Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/s9W1w0asd9xPQeTdKkUNF6C5X1k.roa
File:                     s9W1w0asd9xPQeTdKkUNF6C5X1k.roa (raw, json)
Hash identifier:          apUB75bPZD4WybiIIroW9+9+iHWb0/cSI2vLptOhcz0=
Subject key identifier:   B3:D5:B5:C3:46:AC:77:DC:4F:41:E4:DD:2A:45:0D:17:A0:B9:5F:59
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DB9362808BF3432C1270C5A5F01E27BF4
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/s9W1w0asd9xPQeTdKkUNF6C5X1k.roa
Signing time:             Thu 23 Apr 2026 07:20:27 +0000
ROA not before:           Thu 23 Apr 2026 07:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199030
IP address blocks:        212.134.39.0/24 maxlen: 24
                          212.135.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:36:28:08:bf:34:32:c1:27:0c:5a:5f:01:e2:7b:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 23 07:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3d5b5c346ac77dc4f41e4dd2a450d17a0b95f59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c4:3f:3b:e7:ea:61:59:fa:9b:c2:e7:46:e8:
                    4f:a3:6c:c0:36:3c:f5:5a:9b:94:e1:7c:e3:71:09:
                    96:b7:4a:1d:c2:72:41:36:14:87:2b:5a:f9:c3:cc:
                    f6:16:c9:54:cd:4b:6e:f5:0f:56:dc:6a:4a:d0:9c:
                    07:23:00:ae:b3:9a:5a:24:0c:a9:66:86:9a:e3:26:
                    15:99:92:f0:12:0f:d6:e7:e3:ed:b6:0e:47:99:c0:
                    0c:ce:ea:df:47:39:18:08:a2:e8:0c:73:74:62:30:
                    1c:60:93:65:2b:75:1d:06:70:53:d2:84:cf:03:e8:
                    03:e3:ba:06:6d:14:30:66:51:63:9c:3b:12:4a:a5:
                    62:7f:a1:61:c4:2d:cc:d0:b9:54:a2:df:e3:c7:4c:
                    7e:02:ee:3b:45:83:bc:54:6c:1b:dc:b4:1c:56:01:
                    d7:72:32:ba:02:c4:ad:4d:a7:8e:4c:88:1e:99:52:
                    34:d4:ec:1b:fe:3c:8d:79:7d:ca:3d:e0:43:2a:09:
                    d4:02:c5:a6:b5:d4:eb:4b:50:b6:12:14:1b:72:39:
                    b1:7e:f6:6c:36:71:11:07:f7:11:e6:3f:f2:92:a7:
                    c5:16:a1:b8:52:dc:06:d7:aa:6f:88:a0:e8:41:74:
                    a6:ba:63:d7:af:f6:aa:1f:14:f2:47:41:e0:89:99:
                    7f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D5:B5:C3:46:AC:77:DC:4F:41:E4:DD:2A:45:0D:17:A0:B9:5F:59
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/s9W1w0asd9xPQeTdKkUNF6C5X1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.39.0/24
                  212.135.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ba:54:29:36:1e:cf:a3:b3:01:0b:1e:53:e3:e9:97:3a:eb:
         02:f0:e1:1a:d9:d0:aa:8a:69:3d:ce:25:70:f6:57:0d:59:91:
         c0:ea:00:38:7c:65:71:97:13:ed:92:ef:7f:23:17:ce:b2:8e:
         ce:e5:da:6d:fa:4b:3d:12:cf:78:73:33:a9:34:09:f8:5b:eb:
         db:37:8f:86:8e:42:ee:7c:7f:b5:ef:e5:bd:0e:64:ae:41:3f:
         1d:5e:9a:64:df:60:f0:44:a5:3f:07:fd:d2:d8:54:2e:67:45:
         9a:18:d3:c3:ac:f7:39:4f:d2:88:a0:c8:a9:ba:29:cb:a4:d6:
         58:30:f0:27:b2:e9:54:19:e9:54:e1:b8:6b:25:70:e6:b2:79:
         e5:ff:c7:1a:11:be:3e:5d:46:09:5e:76:86:33:11:d8:b9:ee:
         f8:8d:9a:1d:31:31:29:a4:f5:b8:e2:f5:af:7b:44:05:d7:50:
         d3:3c:b7:f3:6a:53:ef:d3:ef:0c:80:f2:d4:eb:c5:70:5d:24:
         65:a8:3e:86:b0:d0:88:03:aa:d6:dd:81:b1:31:cc:31:91:4a:
         c8:74:1c:85:f6:e5:f7:e8:30:2b:dd:d6:1f:49:51:b1:4d:2b:
         31:fa:54:a5:2f:4a:e7:0a:9a:85:aa:e5:e3:88:3c:a3:4f:23:
         a9:e4:72:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ25NigIvzQywScMWl8B4nv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDIzMDcyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Q1YjVjMzQ2YWM3N2RjNGY0MWU0ZGQyYTQ1MGQxN2EwYjk1ZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcQ/O+fqYVn6m8LnRuhPo2zANjz1
WpuU4XzjcQmWt0odwnJBNhSHK1r5w8z2FslUzUtu9Q9W3GpK0JwHIwCus5paJAyp
Zoaa4yYVmZLwEg/W5+Pttg5HmcAMzurfRzkYCKLoDHN0YjAcYJNlK3UdBnBT0oTP
A+gD47oGbRQwZlFjnDsSSqVif6FhxC3M0LlUot/jx0x+Au47RYO8VGwb3LQcVgHX
cjK6AsStTaeOTIgemVI01Owb/jyNeX3KPeBDKgnUAsWmtdTrS1C2EhQbcjmxfvZs
NnERB/cR5j/ykqfFFqG4UtwG16pviKDoQXSmumPXr/aqHxTyR0HgiZl/ZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLPVtcNGrHfcT0Hk3SpFDReguV9ZMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvczlXMXcwYXNkOXhQUWVUZEtrVU5GNkM1WDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IYnAwQA
1IccMA0GCSqGSIb3DQEBCwUAA4IBAQBmulQpNh7Po7MBCx5T4+mXOusC8OEa2dCq
imk9ziVw9lcNWZHA6gA4fGVxlxPtku9/IxfOso7O5dpt+ks9Es94czOpNAn4W+vb
N4+GjkLufH+17+W9DmSuQT8dXppk32DwRKU/B/3S2FQuZ0WaGNPDrPc5T9KIoMip
uinLpNZYMPAnsulUGelU4bhrJXDmsnnl/8caEb4+XUYJXnaGMxHYue74jZodMTEp
pPW44vWve0QF11DTPLfzalPv0+8MgPLU68VwXSRlqD6GsNCIA6rW3YGxMcwxkUrI
dByF9uX36DAr3dYfSVGxTSsx+lSlL0rnCpqFquXjiDyjTyOp5HIf
-----END CERTIFICATE-----