Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/caCr13V52_77mBaoYme5uTivtuI.roa
File:                     caCr13V52_77mBaoYme5uTivtuI.roa (raw, json)
Hash identifier:          RVtiYplOvJ+CCDtri0S81Ktqk4ohmQpgNIG7fYCM1G4=
Subject key identifier:   71:A0:AB:D7:75:79:DB:FE:FB:98:16:A8:62:67:B9:B9:38:AF:B6:E2
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019CDD12A01A7F3990EA0EE4E8090EC84FA7
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/caCr13V52_77mBaoYme5uTivtuI.roa
Signing time:             Wed 11 Mar 2026 13:25:11 +0000
ROA not before:           Wed 11 Mar 2026 13:25:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215238
IP address blocks:        212.134.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dd:12:a0:1a:7f:39:90:ea:0e:e4:e8:09:0e:c8:4f:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 11 13:25:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71a0abd77579dbfefb9816a86267b9b938afb6e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6a:2e:aa:1a:b9:67:31:b4:94:0b:76:15:33:
                    61:b7:cf:20:59:0e:49:a4:57:5a:50:2d:33:9f:0b:
                    61:af:b8:8f:be:96:e0:11:2e:67:5c:bb:83:1b:40:
                    f6:f0:f6:38:a4:5b:cb:b4:d9:bd:91:46:bb:10:89:
                    a4:68:9a:a0:06:af:ec:94:9a:e2:ff:af:67:27:c9:
                    c0:d6:a9:97:e9:6e:1b:06:40:16:98:82:39:d6:5c:
                    d0:69:2b:69:dd:69:a4:b6:29:fb:53:a1:56:9d:eb:
                    f2:2b:a6:65:47:59:8e:20:dd:ee:3c:95:e3:2d:4f:
                    f9:a6:18:5d:71:aa:bb:fe:44:bd:c5:d9:b0:f5:25:
                    de:05:79:1f:86:3d:9e:77:53:87:fc:d1:ac:a8:0a:
                    40:5f:a9:08:64:2b:f4:b1:f5:c9:a3:e7:b5:38:10:
                    c8:93:a2:ba:5c:dd:af:cf:63:fc:ac:63:e7:d4:39:
                    30:fd:f3:8c:9b:4f:18:b8:2a:45:5a:7c:64:4a:97:
                    67:61:af:f8:5e:fb:e3:b3:e8:f7:20:5a:c0:9e:e1:
                    da:da:c6:c9:1b:39:6a:4e:32:cd:2f:3d:8d:4e:a7:
                    98:a9:48:6d:ef:d4:3c:ae:c1:45:02:22:6e:f2:7a:
                    c1:36:b1:51:a3:fe:be:67:ab:ef:e9:da:3d:44:52:
                    8e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:A0:AB:D7:75:79:DB:FE:FB:98:16:A8:62:67:B9:B9:38:AF:B6:E2
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/caCr13V52_77mBaoYme5uTivtuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:7c:18:48:aa:07:98:58:64:0b:14:f4:80:10:08:4a:93:bb:
         96:40:e6:7b:cd:06:93:7b:cd:f8:17:85:5b:0a:b5:ad:60:53:
         5c:bf:4d:3d:eb:27:49:c7:6b:8b:5f:cf:8e:91:b9:81:b7:a4:
         0f:83:3d:cc:65:9e:7c:f9:fd:4c:43:35:ac:11:ed:ea:ae:2b:
         54:04:c7:a4:72:5d:1a:6a:0f:0e:3d:ae:7a:d3:52:fb:a6:34:
         12:82:b5:3c:97:f4:16:be:34:9e:b2:c6:c1:f8:eb:2e:76:92:
         da:a1:e9:fb:b5:79:bc:0e:89:48:94:af:46:91:7d:fb:8d:b6:
         cc:57:19:a1:04:68:8a:3e:df:41:06:93:5a:95:9d:c8:97:f1:
         26:06:4a:f1:12:57:c6:51:b5:53:03:a6:3e:05:6b:b6:3b:15:
         d0:75:f7:cb:ca:f3:8d:4e:75:7e:4d:c3:b3:4a:e0:b0:6f:b1:
         a8:52:eb:59:1a:bc:64:90:84:ff:81:11:7a:06:ed:60:fb:33:
         b2:37:2a:1e:46:75:c4:58:d2:46:77:8d:8f:1e:cf:7c:0f:5f:
         ba:0f:a5:a3:49:8c:f6:e9:71:19:3e:cd:d2:17:d6:5c:fa:19:
         4b:e7:70:fd:ab:5f:c5:7c:70:7a:56:68:08:fa:aa:30:3d:00:
         5f:ed:75:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzdEqAafzmQ6g7k6AkOyE+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzExMTMyNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWEwYWJkNzc1NzlkYmZlZmI5ODE2YTg2MjY3YjliOTM4YWZiNmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2ouqhq5ZzG0lAt2FTNht88gWQ5J
pFdaUC0znwthr7iPvpbgES5nXLuDG0D28PY4pFvLtNm9kUa7EImkaJqgBq/slJri
/69nJ8nA1qmX6W4bBkAWmII51lzQaStp3Wmktin7U6FWnevyK6ZlR1mOIN3uPJXj
LU/5phhdcaq7/kS9xdmw9SXeBXkfhj2ed1OH/NGsqApAX6kIZCv0sfXJo+e1OBDI
k6K6XN2vz2P8rGPn1Dkw/fOMm08YuCpFWnxkSpdnYa/4Xvvjs+j3IFrAnuHa2sbJ
GzlqTjLNLz2NTqeYqUht79Q8rsFFAiJu8nrBNrFRo/6+Z6vv6do9RFKOxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGgq9d1edv++5gWqGJnubk4r7biMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvY2FDcjEzVjUyXzc3bUJhb1ltZTV1VGl2dHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IaiMA0G
CSqGSIb3DQEBCwUAA4IBAQA+fBhIqgeYWGQLFPSAEAhKk7uWQOZ7zQaTe834F4Vb
CrWtYFNcv0096ydJx2uLX8+OkbmBt6QPgz3MZZ58+f1MQzWsEe3qritUBMekcl0a
ag8OPa5601L7pjQSgrU8l/QWvjSessbB+OsudpLaoen7tXm8DolIlK9GkX37jbbM
VxmhBGiKPt9BBpNalZ3Il/EmBkrxElfGUbVTA6Y+BWu2OxXQdffLyvONTnV+TcOz
SuCwb7GoUutZGrxkkIT/gRF6Bu1g+zOyNyoeRnXEWNJGd42PHs98D1+6D6WjSYz2
6XEZPs3SF9Zc+hlL53D9q1/FfHB6VmgI+qowPQBf7XVs
-----END CERTIFICATE-----