Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Z8XT8UGQMlm7jI4uqjdlhbng33g.roa
File:                     Z8XT8UGQMlm7jI4uqjdlhbng33g.roa (raw, json)
Hash identifier:          ZkIErL92DDm2KG+XGLyr3zJDbquron+ejSy/UXqbXjE=
Subject key identifier:   67:C5:D3:F1:41:90:32:59:BB:8C:8E:2E:AA:37:65:85:B9:E0:DF:78
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       0199CE16668C3FBFF295B32F3F1584B56F58
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Z8XT8UGQMlm7jI4uqjdlhbng33g.roa
Signing time:             Fri 10 Oct 2025 12:26:38 +0000
ROA not before:           Fri 10 Oct 2025 12:26:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        212.134.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:16:66:8c:3f:bf:f2:95:b3:2f:3f:15:84:b5:6f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Oct 10 12:26:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67c5d3f141903259bb8c8e2eaa376585b9e0df78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:3b:40:fd:96:8f:6f:62:be:01:43:fb:f6:42:
                    a2:93:ad:a4:da:f1:9a:54:b3:c5:c2:de:73:e0:67:
                    41:5c:fb:d5:5d:0f:33:fc:54:17:94:69:88:9f:0f:
                    8b:6b:60:0f:c6:e9:ed:4e:30:8e:2f:9c:ab:5c:bb:
                    8e:1d:1e:a4:4a:c2:a0:85:5b:e5:f3:9b:dd:c4:f8:
                    a4:c4:84:89:7b:1a:c5:93:3c:c1:c0:e4:a3:89:d4:
                    8a:c9:53:4e:12:a0:b4:ba:ae:77:79:a6:ff:42:6e:
                    70:2b:4c:d4:c8:93:ef:ab:21:76:f4:b5:94:8c:d8:
                    03:72:57:0e:4c:89:82:61:58:0e:e7:cd:96:d2:6e:
                    07:a1:e2:45:6a:e1:a8:4f:6c:4a:b0:8a:6b:89:10:
                    f7:9e:16:c0:ce:3f:ef:c5:47:a2:87:8c:f3:d0:bb:
                    d1:c9:44:4e:f6:95:1c:bc:46:ba:52:4a:f5:f1:46:
                    05:80:f1:9f:aa:3f:c4:03:95:cc:67:5a:ab:ab:a9:
                    9c:2f:d9:a8:89:01:2f:cf:00:82:16:1f:52:43:de:
                    93:88:0f:ce:78:3d:9c:43:9f:f3:68:b7:01:51:aa:
                    ad:58:a0:88:11:78:62:40:81:7e:fa:c5:06:54:70:
                    82:06:56:0e:e8:99:fe:e7:b2:59:f8:d7:fd:93:3b:
                    59:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C5:D3:F1:41:90:32:59:BB:8C:8E:2E:AA:37:65:85:B9:E0:DF:78
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Z8XT8UGQMlm7jI4uqjdlhbng33g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:87:d7:a7:d3:ce:9e:da:dd:d5:59:21:14:4f:35:77:bc:e4:
         a2:50:67:8c:60:85:91:db:68:52:3c:7b:4f:bf:95:70:50:5e:
         b5:f9:1a:e3:25:32:5c:f7:48:b2:25:ca:a0:ff:a8:d1:ea:98:
         11:5b:5d:5e:db:50:94:e1:79:8a:35:ed:f8:ad:27:b4:5e:6f:
         09:6b:ef:45:8a:b5:26:f1:7f:08:fc:ea:cf:c2:b9:22:66:ae:
         5a:0c:64:4e:23:71:b7:22:e3:e8:d2:c9:c7:2a:3e:0e:4b:e8:
         0f:80:da:28:73:e8:72:4f:9c:8d:b2:39:6a:e4:c4:5c:ca:3c:
         4c:5d:77:0a:54:5c:16:e6:5c:b5:29:8d:fd:f9:54:0b:62:67:
         11:4c:5b:5c:29:6c:86:a7:0d:33:aa:de:5b:47:65:1b:fd:ff:
         cb:97:ff:ea:93:ea:52:0f:66:91:61:7a:e4:3e:b8:a2:89:2e:
         48:ae:77:72:e8:2c:90:fb:61:3e:bc:33:b2:d7:44:96:94:eb:
         d7:59:95:77:05:5b:0d:c8:cc:0d:c6:12:c0:38:3a:e0:ce:0f:
         57:4b:e8:a1:ed:e2:6b:0c:68:fc:d3:93:14:df:49:cf:2d:c1:
         2c:e6:28:0e:d0:2c:0d:3e:58:d3:7b:72:eb:e6:09:cf:47:d7:
         cc:e3:6d:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOFmaMP7/ylbMvPxWEtW9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDEwMTIyNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2M1ZDNmMTQxOTAzMjU5YmI4YzhlMmVhYTM3NjU4NWI5ZTBkZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTtA/ZaPb2K+AUP79kKik62k2vGa
VLPFwt5z4GdBXPvVXQ8z/FQXlGmInw+La2APxuntTjCOL5yrXLuOHR6kSsKghVvl
85vdxPikxISJexrFkzzBwOSjidSKyVNOEqC0uq53eab/Qm5wK0zUyJPvqyF29LWU
jNgDclcOTImCYVgO582W0m4HoeJFauGoT2xKsIpriRD3nhbAzj/vxUeih4zz0LvR
yURO9pUcvEa6Ukr18UYFgPGfqj/EA5XMZ1qrq6mcL9moiQEvzwCCFh9SQ96TiA/O
eD2cQ5/zaLcBUaqtWKCIEXhiQIF++sUGVHCCBlYO6Jn+57JZ+Nf9kztZ4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfF0/FBkDJZu4yOLqo3ZYW54N94MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvWjhYVDhVR1FNbG03akk0dXFqZGxoYm5nMzNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IYaMA0G
CSqGSIb3DQEBCwUAA4IBAQAph9en086e2t3VWSEUTzV3vOSiUGeMYIWR22hSPHtP
v5VwUF61+RrjJTJc90iyJcqg/6jR6pgRW11e21CU4XmKNe34rSe0Xm8Ja+9FirUm
8X8I/OrPwrkiZq5aDGROI3G3IuPo0snHKj4OS+gPgNooc+hyT5yNsjlq5MRcyjxM
XXcKVFwW5ly1KY39+VQLYmcRTFtcKWyGpw0zqt5bR2Ub/f/Ll//qk+pSD2aRYXrk
PriiiS5Irndy6CyQ+2E+vDOy10SWlOvXWZV3BVsNyMwNxhLAODrgzg9XS+ih7eJr
DGj805MU30nPLcEs5igO0CwNPljTe3Lr5gnPR9fM421u
-----END CERTIFICATE-----