Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mBJfhjfnTXJ2nK3HAtSYyGTSKl8.roa
File:                     mBJfhjfnTXJ2nK3HAtSYyGTSKl8.roa (raw, json)
Hash identifier:          zTC1fWSeLdDsoShx8R3Wzq2K3mLCWUuPTw3RZaJjSDo=
Subject key identifier:   98:12:5F:86:37:E7:4D:72:76:9C:AD:C7:02:D4:98:C8:64:D2:2A:5F
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D1952CCC0EC1D5E071198B1F8EAF75281
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mBJfhjfnTXJ2nK3HAtSYyGTSKl8.roa
Signing time:             Mon 23 Mar 2026 06:12:29 +0000
ROA not before:           Mon 23 Mar 2026 06:12:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        212.134.16.0/24 maxlen: 24
                          212.134.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:52:cc:c0:ec:1d:5e:07:11:98:b1:f8:ea:f7:52:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 23 06:12:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98125f8637e74d72769cadc702d498c864d22a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a4:f7:e4:e6:2b:0c:a0:14:32:47:09:7c:f0:
                    06:30:63:a3:19:5a:13:a6:3e:99:ef:75:1d:30:bd:
                    23:82:a1:37:53:5f:e8:a3:70:19:4d:eb:02:bf:6b:
                    e5:48:89:06:5c:ff:14:37:72:b9:2a:93:96:44:fe:
                    3a:52:bd:2f:60:45:6f:4c:3e:12:4b:46:be:13:29:
                    25:2f:b0:e6:5d:19:93:67:ce:c6:70:6a:87:45:c6:
                    ef:f5:d5:65:2b:16:a5:b8:a4:22:0c:33:85:c6:67:
                    dd:12:52:e5:4f:51:52:32:69:a4:08:13:78:83:7f:
                    43:3c:3f:c0:29:05:f7:ba:ba:6b:1e:36:22:03:d7:
                    51:48:d5:1e:af:9a:cf:dd:a4:1d:34:32:d4:1d:90:
                    d2:96:a6:b6:84:c4:6f:7f:bf:77:ab:1c:0a:e8:c3:
                    96:a8:a8:07:b3:03:df:04:e5:36:86:d8:7e:ab:ed:
                    32:2f:24:c4:9f:68:69:9e:c6:ef:72:33:6b:9d:68:
                    ae:6f:46:da:26:fa:40:88:8a:48:44:28:02:27:65:
                    c4:22:2a:fd:51:6b:bf:63:cf:79:cb:a1:ab:2d:a4:
                    5d:66:15:92:92:b7:ae:c2:fc:0f:df:6b:af:9e:f2:
                    a8:bd:f0:2e:b9:ad:2c:2b:a2:0d:5d:5f:60:da:98:
                    cb:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:12:5F:86:37:E7:4D:72:76:9C:AD:C7:02:D4:98:C8:64:D2:2A:5F
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mBJfhjfnTXJ2nK3HAtSYyGTSKl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.16.0/24
                  212.134.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:cf:79:5b:15:fb:e6:c6:4e:d7:79:e1:58:be:58:58:a2:aa:
         b3:3e:47:f9:69:7c:26:dd:3f:53:ec:b4:82:b9:19:7d:5e:03:
         a2:18:1e:e2:ba:e6:50:f3:40:0a:96:e5:3e:3b:82:b0:eb:b9:
         d4:4f:a2:55:92:99:3d:d3:45:82:90:d1:9c:f3:c4:49:6c:fb:
         6b:ee:29:d6:3f:88:2a:ea:26:41:ff:e0:b4:6d:a5:13:3a:ce:
         f0:1f:f9:6e:00:71:74:2f:2a:6b:cd:4b:99:68:39:11:d1:a1:
         75:58:54:64:32:21:ec:03:9d:7f:42:29:62:cd:f9:27:72:02:
         13:41:53:e8:51:5b:50:52:b8:1b:38:4d:53:43:4f:cb:a8:4e:
         14:00:37:f5:6e:45:c9:e5:f4:92:b0:80:6a:6b:e9:3b:15:96:
         fa:d6:1c:7c:80:21:fa:84:22:1d:c6:f6:35:21:8b:b8:3b:21:
         9c:e5:fa:a1:5f:a9:93:68:48:a3:57:0f:80:c9:88:f5:2c:ff:
         c1:39:92:0d:e9:be:cf:81:74:b3:e4:59:0a:fb:97:e9:65:67:
         13:7f:6a:2b:ed:3a:2d:a1:bb:69:28:08:9d:40:69:50:2e:27:
         15:29:ed:3f:ac:ba:c2:cf:5f:92:31:ce:c0:12:ec:9f:a6:ab:
         fc:77:3b:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0ZUszA7B1eBxGYsfjq91KBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzIzMDYxMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODEyNWY4NjM3ZTc0ZDcyNzY5Y2FkYzcwMmQ0OThjODY0ZDIyYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6T35OYrDKAUMkcJfPAGMGOjGVoT
pj6Z73UdML0jgqE3U1/oo3AZTesCv2vlSIkGXP8UN3K5KpOWRP46Ur0vYEVvTD4S
S0a+EyklL7DmXRmTZ87GcGqHRcbv9dVlKxaluKQiDDOFxmfdElLlT1FSMmmkCBN4
g39DPD/AKQX3urprHjYiA9dRSNUer5rP3aQdNDLUHZDSlqa2hMRvf793qxwK6MOW
qKgHswPfBOU2hth+q+0yLyTEn2hpnsbvcjNrnWiub0baJvpAiIpIRCgCJ2XEIir9
UWu/Y895y6GrLaRdZhWSkreuwvwP32uvnvKovfAuua0sK6INXV9g2pjLiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJgSX4Y3501ydpytxwLUmMhk0ipfMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvbUJKZmhqZm5UWEoybkszSEF0U1l5R1RTS2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IYQAwQA
1IZRMA0GCSqGSIb3DQEBCwUAA4IBAQAuz3lbFfvmxk7XeeFYvlhYoqqzPkf5aXwm
3T9T7LSCuRl9XgOiGB7iuuZQ80AKluU+O4Kw67nUT6JVkpk900WCkNGc88RJbPtr
7inWP4gq6iZB/+C0baUTOs7wH/luAHF0LyprzUuZaDkR0aF1WFRkMiHsA51/Qili
zfkncgITQVPoUVtQUrgbOE1TQ0/LqE4UADf1bkXJ5fSSsIBqa+k7FZb61hx8gCH6
hCIdxvY1IYu4OyGc5fqhX6mTaEijVw+AyYj1LP/BOZIN6b7PgXSz5FkK+5fpZWcT
f2or7TotobtpKAidQGlQLicVKe0/rLrCz1+SMc7AEuyfpqv8dzuC
-----END CERTIFICATE-----