Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Js2DioP8UuusW_efZjhhWGhwNuE.roa
File:                     Js2DioP8UuusW_efZjhhWGhwNuE.roa (raw, json)
Hash identifier:          B9got8A4TpIqJI9xQIvx67cqycnUsHcouw1nEbVbjSE=
Subject key identifier:   26:CD:83:8A:83:FC:52:EB:AC:5B:F7:9F:66:38:61:58:68:70:36:E1
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D24CB093F9327476DCD4C56B684954459
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Js2DioP8UuusW_efZjhhWGhwNuE.roa
Signing time:             Wed 25 Mar 2026 11:39:39 +0000
ROA not before:           Wed 25 Mar 2026 11:39:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        212.134.17.0/24 maxlen: 24
                          212.135.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:cb:09:3f:93:27:47:6d:cd:4c:56:b6:84:95:44:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 25 11:39:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26cd838a83fc52ebac5bf79f66386158687036e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:15:ec:d8:1d:ae:04:49:9e:fe:d7:c9:c0:26:
                    15:ee:43:33:54:21:60:37:72:04:16:c8:ea:7c:93:
                    70:fe:59:51:85:0b:56:40:39:f6:18:57:d3:11:14:
                    9c:e8:04:7c:31:39:0a:a4:87:78:d1:dc:27:da:2a:
                    ed:db:f7:7c:94:43:2d:81:5e:c8:af:51:f5:9a:38:
                    a4:b6:db:85:84:2b:15:65:d5:e1:23:ad:41:6f:07:
                    14:e2:40:90:1b:a8:c2:65:88:a5:bc:54:8e:5d:a6:
                    77:f1:1d:04:40:26:87:66:11:28:19:fd:e2:3c:45:
                    9d:3e:41:68:26:ad:67:c1:0d:7d:b4:93:70:1e:1b:
                    35:50:2e:56:55:d8:59:5f:f5:95:cb:78:c8:4b:5a:
                    65:b3:7b:60:da:97:cf:a6:ba:e0:6d:b3:5e:8e:e3:
                    1c:90:b1:78:fa:dc:a3:3c:0a:a5:d0:3c:98:d4:d2:
                    df:f9:21:78:5a:08:c6:e5:4c:4a:8f:12:56:71:b2:
                    da:f5:b0:69:22:54:64:8c:28:a9:38:16:07:9c:da:
                    1a:d4:8f:68:bc:ac:ae:36:67:ce:aa:92:3a:3f:9c:
                    60:b3:60:47:26:1b:d9:36:80:31:40:85:b2:6c:21:
                    da:82:12:81:b7:3e:2b:aa:82:1c:e7:d5:cb:cb:3d:
                    7b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:CD:83:8A:83:FC:52:EB:AC:5B:F7:9F:66:38:61:58:68:70:36:E1
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Js2DioP8UuusW_efZjhhWGhwNuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.17.0/24
                  212.135.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:2d:d1:54:93:6a:d8:97:6b:d9:75:ab:02:d2:01:4b:39:03:
         bb:ab:3f:82:66:8e:01:ec:1c:19:a3:41:ad:68:8c:9f:c6:16:
         75:03:2d:b9:87:bb:de:fc:2f:7a:84:1d:69:6c:8a:c7:d3:8d:
         6e:2b:11:a2:c9:8f:31:0d:6f:db:fe:24:51:ac:e3:4b:ed:86:
         14:62:79:d3:68:ec:43:30:25:92:d3:43:f6:f7:4c:0f:63:2c:
         c2:79:90:f5:bf:f0:8a:fa:b6:92:7d:04:c3:8a:b5:e3:1c:25:
         ca:fd:e2:bc:5b:2b:7f:15:d7:9a:82:64:e4:ea:c0:ae:9f:a7:
         26:31:21:eb:c0:70:10:e8:51:90:1f:17:8a:37:9c:70:9d:80:
         81:f8:26:cd:83:79:01:57:c5:d5:a0:55:2a:60:d5:4d:2f:d6:
         9b:50:fb:9d:3e:b4:ee:6b:c1:4d:53:e4:37:6b:66:20:c3:ae:
         03:b5:8a:6c:b6:61:b4:7b:6d:5c:06:85:9c:9f:3a:94:bf:a1:
         23:a3:cc:b5:50:35:6b:1d:22:1c:68:df:87:25:4f:6f:0a:6c:
         c1:87:e8:66:43:19:95:70:09:b3:a9:a0:d0:9c:5d:b6:86:af:
         da:e2:fd:79:fd:98:76:e7:7e:6f:b0:12:5e:41:56:b9:55:4d:
         03:5a:55:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0kywk/kydHbc1MVraElURZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzI1MTEzOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmNkODM4YTgzZmM1MmViYWM1YmY3OWY2NjM4NjE1ODY4NzAzNmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxXs2B2uBEme/tfJwCYV7kMzVCFg
N3IEFsjqfJNw/llRhQtWQDn2GFfTERSc6AR8MTkKpId40dwn2irt2/d8lEMtgV7I
r1H1mjikttuFhCsVZdXhI61BbwcU4kCQG6jCZYilvFSOXaZ38R0EQCaHZhEoGf3i
PEWdPkFoJq1nwQ19tJNwHhs1UC5WVdhZX/WVy3jIS1pls3tg2pfPprrgbbNejuMc
kLF4+tyjPAql0DyY1NLf+SF4WgjG5UxKjxJWcbLa9bBpIlRkjCipOBYHnNoa1I9o
vKyuNmfOqpI6P5xgs2BHJhvZNoAxQIWybCHaghKBtz4rqoIc59XLyz17LwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCbNg4qD/FLrrFv3n2Y4YVhocDbhMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvSnMyRGlvUDhVdXVzV19lZlpqaGhXR2h3TnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IYRAwQA
1IfwMA0GCSqGSIb3DQEBCwUAA4IBAQDTLdFUk2rYl2vZdasC0gFLOQO7qz+CZo4B
7BwZo0GtaIyfxhZ1Ay25h7ve/C96hB1pbIrH041uKxGiyY8xDW/b/iRRrONL7YYU
YnnTaOxDMCWS00P290wPYyzCeZD1v/CK+raSfQTDirXjHCXK/eK8Wyt/FdeagmTk
6sCun6cmMSHrwHAQ6FGQHxeKN5xwnYCB+CbNg3kBV8XVoFUqYNVNL9abUPudPrTu
a8FNU+Q3a2Ygw64DtYpstmG0e21cBoWcnzqUv6Ejo8y1UDVrHSIcaN+HJU9vCmzB
h+hmQxmVcAmzqaDQnF22hq/a4v15/Zh2535vsBJeQVa5VU0DWlX7
-----END CERTIFICATE-----