Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/k2ck0dpaUiNhnITnv_nxp5UL2wU.roa
File:                     k2ck0dpaUiNhnITnv_nxp5UL2wU.roa (raw, json)
Hash identifier:          +6IEc3XPWykbyC9i2jJQeFCSqWaPg8M2P/tI27Pfahs=
Subject key identifier:   93:67:24:D1:DA:5A:52:23:61:9C:84:E7:BF:F9:F1:A7:95:0B:DB:05
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E06DA6817331DF46FA0577140913263E7
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/k2ck0dpaUiNhnITnv_nxp5UL2wU.roa
Signing time:             Fri 08 May 2026 09:10:37 +0000
ROA not before:           Fri 08 May 2026 09:10:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        212.134.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:da:68:17:33:1d:f4:6f:a0:57:71:40:91:32:63:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May  8 09:10:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=936724d1da5a5223619c84e7bff9f1a7950bdb05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e0:a8:e0:b5:fa:9a:25:b6:86:28:6f:19:d1:
                    59:70:b0:85:51:e7:07:d2:7e:ae:a4:40:f8:0b:96:
                    75:4e:74:f3:51:c2:a2:af:ec:f6:dd:ff:b2:6c:5e:
                    c0:ac:21:59:b2:48:fb:41:d5:f3:e3:3a:aa:86:8e:
                    e5:c1:9a:5c:1b:4b:50:74:a4:f6:48:a1:50:dd:60:
                    2c:4b:fe:5f:13:be:0a:3b:ad:9c:b5:91:1c:bf:74:
                    92:5d:07:ab:34:5f:50:8d:88:f1:51:8c:eb:ea:fd:
                    33:f5:53:66:48:b1:29:0c:64:b0:6c:44:db:8a:da:
                    0f:4e:11:2d:2b:f0:53:0b:be:b3:d0:b1:d4:8f:66:
                    53:f3:09:c3:fc:0a:b5:98:7f:16:7e:31:23:24:cf:
                    ff:b0:93:4d:d6:1b:7b:b3:23:84:39:89:1c:e2:bd:
                    08:e2:39:b2:a1:48:a7:e1:e1:79:07:7a:4f:aa:ce:
                    83:27:7e:2d:fb:ef:5e:7e:be:51:11:9d:18:47:7e:
                    fa:0e:26:ba:f2:ce:13:78:b4:31:1e:17:f5:17:4b:
                    e7:01:53:30:79:33:03:fd:96:dd:1e:8c:ab:79:b3:
                    8a:5c:2b:9c:9a:9e:61:6a:b1:3d:fd:bb:d3:59:13:
                    43:a1:dc:99:4a:61:51:b9:4f:6e:2f:dd:fa:4c:84:
                    dc:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:67:24:D1:DA:5A:52:23:61:9C:84:E7:BF:F9:F1:A7:95:0B:DB:05
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/k2ck0dpaUiNhnITnv_nxp5UL2wU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:84:66:ae:86:0d:fa:13:c8:ea:ac:6e:1b:d1:b4:fa:e4:d7:
         59:20:0e:05:30:27:bf:28:b5:33:13:00:4a:15:0b:d7:6d:75:
         d4:08:5f:8f:bb:3d:27:7e:5b:99:04:bd:7d:e2:3a:ab:51:d7:
         a8:35:85:40:ac:8a:31:41:aa:fc:0d:0f:74:30:10:dd:ae:09:
         e7:74:1e:a4:35:48:d7:11:92:4a:24:16:ce:6b:ed:2c:14:9a:
         48:63:74:44:5b:28:60:03:3d:f8:42:cd:be:13:aa:6d:af:c9:
         c5:d0:d4:c8:a9:6e:b2:18:45:0c:86:95:64:b3:4f:c4:32:a4:
         05:53:7e:38:4e:e8:da:8a:13:90:32:83:6a:21:33:b8:0d:f9:
         97:5e:ed:e5:11:a8:d1:0a:94:b8:72:1c:69:2b:10:6c:45:78:
         b0:34:48:d9:1c:60:2f:4e:9c:97:16:4b:ff:7b:03:67:19:ef:
         21:22:01:0b:7a:f4:8f:2b:bd:fe:ed:98:19:e3:24:62:e9:48:
         b2:e8:b2:a1:5f:8a:99:ce:2d:7d:d2:f1:2a:59:c8:d5:d7:12:
         72:19:fb:49:8f:21:57:e6:87:39:cd:49:d2:5d:47:b7:30:ca:
         ab:80:27:52:31:fc:e0:81:3d:da:dc:60:1d:a2:d1:37:dc:c5:
         fa:35:1c:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4G2mgXMx30b6BXcUCRMmPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTA4MDkxMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzY3MjRkMWRhNWE1MjIzNjE5Yzg0ZTdiZmY5ZjFhNzk1MGJkYjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+Co4LX6miW2hihvGdFZcLCFUecH
0n6upED4C5Z1TnTzUcKir+z23f+ybF7ArCFZskj7QdXz4zqqho7lwZpcG0tQdKT2
SKFQ3WAsS/5fE74KO62ctZEcv3SSXQerNF9QjYjxUYzr6v0z9VNmSLEpDGSwbETb
itoPThEtK/BTC76z0LHUj2ZT8wnD/Aq1mH8WfjEjJM//sJNN1ht7syOEOYkc4r0I
4jmyoUin4eF5B3pPqs6DJ34t++9efr5REZ0YR376Dia68s4TeLQxHhf1F0vnAVMw
eTMD/ZbdHoyrebOKXCucmp5harE9/bvTWRNDodyZSmFRuU9uL936TITcMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNnJNHaWlIjYZyE57/58aeVC9sFMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvazJjazBkcGFVaU5obklUbnZfbnhwNVVMMndVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IYQMA0G
CSqGSIb3DQEBCwUAA4IBAQCwhGauhg36E8jqrG4b0bT65NdZIA4FMCe/KLUzEwBK
FQvXbXXUCF+Puz0nfluZBL194jqrUdeoNYVArIoxQar8DQ90MBDdrgnndB6kNUjX
EZJKJBbOa+0sFJpIY3REWyhgAz34Qs2+E6ptr8nF0NTIqW6yGEUMhpVks0/EMqQF
U344TujaihOQMoNqITO4DfmXXu3lEajRCpS4chxpKxBsRXiwNEjZHGAvTpyXFkv/
ewNnGe8hIgELevSPK73+7ZgZ4yRi6Uiy6LKhX4qZzi190vEqWcjV1xJyGftJjyFX
5oc5zUnSXUe3MMqrgCdSMfzggT3a3GAdotE33MX6NRxB
-----END CERTIFICATE-----