Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/KO88BipxYSMe9_fgpNIfkDwDlFw.roa
File:                     KO88BipxYSMe9_fgpNIfkDwDlFw.roa (raw, json)
Hash identifier:          +fdcl4WarVAsAWkXVJAtJu3I1Cuq+szy3KVcZUHJQ/Y=
Subject key identifier:   28:EF:3C:06:2A:71:61:23:1E:F7:F7:E0:A4:D2:1F:90:3C:03:94:5C
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DB9EA72A908E24B23600B1AB15CDFC976
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/KO88BipxYSMe9_fgpNIfkDwDlFw.roa
Signing time:             Thu 23 Apr 2026 10:37:22 +0000
ROA not before:           Thu 23 Apr 2026 10:37:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401783
IP address blocks:        212.134.20.0/24 maxlen: 24
                          213.177.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:ea:72:a9:08:e2:4b:23:60:0b:1a:b1:5c:df:c9:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 23 10:37:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28ef3c062a7161231ef7f7e0a4d21f903c03945c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:92:b5:4c:20:bb:7d:ec:75:0e:66:d2:04:12:
                    f4:57:6e:df:ac:63:64:6e:3d:c8:93:c5:1c:07:0d:
                    b2:4a:e3:08:c5:59:60:6a:43:c3:26:81:2a:58:0c:
                    e3:27:fc:63:f3:3a:a9:68:44:40:ba:18:a3:4d:4f:
                    17:fa:6e:41:18:5b:1a:17:45:12:dd:13:b9:98:8f:
                    21:4e:9d:55:66:c2:b3:22:c4:80:84:bf:6e:ce:c8:
                    16:ec:05:8d:70:f2:e0:a9:77:b7:e9:5d:a5:08:19:
                    fb:0c:fe:23:47:30:b4:d7:6e:27:1f:1e:75:c4:e9:
                    9e:9b:90:56:e4:3c:76:e6:80:cc:1d:80:f1:7c:da:
                    3f:b3:96:ac:62:76:46:97:d5:a0:89:11:d8:77:3b:
                    94:62:8e:63:c1:94:f4:1f:b3:62:fe:6c:c8:8c:0e:
                    fe:a4:24:7f:eb:35:45:7d:c4:21:1b:08:91:25:20:
                    11:65:ac:f6:98:df:69:2d:e1:ec:27:fb:d4:eb:d5:
                    fb:7d:11:59:81:28:64:39:95:be:97:95:1f:43:f0:
                    a0:ac:9d:a9:d0:f6:80:99:a1:39:b0:b8:2b:50:b0:
                    85:1b:f1:6f:35:14:18:e0:f4:0f:f8:77:c2:31:ef:
                    07:c3:11:15:a5:f4:3f:77:61:32:5a:20:6c:6a:23:
                    e7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:EF:3C:06:2A:71:61:23:1E:F7:F7:E0:A4:D2:1F:90:3C:03:94:5C
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/KO88BipxYSMe9_fgpNIfkDwDlFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.20.0/24
                  213.177.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:b0:d2:4a:dc:64:c0:b6:20:ff:1d:cd:53:cf:cf:4d:12:03:
         0e:61:f6:26:01:df:48:e4:80:bb:90:67:dc:62:7a:3c:ea:3c:
         48:ef:57:e1:fc:ab:0d:ab:ec:9f:05:76:5a:94:a8:b3:f1:81:
         a8:6d:bd:67:84:5d:75:2c:00:3f:36:61:88:a0:b9:94:a0:88:
         6d:a0:04:3c:aa:e4:8a:78:c3:e0:6a:2e:c9:37:41:02:76:e5:
         1d:d1:d1:a3:d4:8d:e4:8c:1f:be:cd:7f:00:81:59:b7:bf:e0:
         81:79:f5:8b:af:0f:a5:8c:ec:81:a2:93:dc:e8:a3:94:68:36:
         67:94:96:9d:e3:b7:90:75:b9:ea:6a:d3:6d:8e:00:9a:7e:cc:
         3c:63:13:00:7a:e2:69:2b:c0:32:5f:cf:6e:27:81:40:71:d7:
         3e:e8:c0:15:f5:a5:c2:4a:ed:4a:00:99:f6:60:be:0f:be:91:
         d4:15:5a:68:f4:02:c8:ba:f9:11:4e:85:fa:33:3d:78:c7:4f:
         0a:f4:ca:03:dd:8a:5e:2f:b2:65:91:22:35:55:b3:09:5a:fb:
         8f:b3:9c:9a:55:d6:be:05:51:8b:8d:e2:e4:9e:db:c4:2e:cc:
         54:ea:8e:1c:22:1b:55:78:e8:7b:c8:b7:46:2f:5a:54:ea:41:
         48:d9:bb:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ256nKpCOJLI2ALGrFc38l2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDIzMTAzNzIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGVmM2MwNjJhNzE2MTIzMWVmN2Y3ZTBhNGQyMWY5MDNjMDM5NDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5K1TCC7fex1DmbSBBL0V27frGNk
bj3Ik8UcBw2ySuMIxVlgakPDJoEqWAzjJ/xj8zqpaERAuhijTU8X+m5BGFsaF0US
3RO5mI8hTp1VZsKzIsSAhL9uzsgW7AWNcPLgqXe36V2lCBn7DP4jRzC0124nHx51
xOmem5BW5Dx25oDMHYDxfNo/s5asYnZGl9WgiRHYdzuUYo5jwZT0H7Ni/mzIjA7+
pCR/6zVFfcQhGwiRJSARZaz2mN9pLeHsJ/vU69X7fRFZgShkOZW+l5UfQ/CgrJ2p
0PaAmaE5sLgrULCFG/FvNRQY4PQP+HfCMe8HwxEVpfQ/d2EyWiBsaiPnRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCjvPAYqcWEjHvf34KTSH5A8A5RcMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvS084OEJpcHhZU01lOV9mZ3BOSWZrRHdEbEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IYUAwQA
1bH/MA0GCSqGSIb3DQEBCwUAA4IBAQDMsNJK3GTAtiD/Hc1Tz89NEgMOYfYmAd9I
5IC7kGfcYno86jxI71fh/KsNq+yfBXZalKiz8YGobb1nhF11LAA/NmGIoLmUoIht
oAQ8quSKeMPgai7JN0ECduUd0dGj1I3kjB++zX8AgVm3v+CBefWLrw+ljOyBopPc
6KOUaDZnlJad47eQdbnqatNtjgCafsw8YxMAeuJpK8AyX89uJ4FAcdc+6MAV9aXC
Su1KAJn2YL4PvpHUFVpo9ALIuvkRToX6Mz14x08K9MoD3YpeL7JlkSI1VbMJWvuP
s5yaVda+BVGLjeLkntvELsxU6o4cIhtVeOh7yLdGL1pU6kFI2btR
-----END CERTIFICATE-----