Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mOuogbZbGlFQta6qtY0ZhYxeVa8.roa
File:                     mOuogbZbGlFQta6qtY0ZhYxeVa8.roa (raw, json)
Hash identifier:          1rB1xraf5ycOpP89jOue0SjyCIymE8a4bCaSY/bhzwA=
Subject key identifier:   98:EB:A8:81:B6:5B:1A:51:50:B5:AE:AA:B5:8D:19:85:8C:5E:55:AF
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D29EB95E21A61C3FCAFA2B659BC08878C
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mOuogbZbGlFQta6qtY0ZhYxeVa8.roa
Signing time:             Thu 26 Mar 2026 11:33:18 +0000
ROA not before:           Thu 26 Mar 2026 11:33:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        212.134.82.0/24 maxlen: 24
                          212.134.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:eb:95:e2:1a:61:c3:fc:af:a2:b6:59:bc:08:87:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 26 11:33:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98eba881b65b1a5150b5aeaab58d19858c5e55af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0f:a5:4b:1a:bf:04:1b:9e:4b:a2:67:ba:4c:
                    b1:95:e8:6e:10:73:67:01:32:ee:4b:48:83:64:b7:
                    81:c1:01:98:2d:8a:82:e5:c9:29:b0:3c:73:e7:7c:
                    86:85:1e:2c:84:5c:61:92:2a:8c:47:73:94:2d:d5:
                    0e:f3:ae:1f:2c:52:02:00:ed:6d:01:a4:ef:d6:23:
                    fb:29:ce:4e:07:67:1c:f8:03:66:af:70:1e:32:e8:
                    3d:cf:e6:a1:7e:d4:b7:ba:15:12:1a:c1:25:33:fe:
                    52:2b:1a:b2:9c:d7:6a:df:55:3b:31:84:46:85:79:
                    ea:8a:3f:66:79:b6:fe:fb:bf:e2:5a:b7:9f:6f:10:
                    77:fa:8c:28:e1:ba:ae:e2:56:eb:c4:ff:5f:d2:62:
                    47:8f:4c:e5:f6:0d:88:8b:ed:ee:00:e0:1f:51:9b:
                    d0:4e:81:a8:69:3d:01:ca:83:b0:7e:5e:f8:88:0f:
                    9c:2b:05:1a:41:59:38:5d:2d:d7:b4:2b:90:b2:77:
                    71:3b:51:1a:6f:bd:00:aa:ba:2d:50:09:cd:59:fd:
                    65:80:28:e7:7d:9f:a9:d2:5b:95:34:3f:42:1b:96:
                    89:64:82:9c:8d:fb:89:b6:9c:db:d1:9b:22:bd:71:
                    09:73:e0:e5:7c:f6:a9:cd:e3:10:8f:4e:02:50:a6:
                    34:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:EB:A8:81:B6:5B:1A:51:50:B5:AE:AA:B5:8D:19:85:8C:5E:55:AF
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mOuogbZbGlFQta6qtY0ZhYxeVa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.82.0/24
                  212.134.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:3e:71:2f:56:53:93:bf:fc:0d:01:7e:a9:0a:00:c9:7b:94:
         2f:80:c1:de:99:e5:06:2f:4e:29:66:0f:ff:fe:e0:40:8d:3e:
         f9:2f:25:60:1e:bf:2e:ac:ca:fe:ca:53:cb:94:6a:b3:96:ef:
         b5:eb:24:52:a0:77:8f:af:61:a2:e1:43:f8:e8:a1:93:46:ad:
         e5:e1:97:97:6d:77:60:4b:99:2f:4b:9e:dc:38:75:7f:ed:ea:
         8d:57:e6:68:fe:13:f9:0c:15:73:4b:10:6c:1e:7f:89:31:f7:
         49:19:bc:69:01:1a:4b:3e:17:69:5a:4e:03:22:fd:63:45:99:
         b8:b3:27:df:87:5b:bf:ef:cb:0d:b2:6a:bf:50:90:f0:10:fd:
         5e:95:c9:04:18:53:a6:b6:c5:d4:dc:7f:aa:9d:fe:57:c7:13:
         9f:5f:d3:81:09:64:9f:d3:8c:b2:30:b7:6c:6d:56:ef:62:5a:
         34:77:d6:16:a4:24:dc:c9:5b:39:de:6b:00:33:40:bd:f2:48:
         2b:dc:37:b9:eb:5a:97:4e:d3:0e:c6:c5:f4:92:91:a6:33:e0:
         09:32:a3:f5:7f:68:71:f3:82:f3:f8:ac:e4:fe:9b:3c:87:d7:
         8a:9f:60:c1:8e:c1:6d:36:94:bd:58:1a:53:67:a7:dc:cd:fe:
         9a:ed:ed:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0p65XiGmHD/K+itlm8CIeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzI2MTEzMzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGViYTg4MWI2NWIxYTUxNTBiNWFlYWFiNThkMTk4NThjNWU1NWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqw+lSxq/BBueS6JnukyxlehuEHNn
ATLuS0iDZLeBwQGYLYqC5ckpsDxz53yGhR4shFxhkiqMR3OULdUO864fLFICAO1t
AaTv1iP7Kc5OB2cc+ANmr3AeMug9z+ahftS3uhUSGsElM/5SKxqynNdq31U7MYRG
hXnqij9mebb++7/iWrefbxB3+owo4bqu4lbrxP9f0mJHj0zl9g2Ii+3uAOAfUZvQ
ToGoaT0ByoOwfl74iA+cKwUaQVk4XS3XtCuQsndxO1Eab70AqrotUAnNWf1lgCjn
fZ+p0luVND9CG5aJZIKcjfuJtpzb0ZsivXEJc+DlfPapzeMQj04CUKY05wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJjrqIG2WxpRULWuqrWNGYWMXlWvMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvbU91b2diWmJHbEZRdGE2cXRZMFpoWXhlVmE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IZSAwQA
1IaAMA0GCSqGSIb3DQEBCwUAA4IBAQDUPnEvVlOTv/wNAX6pCgDJe5QvgMHemeUG
L04pZg///uBAjT75LyVgHr8urMr+ylPLlGqzlu+16yRSoHePr2Gi4UP46KGTRq3l
4ZeXbXdgS5kvS57cOHV/7eqNV+Zo/hP5DBVzSxBsHn+JMfdJGbxpARpLPhdpWk4D
Iv1jRZm4syffh1u/78sNsmq/UJDwEP1elckEGFOmtsXU3H+qnf5XxxOfX9OBCWSf
04yyMLdsbVbvYlo0d9YWpCTcyVs53msAM0C98kgr3De561qXTtMOxsX0kpGmM+AJ
MqP1f2hx84Lz+Kzk/ps8h9eKn2DBjsFtNpS9WBpTZ6fczf6a7e1w
-----END CERTIFICATE-----