Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/UbTTJ5q3wkfR-qoCZr9lyEoGsls.roa
File:                     UbTTJ5q3wkfR-qoCZr9lyEoGsls.roa (raw, json)
Hash identifier:          bn+VqxrJ56iP0z9PzNJRxmoyeon26XWAuTQqp/HGEXs=
Subject key identifier:   51:B4:D3:27:9A:B7:C2:47:D1:FA:AA:02:66:BF:65:C8:4A:06:B2:5B
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       0199CE16664544C2305B0AD672CEDB10F289
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/UbTTJ5q3wkfR-qoCZr9lyEoGsls.roa
Signing time:             Fri 10 Oct 2025 12:26:38 +0000
ROA not before:           Fri 10 Oct 2025 12:26:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        212.134.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:16:66:45:44:c2:30:5b:0a:d6:72:ce:db:10:f2:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Oct 10 12:26:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51b4d3279ab7c247d1faaa0266bf65c84a06b25b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d0:bf:84:d3:22:97:ac:e6:1d:7f:3d:d8:1c:
                    4f:d5:57:73:77:18:aa:cf:62:af:0f:06:30:af:fa:
                    b7:1c:96:55:d3:d8:c8:98:f5:db:60:54:b8:8c:2d:
                    b0:b6:e7:b9:75:db:35:e2:21:9d:69:0a:55:5f:24:
                    86:4f:9c:54:bf:12:39:24:40:fd:77:a4:2a:37:06:
                    3e:54:54:ed:28:f1:57:5c:0e:e9:34:c4:ce:81:6c:
                    77:8e:e6:cf:6a:a5:ea:4f:43:ba:64:9f:f4:38:8e:
                    84:cc:68:01:12:77:91:80:e8:7d:ab:07:3a:51:11:
                    55:cb:95:e3:3f:9d:8a:61:b1:a7:22:62:f8:55:c5:
                    2d:53:44:90:79:e0:28:81:f9:74:5a:d9:f2:31:de:
                    79:dc:fb:ee:b9:f9:ce:69:76:b3:74:85:a4:77:71:
                    41:ab:f8:22:5e:ed:c2:c3:55:02:5f:99:76:eb:a8:
                    c0:c4:5e:c1:ab:5d:4d:9f:c2:db:41:a8:d7:e5:83:
                    aa:c0:30:ce:e1:72:79:38:bd:b2:50:58:93:1a:1c:
                    05:99:ad:2c:b1:0f:9c:23:5f:e0:37:a0:19:fa:66:
                    27:f4:4f:95:bb:41:39:98:b4:20:ac:85:b5:e7:26:
                    0a:51:47:cb:a5:39:e0:d6:d2:86:fe:c3:d9:44:fe:
                    ad:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B4:D3:27:9A:B7:C2:47:D1:FA:AA:02:66:BF:65:C8:4A:06:B2:5B
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/UbTTJ5q3wkfR-qoCZr9lyEoGsls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b3:6b:cf:87:c4:69:3f:59:14:d1:61:ec:9d:90:76:10:dc:
         69:b0:f8:fc:f0:b4:31:47:4d:a5:e2:39:f7:02:c0:0f:4c:2e:
         ad:0b:fc:09:5a:7c:01:4c:5d:d3:24:50:96:69:bc:ad:14:8e:
         94:ea:47:2a:19:17:d9:39:43:5a:04:bd:86:13:16:4c:c2:e5:
         69:1e:95:91:85:36:7d:62:af:d2:ae:f2:3e:99:72:73:0d:42:
         e3:56:20:53:a9:b4:71:d3:28:cf:3c:b7:0f:84:bc:d4:ef:72:
         06:d2:cd:06:3e:ad:cf:5f:b3:7c:2b:94:3f:ae:50:52:4c:b3:
         95:e0:74:70:97:74:39:4f:39:cf:2b:96:49:c0:55:24:88:03:
         53:0d:a3:ad:48:f1:d3:e6:c8:94:2f:0f:43:4e:78:24:75:be:
         1b:4d:37:39:e8:22:7e:f1:6b:f7:a4:32:f6:72:3c:24:ad:45:
         f3:3b:80:89:d1:08:96:40:51:c8:6a:1a:05:69:aa:2d:1f:0e:
         3f:9c:16:c3:87:57:56:d0:c6:b2:92:27:5b:a7:7a:9d:1a:e7:
         89:6d:56:bc:be:5e:e1:c1:e0:31:1c:37:31:cd:5a:81:dc:49:
         de:0e:87:5f:f7:45:5f:ca:69:11:27:60:78:58:3f:97:60:4a:
         63:43:74:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOFmZFRMIwWwrWcs7bEPKJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDEwMTIyNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWI0ZDMyNzlhYjdjMjQ3ZDFmYWFhMDI2NmJmNjVjODRhMDZiMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tC/hNMil6zmHX892BxP1Vdzdxiq
z2KvDwYwr/q3HJZV09jImPXbYFS4jC2wtue5dds14iGdaQpVXySGT5xUvxI5JED9
d6QqNwY+VFTtKPFXXA7pNMTOgWx3jubPaqXqT0O6ZJ/0OI6EzGgBEneRgOh9qwc6
URFVy5XjP52KYbGnImL4VcUtU0SQeeAogfl0WtnyMd553PvuufnOaXazdIWkd3FB
q/giXu3Cw1UCX5l266jAxF7Bq11Nn8LbQajX5YOqwDDO4XJ5OL2yUFiTGhwFma0s
sQ+cI1/gN6AZ+mYn9E+Vu0E5mLQgrIW15yYKUUfLpTng1tKG/sPZRP6t8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFG00yeat8JH0fqqAma/ZchKBrJbMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvVWJUVEo1cTN3a2ZSLXFvQ1pyOWx5RW9Hc2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IYaMA0G
CSqGSIb3DQEBCwUAA4IBAQBss2vPh8RpP1kU0WHsnZB2ENxpsPj88LQxR02l4jn3
AsAPTC6tC/wJWnwBTF3TJFCWabytFI6U6kcqGRfZOUNaBL2GExZMwuVpHpWRhTZ9
Yq/SrvI+mXJzDULjViBTqbRx0yjPPLcPhLzU73IG0s0GPq3PX7N8K5Q/rlBSTLOV
4HRwl3Q5TznPK5ZJwFUkiANTDaOtSPHT5siULw9DTngkdb4bTTc56CJ+8Wv3pDL2
cjwkrUXzO4CJ0QiWQFHIahoFaaotHw4/nBbDh1dW0Maykidbp3qdGueJbVa8vl7h
weAxHDcxzVqB3EneDodf90VfymkRJ2B4WD+XYEpjQ3SU
-----END CERTIFICATE-----