Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/sM6xyGUwXbIENIG-2kG5rNnqAJI.roa
File:                     sM6xyGUwXbIENIG-2kG5rNnqAJI.roa (raw, json)
Hash identifier:          yrWjgfb1XH0rmqrt8ek7AoVwUCaQjFhWx3IG/48IZn4=
Subject key identifier:   B0:CE:B1:C8:65:30:5D:B2:04:34:81:BE:DA:41:B9:AC:D9:EA:00:92
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D29227D531047BECBF7674F526287B8AF
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/sM6xyGUwXbIENIG-2kG5rNnqAJI.roa
Signing time:             Thu 26 Mar 2026 07:53:39 +0000
ROA not before:           Thu 26 Mar 2026 07:53:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        212.135.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:22:7d:53:10:47:be:cb:f7:67:4f:52:62:87:b8:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 26 07:53:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0ceb1c865305db2043481beda41b9acd9ea0092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:88:95:8b:da:4b:3e:ff:26:10:4f:2f:b1:da:
                    4a:83:88:75:07:d1:0e:d2:da:1c:bf:bd:cc:83:5a:
                    c6:99:0b:4c:90:b2:73:61:66:93:37:9b:d3:a0:36:
                    5d:e8:61:23:6a:68:4e:46:0c:bb:06:18:af:ba:d1:
                    66:f2:10:51:77:db:10:a0:63:df:cf:03:4b:30:89:
                    50:e9:c4:97:f4:2f:3b:6b:bf:f5:1b:19:cb:1d:55:
                    17:ae:e6:fb:25:d7:31:8e:93:f6:19:12:4c:14:ab:
                    1c:d7:d2:bc:70:d4:74:65:c3:f3:d8:4b:83:d7:3b:
                    1d:80:04:f7:28:56:ed:bf:64:9f:43:e6:4e:33:0a:
                    b6:11:2e:cc:15:1f:9a:8e:e9:e0:b0:bf:bc:aa:84:
                    90:3f:de:2b:bd:ce:22:da:21:ba:a3:91:27:1d:9d:
                    94:af:6f:78:74:33:7b:a5:bb:b2:c7:7d:b4:23:f0:
                    a7:0f:44:f9:e7:32:4c:5e:09:a5:06:a2:bf:84:30:
                    38:99:3d:73:8b:b3:a2:b1:57:b8:35:f3:ab:22:7f:
                    dd:85:b1:40:50:69:4e:7d:08:28:4d:2c:21:51:05:
                    2d:37:8e:40:52:36:6b:19:a8:ea:59:ad:74:35:55:
                    87:9a:57:55:86:b3:7e:bc:f9:ea:f5:5a:39:21:e1:
                    38:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:CE:B1:C8:65:30:5D:B2:04:34:81:BE:DA:41:B9:AC:D9:EA:00:92
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/sM6xyGUwXbIENIG-2kG5rNnqAJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:55:4d:45:f6:b6:8f:6a:05:a5:51:51:2c:2b:b4:b7:87:ea:
         98:1f:4c:59:fe:82:f7:a7:e9:db:87:79:e1:dc:ca:28:8e:59:
         43:6b:0a:5c:b9:e3:01:5d:68:b8:c9:ac:33:65:dc:56:bb:af:
         e8:e3:27:aa:27:23:b2:08:56:71:b8:f3:e4:40:88:a6:94:08:
         9a:49:97:75:66:a7:13:99:a1:4c:d4:54:c2:0d:bd:4f:f8:cd:
         d3:36:62:8a:5b:ec:f6:6b:5e:16:c6:67:3c:cd:2d:4e:50:bf:
         6b:2f:44:70:a7:17:ed:5c:8c:88:ab:be:b5:07:94:ce:ab:47:
         e8:20:70:27:c3:9e:90:d6:43:08:35:78:e9:b2:a5:46:47:64:
         79:70:31:31:ac:32:28:fb:35:43:c6:0e:c5:63:3b:23:8a:63:
         65:0e:49:ca:d0:2f:83:ae:7c:06:eb:99:a6:c5:dd:a2:3c:31:
         e4:da:d9:63:b0:ce:1c:5d:5f:d1:30:a7:57:65:c2:95:40:fc:
         9e:a1:26:89:ba:75:90:cc:3d:e2:e9:9f:36:f5:cd:23:51:03:
         94:c3:38:0f:10:7e:9b:74:8c:a6:75:82:50:25:73:da:17:d1:
         d6:9f:cd:b4:ba:a6:37:aa:d6:e2:4c:4a:9d:45:6b:55:ea:59:
         93:96:2a:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pIn1TEEe+y/dnT1Jih7ivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzI2MDc1MzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGNlYjFjODY1MzA1ZGIyMDQzNDgxYmVkYTQxYjlhY2Q5ZWEwMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIiVi9pLPv8mEE8vsdpKg4h1B9EO
0tocv73Mg1rGmQtMkLJzYWaTN5vToDZd6GEjamhORgy7BhivutFm8hBRd9sQoGPf
zwNLMIlQ6cSX9C87a7/1GxnLHVUXrub7JdcxjpP2GRJMFKsc19K8cNR0ZcPz2EuD
1zsdgAT3KFbtv2SfQ+ZOMwq2ES7MFR+ajungsL+8qoSQP94rvc4i2iG6o5EnHZ2U
r294dDN7pbuyx320I/CnD0T55zJMXgmlBqK/hDA4mT1zi7OisVe4NfOrIn/dhbFA
UGlOfQgoTSwhUQUtN45AUjZrGajqWa10NVWHmldVhrN+vPnq9Vo5IeE44QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDOschlMF2yBDSBvtpBuazZ6gCSMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvc002eHlHVXdYYklFTklHLTJrRzVyTm5xQUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IfyMA0G
CSqGSIb3DQEBCwUAA4IBAQCpVU1F9raPagWlUVEsK7S3h+qYH0xZ/oL3p+nbh3nh
3MoojllDawpcueMBXWi4yawzZdxWu6/o4yeqJyOyCFZxuPPkQIimlAiaSZd1ZqcT
maFM1FTCDb1P+M3TNmKKW+z2a14Wxmc8zS1OUL9rL0RwpxftXIyIq761B5TOq0fo
IHAnw56Q1kMINXjpsqVGR2R5cDExrDIo+zVDxg7FYzsjimNlDknK0C+DrnwG65mm
xd2iPDHk2tljsM4cXV/RMKdXZcKVQPyeoSaJunWQzD3i6Z829c0jUQOUwzgPEH6b
dIymdYJQJXPaF9HWn820uqY3qtbiTEqdRWtV6lmTliqv
-----END CERTIFICATE-----