Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/JBbocZjJci0P9q1u6qmeQTGpifk.roa
File:                     JBbocZjJci0P9q1u6qmeQTGpifk.roa (raw, json)
Hash identifier:          X+pybPCBId1f9E9k+TgAIly3s4q/1nurgPfoR2FyFQo=
Subject key identifier:   24:16:E8:71:98:C9:72:2D:0F:F6:AD:6E:EA:A9:9E:41:31:A9:89:F9
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019CC1FBC044C12D6ADCB92E05BDF6C1A6EA
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/JBbocZjJci0P9q1u6qmeQTGpifk.roa
Signing time:             Fri 06 Mar 2026 07:10:27 +0000
ROA not before:           Fri 06 Mar 2026 07:10:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152868
IP address blocks:        212.134.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c1:fb:c0:44:c1:2d:6a:dc:b9:2e:05:bd:f6:c1:a6:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar  6 07:10:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2416e87198c9722d0ff6ad6eeaa99e4131a989f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2b:12:2e:6c:c8:7e:e8:dd:bc:79:05:ac:d1:
                    de:9b:57:2e:9f:98:7a:cc:7e:f9:5b:4b:d3:04:22:
                    8c:3d:4c:63:73:94:70:2b:4b:85:0b:bd:b2:a4:2a:
                    9c:94:77:32:ea:6e:99:75:28:18:bb:7a:06:74:91:
                    c5:8e:43:d5:3c:40:d1:1a:cd:21:cd:33:72:88:af:
                    66:b5:95:61:96:e4:14:55:9c:94:e9:4e:16:84:87:
                    6a:07:e5:34:2f:64:47:09:f1:30:59:71:87:68:c5:
                    be:73:91:e3:3a:2c:bd:5e:03:95:cd:a6:21:cb:44:
                    e9:00:45:82:5f:1e:e8:2e:c7:64:11:af:3a:81:6d:
                    3d:de:6d:f3:d0:15:cb:2d:82:e2:4d:fb:1a:66:c1:
                    42:c6:c1:9c:3a:22:a7:e8:c7:91:65:ba:9d:a5:50:
                    bc:fe:c5:ca:a9:38:ac:7f:94:f7:da:47:d0:63:52:
                    bd:c5:22:48:22:f5:06:7c:98:a7:04:5b:ed:d1:41:
                    0b:ea:e2:33:82:53:0c:3e:d7:aa:4a:44:a4:6f:10:
                    48:9c:32:3a:38:4a:0a:a7:1f:ca:e0:ae:31:6d:61:
                    1c:d0:cb:5b:ce:4a:62:47:6e:e8:33:6c:2e:43:6c:
                    60:0b:ce:91:3e:00:4d:80:fb:4a:df:6c:dd:1c:8d:
                    bf:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:16:E8:71:98:C9:72:2D:0F:F6:AD:6E:EA:A9:9E:41:31:A9:89:F9
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/JBbocZjJci0P9q1u6qmeQTGpifk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:99:da:b5:2f:96:eb:21:ff:1f:94:3a:ee:22:67:e9:d4:08:
         9b:6c:5e:80:54:10:9c:b3:1e:17:83:8b:e0:a2:ae:ba:29:04:
         7d:41:89:06:28:3d:6f:f2:16:05:67:de:6f:7c:02:95:c8:f2:
         69:5b:7d:9d:90:2a:01:4c:75:b6:a9:39:0b:d9:a5:ad:62:7f:
         82:02:a0:e9:df:e7:1a:cb:f2:af:6a:bb:71:98:af:d8:cf:85:
         9a:46:5c:53:27:45:31:2e:61:81:7f:bb:67:b9:9f:78:99:93:
         2f:ea:4d:4e:01:10:3e:ba:78:5e:4f:83:04:ec:b3:90:2b:3a:
         54:55:56:59:77:bc:7c:bc:c2:37:1a:f7:b6:c4:16:85:88:c6:
         06:c0:ed:b0:85:5f:96:df:99:d1:73:56:9e:e6:56:1a:5e:8a:
         8e:74:ae:43:be:f9:43:4d:37:d7:88:9b:1b:94:9c:91:26:6c:
         7f:41:90:ba:c7:8f:89:6c:24:e0:87:17:05:c0:31:af:ab:b3:
         60:50:21:0b:0d:d1:24:63:32:97:d8:71:50:8b:34:70:5f:c0:
         4c:5b:bb:b2:bd:e2:ab:b7:a3:14:fc:1d:0e:c5:66:59:ce:2b:
         c7:25:49:a4:96:ad:ca:dc:b4:59:7e:d7:b6:9d:b2:9c:bb:ae:
         43:60:30:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzB+8BEwS1q3LkuBb32wabqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzA2MDcxMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDE2ZTg3MTk4Yzk3MjJkMGZmNmFkNmVlYWE5OWU0MTMxYTk4OWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCsSLmzIfujdvHkFrNHem1cun5h6
zH75W0vTBCKMPUxjc5RwK0uFC72ypCqclHcy6m6ZdSgYu3oGdJHFjkPVPEDRGs0h
zTNyiK9mtZVhluQUVZyU6U4WhIdqB+U0L2RHCfEwWXGHaMW+c5HjOiy9XgOVzaYh
y0TpAEWCXx7oLsdkEa86gW093m3z0BXLLYLiTfsaZsFCxsGcOiKn6MeRZbqdpVC8
/sXKqTisf5T32kfQY1K9xSJIIvUGfJinBFvt0UEL6uIzglMMPteqSkSkbxBInDI6
OEoKpx/K4K4xbWEc0MtbzkpiR27oM2wuQ2xgC86RPgBNgPtK32zdHI2/MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQW6HGYyXItD/atbuqpnkExqYn5MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvSkJib2NaakpjaTBQOXExdTZxbWVRVEdwaWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IbkMA0G
CSqGSIb3DQEBCwUAA4IBAQAfmdq1L5brIf8flDruImfp1AibbF6AVBCcsx4Xg4vg
oq66KQR9QYkGKD1v8hYFZ95vfAKVyPJpW32dkCoBTHW2qTkL2aWtYn+CAqDp3+ca
y/KvartxmK/Yz4WaRlxTJ0UxLmGBf7tnuZ94mZMv6k1OARA+unheT4ME7LOQKzpU
VVZZd7x8vMI3Gve2xBaFiMYGwO2whV+W35nRc1ae5lYaXoqOdK5DvvlDTTfXiJsb
lJyRJmx/QZC6x4+JbCTghxcFwDGvq7NgUCELDdEkYzKX2HFQizRwX8BMW7uyveKr
t6MU/B0OxWZZzivHJUmklq3K3LRZfte2nbKcu65DYDC6
-----END CERTIFICATE-----