4:e8:ff:84:77:23:9c:dd:bb:40:a3:e7:c2:83:59:
                    ee:93:96:a2:f2:15:0a:7c:1c:bb:4a:02:d3:58:2f:
                    b8:60:af:3f:bd:04:c9:d9:8c:4f:1d:4f:7e:e0:ab:
                    aa:5a:53:2c:58:cb:0a:80:31:f0:f5:a2:f0:78:9e:
                    26:48:25:72:f9:37:50:69:a5:5d:8b:62:ff:7c:87:
                    b3:31:41:5b:22:c3:ea:ea:88:b8:22:a2:59:80:53:
                    b2:8a:c9:a8:45:29:8e:b9:20:c8:80:99:46:0d:c8:
                    0b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:50:51:A0:66:1C:2D:41:13:ED:0A:59:4B:51:58:B3:27:BE:4D:D7
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/GlBRoGYcLUET7QpZS1FYsye-Tdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.133.0/24
                  212.134.251.0/24
                  212.134.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:d4:c2:2f:ad:97:f0:d9:8b:5b:31:f2:bb:39:a1:c4:3b:b2:
         63:da:eb:69:cb:1b:6f:da:23:c8:51:87:26:01:98:cd:10:a1:
         ae:04:78:eb:09:24:2e:83:7b:f3:db:b6:c4:fb:7c:b5:52:7c:
         9d:37:66:30:c7:e5:a4:d9:80:09:e7:f9:8c:36:22:1d:17:aa:
         e5:8b:cf:d8:be:61:15:f0:eb:dd:40:bc:c6:1d:2d:1f:58:c8:
         88:d7:89:02:50:75:35:6b:a2:d5:a8:0c:e4:f3:54:a4:f7:47:
         56:bf:b0:16:bf:ee:87:9f:fd:46:f5:84:11:09:17:cd:f0:d0:
         2f:44:ef:66:64:53:2c:a8:82:a0:32:36:1a:fb:ff:3c:7d:4a:
         70:2b:b7:ad:d7:d3:79:c4:ed:c6:18:9c:4b:02:6c:27:2a:f5:
         f3:c2:fd:bb:18:a1:00:aa:e1:94:a3:7e:69:eb:a5:e9:04:68:
         29:72:17:66:da:f9:c1:29:b8:65:3d:81:8e:ce:65:72:69:3c:
         f0:bd:84:d9:62:e8:fd:c2:8f:46:5e:ef:bb:f7:7e:5c:c3:eb:
         9c:9f:ff:d0:92:aa:3e:10:c1:de:76:7c:94:e4:62:6e:8f:86:
         7d:4d:6b:66:55:1a:30:9f:f6:f6:42:d3:ad:5b:c9:2b:ec:3f:
         e9:1b:ef:82
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0foe2lR4XK4W/JboHN1LRUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzI0MTEzNjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTUwNTFhMDY2MWMyZDQxMTNlZDBhNTk0YjUxNThiMzI3YmU0ZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Q2xz04csDdrPVFL/LapTJfOHOsu
/TkYfOocIsxPRwutvt9PRmiv/70r9BkQ+m07U86Lo+FHlS5WuhpJFMETah93F33G
3BoUWGlBRTnDkMKCDIaTIK4QcQ+cXbIpRbQHm1VZBtxXr6FCMipY04tbr1cY2sZM
OiVUqyqImc4G/aolMTbPzX+5kC11AmjL+bCySfCUPADk6P+EdyOc3btAo+fCg1nu
k5ai8hUKfBy7SgLTWC+4YK8/vQTJ2YxPHU9+4KuqWlMsWMsKgDHw9aLweJ4mSCVy
+TdQaaVdi2L/fIezMUFbIsPq6oi4IqJZgFOyismoRSmOuSDIgJlGDcgLFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBpQUaBmHC1BE+0KWUtRWLMnvk3XMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvR2xCUm9HWWNMVUVUN1FwWlMxRllzeWUtVGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1IaFAwQA
1Ib7AwQA1Ib/MA0GCSqGSIb3DQEBCwUAA4IBAQAP1MIvrZfw2YtbMfK7OaHEO7Jj
2utpyxtv2iPIUYcmAZjNEKGuBHjrCSQug3vz27bE+3y1UnydN2Ywx+Wk2YAJ5/mM
NiIdF6rli8/YvmEV8OvdQLzGHS0fWMiI14kCUHU1a6LVqAzk81Sk90dWv7AWv+6H
n/1G9YQRCRfN8NAvRO9mZFMsqIKgMjYa+/88fUpwK7et19N5xO3GGJxLAmwnKvXz
wv27GKEAquGUo35p66XpBGgpchdm2vnBKbhlPYGOzmVyaTzwvYTZYuj9wo9GXu+7
935cw+ucn//Qkqo+EMHednyU5GJuj4Z9TWtmVRown/b2QtOtW8kr7D/pG++C
-----END CERTIFICATE-----