Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/bpAj4nNRhrYrR7shge-07d8pHTk.roa
File:                     bpAj4nNRhrYrR7shge-07d8pHTk.roa (raw, json)
Hash identifier:          bA7KZDitjAzseqW0XzBQicGXcKgyiLLeMu0vrXKp5Jg=
Subject key identifier:   6E:90:23:E2:73:51:86:B6:2B:47:BB:21:81:EF:B4:ED:DF:29:1D:39
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E07AB269FA116EE4F52F02B079BF3A930
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/bpAj4nNRhrYrR7shge-07d8pHTk.roa
Signing time:             Fri 08 May 2026 12:58:37 +0000
ROA not before:           Fri 08 May 2026 12:58:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402369
IP address blocks:        212.134.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:07:ab:26:9f:a1:16:ee:4f:52:f0:2b:07:9b:f3:a9:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May  8 12:58:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e9023e2735186b62b47bb2181efb4eddf291d39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ea:d6:39:5f:5b:53:57:90:ef:6c:35:2c:d1:
                    1b:be:b6:d3:8f:28:3f:0b:7c:a7:5f:f9:c0:b7:9e:
                    65:66:b1:4a:c7:27:a7:41:e1:48:66:6f:de:4d:bc:
                    33:11:f7:4a:a1:7f:16:32:7c:77:c8:f1:9c:3d:94:
                    91:9c:4d:49:30:13:30:14:bc:21:9b:55:a0:48:ac:
                    aa:ad:0d:3a:4f:de:63:4f:6f:f8:9d:96:6d:19:fa:
                    a0:53:6d:b7:b4:18:a8:92:ac:80:45:8c:4e:6f:6b:
                    5b:0d:16:71:56:99:a6:36:b4:83:10:d2:9b:c4:9f:
                    04:77:d9:9f:d9:31:fc:4d:1c:4c:f2:9a:0e:53:5f:
                    c4:a5:3f:01:52:a5:76:f5:ac:94:68:75:75:9c:69:
                    66:df:8e:41:c6:87:32:12:77:e3:fe:e4:c6:6f:b5:
                    02:f3:86:f8:12:9a:0a:65:cc:99:23:38:fb:bb:2e:
                    8b:02:70:61:e1:72:10:ea:e8:4a:79:47:60:d1:2a:
                    bf:fd:f9:79:45:30:da:78:b2:0d:a4:85:a1:1c:4d:
                    79:fb:7c:ac:bf:96:c2:38:2a:de:e4:4c:79:2c:a8:
                    24:d5:c2:b9:c3:dc:f1:95:e3:b5:fe:a2:0b:31:ed:
                    d0:81:02:ad:76:7a:53:69:a0:f0:11:33:05:8f:5a:
                    f4:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:90:23:E2:73:51:86:B6:2B:47:BB:21:81:EF:B4:ED:DF:29:1D:39
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/bpAj4nNRhrYrR7shge-07d8pHTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:7a:99:c9:a6:d4:03:a6:96:f0:38:17:51:8a:c1:e9:96:b6:
         2b:2f:9c:32:da:35:14:49:25:16:68:d4:02:5c:fa:bd:0e:ac:
         01:2f:5e:80:05:cd:ac:d2:bb:46:54:6b:05:22:16:69:9b:3e:
         b2:3b:ef:28:c5:57:6e:c2:dc:41:f3:37:a8:bc:49:db:d1:47:
         9a:7f:75:ad:94:61:d4:39:e4:28:8e:49:31:9c:27:34:e4:c1:
         ea:de:6a:04:1a:56:b5:20:e8:1a:ef:9d:f8:ed:4f:b9:59:06:
         00:75:8e:5a:fc:cb:3b:0b:17:14:c5:cb:3a:bc:95:41:4f:3f:
         76:fa:1a:c7:29:ea:67:40:3c:fe:bb:fe:58:5f:d5:8e:7f:a7:
         f4:86:3f:75:94:5e:95:e2:24:cc:cc:ce:98:5e:54:0c:b4:3e:
         de:53:94:27:00:6e:16:9c:7f:f9:61:6d:e5:ca:05:23:dd:93:
         54:78:1d:5c:d4:f8:0c:28:2b:8c:b6:84:25:f2:1a:6b:e8:88:
         72:2b:ad:bc:38:e8:e1:a6:1a:c0:df:7e:6f:87:64:87:cf:3a:
         f8:72:55:13:cf:81:e6:68:8b:f6:a8:8d:f0:d6:f1:14:bf:87:
         fc:a1:dd:0f:da:94:d9:a2:b9:84:d1:66:96:21:f1:3c:91:aa:
         84:3b:e7:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4HqyafoRbuT1LwKweb86kwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTA4MTI1ODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTkwMjNlMjczNTE4NmI2MmI0N2JiMjE4MWVmYjRlZGRmMjkxZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnurWOV9bU1eQ72w1LNEbvrbTjyg/
C3ynX/nAt55lZrFKxyenQeFIZm/eTbwzEfdKoX8WMnx3yPGcPZSRnE1JMBMwFLwh
m1WgSKyqrQ06T95jT2/4nZZtGfqgU223tBiokqyARYxOb2tbDRZxVpmmNrSDENKb
xJ8Ed9mf2TH8TRxM8poOU1/EpT8BUqV29ayUaHV1nGlm345BxocyEnfj/uTGb7UC
84b4EpoKZcyZIzj7uy6LAnBh4XIQ6uhKeUdg0Sq//fl5RTDaeLINpIWhHE15+3ys
v5bCOCre5Ex5LKgk1cK5w9zxleO1/qILMe3QgQKtdnpTaaDwETMFj1r0LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6QI+JzUYa2K0e7IYHvtO3fKR05MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvYnBBajRuTlJocllyUjdzaGdlLTA3ZDhwSFRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IY5MA0G
CSqGSIb3DQEBCwUAA4IBAQCfepnJptQDppbwOBdRisHplrYrL5wy2jUUSSUWaNQC
XPq9DqwBL16ABc2s0rtGVGsFIhZpmz6yO+8oxVduwtxB8zeovEnb0Ueaf3WtlGHU
OeQojkkxnCc05MHq3moEGla1IOga75347U+5WQYAdY5a/Ms7CxcUxcs6vJVBTz92
+hrHKepnQDz+u/5YX9WOf6f0hj91lF6V4iTMzM6YXlQMtD7eU5QnAG4WnH/5YW3l
ygUj3ZNUeB1c1PgMKCuMtoQl8hpr6IhyK628OOjhphrA335vh2SHzzr4clUTz4Hm
aIv2qI3w1vEUv4f8od0P2pTZormE0WaWIfE8kaqEO+ck
-----END CERTIFICATE-----