Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/v_KZiXkPLtLun2CqpwwwcDw3o1k.roa
File:                     v_KZiXkPLtLun2CqpwwwcDw3o1k.roa (raw, json)
Hash identifier:          HV6jXiQgI1q6BwxhcZduEm+UUhnRbQvdE7g3qqL0S3A=
Subject key identifier:   BF:F2:99:89:79:0F:2E:D2:EE:9F:60:AA:A7:0C:30:70:3C:37:A3:59
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DF1AEACC1281E37D41240454D87AED66B
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/v_KZiXkPLtLun2CqpwwwcDw3o1k.roa
Signing time:             Mon 04 May 2026 06:30:49 +0000
ROA not before:           Mon 04 May 2026 06:30:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        212.134.90.0/24 maxlen: 24
                          212.135.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f1:ae:ac:c1:28:1e:37:d4:12:40:45:4d:87:ae:d6:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May  4 06:30:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bff29989790f2ed2ee9f60aaa70c30703c37a359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:71:9b:df:99:16:19:fc:64:18:30:66:8a:df:
                    f5:1c:5b:fd:48:1b:af:b7:aa:48:df:3b:86:b6:fe:
                    7f:53:f3:fa:a7:01:ec:44:20:96:8a:ab:b5:03:5a:
                    5f:ef:ef:a0:21:bd:f6:84:47:27:1a:78:ed:16:b8:
                    53:1a:23:47:e4:22:51:88:28:e9:74:95:ef:89:f0:
                    4f:85:25:16:08:a7:55:36:49:19:2a:be:6a:2c:74:
                    0a:1e:c6:58:6c:1e:3d:b6:62:87:33:0e:fd:5d:5e:
                    32:42:70:a9:dd:2a:4c:e7:e3:d6:96:7b:3b:21:b9:
                    87:b2:0d:b3:b6:16:c4:2b:74:0d:96:59:18:39:15:
                    aa:a0:20:74:14:2d:c8:2b:ba:61:9b:91:ad:d0:1a:
                    13:43:7d:a1:ee:d8:48:11:e1:58:93:3e:7f:44:f8:
                    11:80:6b:b1:ba:4d:c3:ad:9a:51:00:98:13:51:31:
                    ed:07:79:b8:ed:76:eb:61:76:28:84:55:cd:a6:26:
                    02:45:3a:15:de:ae:1a:55:05:62:9e:b3:90:8d:6e:
                    82:45:12:38:93:3d:f1:42:c0:3a:e4:60:65:56:70:
                    a1:65:06:2f:4a:c4:9c:cb:80:00:eb:a5:1e:ec:0e:
                    84:eb:69:5d:97:48:98:01:0d:b5:70:72:91:e3:5a:
                    ac:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:F2:99:89:79:0F:2E:D2:EE:9F:60:AA:A7:0C:30:70:3C:37:A3:59
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/v_KZiXkPLtLun2CqpwwwcDw3o1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.90.0/24
                  212.135.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:a8:15:ed:d5:c4:7e:70:43:b1:76:f2:84:b9:f0:8e:97:7a:
         99:c2:8e:84:0b:2f:02:40:a5:14:db:84:62:bb:0c:15:d0:19:
         fe:08:19:d8:12:f8:1e:b6:e4:4e:62:b0:76:fa:5d:a8:07:6a:
         ab:d3:e6:05:b3:78:b4:1f:9c:45:30:9d:86:53:f0:d0:06:c2:
         6a:88:6c:26:b2:f4:c1:16:23:5c:23:ac:ef:93:1b:14:6d:12:
         3b:d1:fe:cc:3e:1f:a7:ab:55:d4:ce:fc:41:93:09:2b:f9:e1:
         38:76:7f:7f:4f:f2:f8:8b:9f:c2:0e:b7:a5:76:bc:62:f2:05:
         20:09:f0:72:63:3a:f9:43:27:23:30:41:92:92:16:07:8e:07:
         04:41:ef:79:33:02:05:66:cd:d8:94:17:6a:5b:f4:45:5c:b3:
         f5:8e:d1:bd:41:2b:3a:df:cc:7e:e9:29:b9:31:15:ab:1b:d9:
         b9:b8:cd:2c:0c:31:4d:86:f5:b1:54:3d:13:c6:20:3c:e1:36:
         1b:8d:65:ee:82:29:b6:0c:a9:e3:b2:a1:ff:fa:d7:cd:f8:1c:
         37:70:ae:ba:29:05:f8:27:f9:f0:65:28:c6:09:e5:30:b0:bc:
         12:d5:9f:34:d1:fd:50:18:69:54:8f:2d:ea:1d:5f:7d:44:36:
         62:7d:c0:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3xrqzBKB431BJARU2HrtZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTA0MDYzMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmYyOTk4OTc5MGYyZWQyZWU5ZjYwYWFhNzBjMzA3MDNjMzdhMzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXGb35kWGfxkGDBmit/1HFv9SBuv
t6pI3zuGtv5/U/P6pwHsRCCWiqu1A1pf7++gIb32hEcnGnjtFrhTGiNH5CJRiCjp
dJXvifBPhSUWCKdVNkkZKr5qLHQKHsZYbB49tmKHMw79XV4yQnCp3SpM5+PWlns7
IbmHsg2zthbEK3QNllkYORWqoCB0FC3IK7phm5Gt0BoTQ32h7thIEeFYkz5/RPgR
gGuxuk3DrZpRAJgTUTHtB3m47XbrYXYohFXNpiYCRToV3q4aVQVinrOQjW6CRRI4
kz3xQsA65GBlVnChZQYvSsScy4AA66Ue7A6E62ldl0iYAQ21cHKR41qsjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL/ymYl5Dy7S7p9gqqcMMHA8N6NZMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvdl9LWmlYa1BMdEx1bjJDcXB3d3djRHczbzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IZaAwQA
1IegMA0GCSqGSIb3DQEBCwUAA4IBAQAjqBXt1cR+cEOxdvKEufCOl3qZwo6ECy8C
QKUU24RiuwwV0Bn+CBnYEvgetuROYrB2+l2oB2qr0+YFs3i0H5xFMJ2GU/DQBsJq
iGwmsvTBFiNcI6zvkxsUbRI70f7MPh+nq1XUzvxBkwkr+eE4dn9/T/L4i5/CDrel
drxi8gUgCfByYzr5QycjMEGSkhYHjgcEQe95MwIFZs3YlBdqW/RFXLP1jtG9QSs6
38x+6Sm5MRWrG9m5uM0sDDFNhvWxVD0TxiA84TYbjWXugim2DKnjsqH/+tfN+Bw3
cK66KQX4J/nwZSjGCeUwsLwS1Z800f1QGGlUjy3qHV99RDZifcAO
-----END CERTIFICATE-----