Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/N29O-Sm_rFugSdDG2Vn8WMWqtWI.roa
File:                     N29O-Sm_rFugSdDG2Vn8WMWqtWI.roa (raw, json)
Hash identifier:          Z28OQev5nE6HIxCuFThQZ364S7uXbCGSh/NmreAELZ8=
Subject key identifier:   37:6F:4E:F9:29:BF:AC:5B:A0:49:D0:C6:D9:59:FC:58:C5:AA:B5:62
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E1AC8A40AE579FEEB88724ADF128D906B
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/N29O-Sm_rFugSdDG2Vn8WMWqtWI.roa
Signing time:             Tue 12 May 2026 06:03:37 +0000
ROA not before:           Tue 12 May 2026 06:03:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402214
IP address blocks:        212.134.37.0/24 maxlen: 24
                          212.134.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1a:c8:a4:0a:e5:79:fe:eb:88:72:4a:df:12:8d:90:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May 12 06:03:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=376f4ef929bfac5ba049d0c6d959fc58c5aab562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7a:7a:e7:09:1f:5a:94:91:8e:11:bb:87:f7:
                    2b:26:62:3e:58:cc:77:1e:d5:7a:26:5c:98:11:d4:
                    58:f4:7b:47:fe:59:a9:e1:86:22:f3:4e:21:0b:87:
                    27:bf:51:bd:83:86:e0:38:3e:8e:d7:ad:73:d9:a1:
                    e1:70:6d:4d:80:98:05:45:14:27:c8:67:5c:4c:16:
                    e0:e9:bc:22:6c:5f:3c:88:9e:02:e7:ec:f0:b7:5b:
                    dd:17:9c:97:8f:bb:86:84:69:cf:ee:a0:ef:42:76:
                    d9:a9:9f:25:87:07:a9:17:6c:39:a8:59:29:3f:07:
                    e0:a7:ec:bd:0f:28:6a:28:26:9d:68:87:6a:09:b2:
                    cf:8a:09:c2:63:59:11:5b:ad:85:6d:91:9b:bb:d4:
                    fe:07:27:c3:c1:e6:b3:81:b0:9e:8f:14:bd:5a:b1:
                    39:85:19:e7:1c:2b:4e:3e:a4:90:90:f7:c6:db:7f:
                    33:2b:7e:3d:1d:24:24:0f:c3:a4:4d:27:4c:77:b8:
                    cf:1d:56:dc:e9:8e:31:56:4e:88:05:b8:2c:84:5d:
                    83:e4:9f:e6:cd:24:40:e5:0c:74:ec:80:6b:83:50:
                    5c:d7:ed:59:b9:23:31:bf:c9:8f:c9:0a:42:5d:6c:
                    f9:24:7b:46:6e:99:f7:f0:d4:c4:39:23:4f:90:5b:
                    48:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6F:4E:F9:29:BF:AC:5B:A0:49:D0:C6:D9:59:FC:58:C5:AA:B5:62
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/N29O-Sm_rFugSdDG2Vn8WMWqtWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.37.0/24
                  212.134.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:70:e9:1a:ba:b9:de:6b:8e:97:de:1d:a3:1b:ed:4a:f9:a6:
         ea:10:53:1a:ba:11:8f:59:32:05:d6:da:5b:c3:18:69:6d:db:
         5d:ed:cd:08:6e:b6:06:a0:40:4f:a1:50:d0:84:3e:02:e8:4a:
         bd:11:db:4b:c7:7b:0e:99:b2:f4:42:9a:e4:0c:cb:ac:17:33:
         c1:47:49:a7:4a:c1:38:ee:0e:f4:0e:89:a5:20:3a:02:00:ec:
         0f:52:b2:63:8f:46:9a:d0:9d:26:a0:8c:fa:3f:a3:58:0d:a8:
         37:f0:2c:c0:d4:35:22:6c:2c:28:70:f9:20:3c:07:b9:6e:4f:
         d3:4c:c1:2f:33:a7:9b:e4:54:d9:24:3b:55:14:d1:5e:10:b9:
         2a:44:73:97:29:47:c2:d7:17:e7:0f:3b:6b:f2:b7:de:af:5c:
         01:67:87:98:a8:55:a3:97:d7:c1:81:9f:9e:69:db:95:70:ad:
         18:e3:1d:af:35:04:f1:ae:88:a0:01:5f:9c:0b:e4:f9:3c:76:
         22:76:d9:7c:1c:a3:a7:b3:77:dd:50:36:f4:b5:eb:52:56:56:
         79:5c:66:7e:33:d4:55:2c:ee:60:ab:31:c0:55:04:d1:64:26:
         c1:75:3b:22:db:13:f1:31:5f:28:4d:d2:40:77:81:ab:a9:3d:
         fc:ad:06:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4ayKQK5Xn+64hySt8SjZBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTEyMDYwMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZmNGVmOTI5YmZhYzViYTA0OWQwYzZkOTU5ZmM1OGM1YWFiNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXp65wkfWpSRjhG7h/crJmI+WMx3
HtV6JlyYEdRY9HtH/lmp4YYi804hC4cnv1G9g4bgOD6O161z2aHhcG1NgJgFRRQn
yGdcTBbg6bwibF88iJ4C5+zwt1vdF5yXj7uGhGnP7qDvQnbZqZ8lhwepF2w5qFkp
Pwfgp+y9DyhqKCadaIdqCbLPignCY1kRW62FbZGbu9T+ByfDweazgbCejxS9WrE5
hRnnHCtOPqSQkPfG238zK349HSQkD8OkTSdMd7jPHVbc6Y4xVk6IBbgshF2D5J/m
zSRA5Qx07IBrg1Bc1+1ZuSMxv8mPyQpCXWz5JHtGbpn38NTEOSNPkFtImwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDdvTvkpv6xboEnQxtlZ/FjFqrViMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvTjI5Ty1TbV9yRnVnU2RERzJWbjhXTVdxdFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IYlAwQA
1IYnMA0GCSqGSIb3DQEBCwUAA4IBAQC6cOkaurnea46X3h2jG+1K+abqEFMauhGP
WTIF1tpbwxhpbdtd7c0IbrYGoEBPoVDQhD4C6Eq9EdtLx3sOmbL0QprkDMusFzPB
R0mnSsE47g70DomlIDoCAOwPUrJjj0aa0J0moIz6P6NYDag38CzA1DUibCwocPkg
PAe5bk/TTMEvM6eb5FTZJDtVFNFeELkqRHOXKUfC1xfnDztr8rfer1wBZ4eYqFWj
l9fBgZ+eaduVcK0Y4x2vNQTxroigAV+cC+T5PHYidtl8HKOns3fdUDb0tetSVlZ5
XGZ+M9RVLO5gqzHAVQTRZCbBdTsi2xPxMV8oTdJAd4GrqT38rQbX
-----END CERTIFICATE-----