Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/XXrpyd9TXuTJl3Jjg5rrl6PgfOI.roa
File:                     XXrpyd9TXuTJl3Jjg5rrl6PgfOI.roa (raw, json)
Hash identifier:          OgPPJ0tEzWqQivi+REZeKjXaMpWmfDf+b45+6IYt6v4=
Subject key identifier:   5D:7A:E9:C9:DF:53:5E:E4:C9:97:72:63:83:9A:EB:97:A3:E0:7C:E2
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019967420477E0783883C0E543D930A03AFF
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/XXrpyd9TXuTJl3Jjg5rrl6PgfOI.roa
Signing time:             Sat 20 Sep 2025 13:13:23 +0000
ROA not before:           Sat 20 Sep 2025 13:13:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61049
IP address blocks:        212.134.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:67:42:04:77:e0:78:38:83:c0:e5:43:d9:30:a0:3a:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Sep 20 13:13:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d7ae9c9df535ee4c9977263839aeb97a3e07ce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:62:68:cb:28:22:2d:09:96:48:77:f8:2d:b7:
                    27:0c:1f:14:d0:e7:d7:6e:f0:b8:de:14:be:95:ee:
                    70:55:03:cf:42:69:20:cc:58:3f:9b:0d:a1:f0:ad:
                    3f:ba:62:6b:11:5a:1e:26:84:66:47:80:62:d5:50:
                    0c:ee:e4:74:17:b5:4d:7b:fd:68:fa:60:b3:46:d1:
                    da:e2:72:55:d4:d2:00:e0:76:dd:a3:58:ea:72:70:
                    a6:24:24:ec:d3:96:87:06:10:67:29:9c:e7:94:0f:
                    9e:c4:4e:78:53:fb:d7:6d:10:1d:87:8b:cf:1f:90:
                    05:38:10:aa:7f:aa:af:4e:1e:05:06:47:1a:47:59:
                    84:f3:ae:43:ef:5c:73:b9:20:e2:8d:59:42:92:13:
                    72:50:1f:2f:db:3c:5b:5f:08:60:af:5b:a6:4f:6f:
                    14:72:13:9e:3c:d0:8d:f6:c6:36:4a:27:f3:4d:53:
                    d5:09:26:8f:2c:89:80:33:63:03:34:ad:38:6b:1f:
                    2f:ae:77:f4:e1:70:71:6a:21:99:6e:6b:80:e2:71:
                    68:2c:1b:d2:22:49:85:59:54:74:4e:a6:3a:7b:22:
                    08:b4:0d:e0:65:1c:51:1a:ba:a2:99:f1:11:b8:f4:
                    40:f7:9b:5c:06:4a:78:09:09:58:57:1b:06:26:59:
                    c2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:7A:E9:C9:DF:53:5E:E4:C9:97:72:63:83:9A:EB:97:A3:E0:7C:E2
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/XXrpyd9TXuTJl3Jjg5rrl6PgfOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:f5:b3:c1:17:20:81:b6:ab:4f:0b:92:fa:ed:ee:77:21:06:
         a2:98:44:36:07:89:43:79:4e:3d:38:63:96:4c:ef:7e:0d:84:
         32:8b:1d:df:b5:90:0c:55:97:2b:93:99:64:61:78:40:26:13:
         21:08:b3:20:d9:c3:2d:b4:a3:ce:74:ff:a7:25:e6:81:06:70:
         ad:ac:cd:4a:d3:04:8d:fb:b7:a7:e9:00:2f:68:0a:c3:b4:66:
         f7:35:ee:0f:f1:aa:94:6c:b0:91:4e:22:ce:0c:0e:19:54:7a:
         52:eb:fb:42:20:b6:26:81:00:1a:ff:ac:96:84:a2:ab:bb:ad:
         a2:2f:3c:13:e9:10:dd:9d:3d:b3:45:f1:3a:fa:70:7b:14:67:
         ec:bd:81:a1:e7:e1:13:c0:e8:1c:52:c7:03:98:4b:f2:33:cf:
         10:7c:26:68:9a:3a:cd:59:d6:79:97:79:ef:58:a2:73:66:f7:
         e9:08:06:c6:38:77:5d:79:fb:f6:a9:37:2c:6d:70:3c:0f:38:
         3f:a9:4f:57:51:17:4e:0a:b1:7d:06:01:53:7d:25:69:13:ee:
         7a:3e:e6:58:b6:91:4c:7d:bc:b2:7c:9c:08:54:08:68:57:95:
         30:04:51:3b:20:1c:7a:73:10:45:5d:7d:bd:04:fd:40:fc:e1:
         53:3f:43:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlnQgR34Hg4g8DlQ9kwoDr/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwOTIwMTMxMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDdhZTljOWRmNTM1ZWU0Yzk5NzcyNjM4MzlhZWI5N2EzZTA3Y2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WJoyygiLQmWSHf4LbcnDB8U0OfX
bvC43hS+le5wVQPPQmkgzFg/mw2h8K0/umJrEVoeJoRmR4Bi1VAM7uR0F7VNe/1o
+mCzRtHa4nJV1NIA4Hbdo1jqcnCmJCTs05aHBhBnKZznlA+exE54U/vXbRAdh4vP
H5AFOBCqf6qvTh4FBkcaR1mE865D71xzuSDijVlCkhNyUB8v2zxbXwhgr1umT28U
chOePNCN9sY2SifzTVPVCSaPLImAM2MDNK04ax8vrnf04XBxaiGZbmuA4nFoLBvS
IkmFWVR0TqY6eyIItA3gZRxRGrqimfERuPRA95tcBkp4CQlYVxsGJlnCwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF166cnfU17kyZdyY4Oa65ej4HziMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvWFhycHlkOVRYdVRKbDNKamc1cnJsNlBnZk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IZdMA0G
CSqGSIb3DQEBCwUAA4IBAQDH9bPBFyCBtqtPC5L67e53IQaimEQ2B4lDeU49OGOW
TO9+DYQyix3ftZAMVZcrk5lkYXhAJhMhCLMg2cMttKPOdP+nJeaBBnCtrM1K0wSN
+7en6QAvaArDtGb3Ne4P8aqUbLCRTiLODA4ZVHpS6/tCILYmgQAa/6yWhKKru62i
LzwT6RDdnT2zRfE6+nB7FGfsvYGh5+ETwOgcUscDmEvyM88QfCZomjrNWdZ5l3nv
WKJzZvfpCAbGOHddefv2qTcsbXA8Dzg/qU9XURdOCrF9BgFTfSVpE+56PuZYtpFM
fbyyfJwIVAhoV5UwBFE7IBx6cxBFXX29BP1A/OFTP0Pq
-----END CERTIFICATE-----