Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/w9UvP8dJCPpBmROh_4WHxNsRWtU.roa
File:                     w9UvP8dJCPpBmROh_4WHxNsRWtU.roa (raw, json)
Hash identifier:          iZvuY85Zqs++lKGNcvDUXyEUd2DK94nzvHx5xG1f5VA=
Subject key identifier:   C3:D5:2F:3F:C7:49:08:FA:41:99:13:A1:FF:85:87:C4:DB:11:5A:D5
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DD166C970153EEB78CF505AAC1D7A0849
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/w9UvP8dJCPpBmROh_4WHxNsRWtU.roa
Signing time:             Tue 28 Apr 2026 00:04:27 +0000
ROA not before:           Tue 28 Apr 2026 00:04:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397423
IP address blocks:        212.135.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d1:66:c9:70:15:3e:eb:78:cf:50:5a:ac:1d:7a:08:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 28 00:04:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3d52f3fc74908fa419913a1ff8587c4db115ad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3e:9b:00:4a:64:99:8d:68:5f:94:a0:d4:91:
                    07:87:64:f6:bf:2d:14:1c:70:89:5d:16:73:05:09:
                    9b:4f:a9:25:fe:fe:60:8c:b2:ae:0d:ea:23:00:67:
                    87:d7:db:a4:94:55:c4:45:b8:52:d7:1b:80:0d:26:
                    61:61:93:1e:d8:78:cc:c8:c8:70:06:a0:03:af:9a:
                    d6:da:ef:95:50:94:c1:1e:75:c1:18:d7:f3:c1:ca:
                    5a:cf:1d:19:1e:f0:91:da:17:5f:8d:b9:05:a5:8e:
                    cf:d1:d4:ee:26:e0:55:75:7d:d6:3e:4c:de:62:25:
                    c1:cd:28:c0:16:a3:d4:c3:7e:df:07:29:b0:50:78:
                    eb:67:25:c5:b1:01:0d:07:b8:dd:7e:24:72:49:85:
                    6d:e2:fe:13:16:83:e0:c9:10:ad:6e:b6:0c:84:b0:
                    13:01:47:71:1d:e5:01:55:2f:36:3a:70:43:b4:20:
                    5b:d2:56:47:6d:e7:f0:de:34:85:78:bc:d6:e8:83:
                    84:e2:3d:13:f6:ce:80:04:69:9f:be:83:83:9d:c9:
                    83:d2:ff:41:f4:5b:d4:4e:f1:12:d7:6c:4b:3c:1e:
                    d7:23:1b:14:bb:25:cb:d7:b5:7a:97:3d:c3:45:65:
                    8c:97:c8:36:7b:0b:46:7c:53:9e:0f:77:0f:66:51:
                    91:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D5:2F:3F:C7:49:08:FA:41:99:13:A1:FF:85:87:C4:DB:11:5A:D5
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/w9UvP8dJCPpBmROh_4WHxNsRWtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:fb:ba:e0:13:7b:8c:14:41:f5:9a:9e:68:3e:c8:a5:84:d8:
         37:ff:95:ae:ed:8a:ae:75:f9:a3:51:70:c6:bd:8a:f8:07:1b:
         40:b2:85:15:6a:27:79:61:c8:ee:15:4f:96:b2:96:8c:9c:0a:
         3f:01:6c:62:90:69:58:fd:e7:6a:20:9b:8c:66:b0:3a:f0:fb:
         cb:33:ca:69:8b:08:36:80:96:89:f1:fc:64:31:cd:1b:d0:38:
         68:b6:ca:29:3e:03:86:9d:e5:2f:9e:77:33:bc:92:a9:aa:08:
         91:17:1a:5a:02:39:a3:42:0f:cd:ad:f9:a9:e0:1e:60:72:df:
         27:3a:12:ae:02:d3:eb:f1:fc:3b:1d:d2:f8:dd:4c:1e:ad:f7:
         63:dc:68:7c:c1:27:fd:52:63:14:ed:02:88:39:fc:d5:eb:9f:
         c9:b4:be:96:2d:94:e9:5d:f8:d1:a3:63:3b:78:a5:81:47:35:
         71:97:a4:e3:af:d4:97:e3:7f:7f:aa:de:4c:30:2d:e2:7f:2a:
         8e:a6:74:6e:8b:0a:44:1a:c8:7d:96:5e:b8:4a:c8:89:d5:a1:
         70:f8:5a:bb:b4:81:83:7b:0f:d8:f2:9a:e4:2d:75:68:60:33:
         45:a3:da:38:a2:ad:48:55:89:f4:07:46:1d:17:1d:c8:3a:9c:
         fe:b3:af:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3RZslwFT7reM9QWqwdeghJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDI4MDAwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Q1MmYzZmM3NDkwOGZhNDE5OTEzYTFmZjg1ODdjNGRiMTE1YWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsz6bAEpkmY1oX5Sg1JEHh2T2vy0U
HHCJXRZzBQmbT6kl/v5gjLKuDeojAGeH19uklFXERbhS1xuADSZhYZMe2HjMyMhw
BqADr5rW2u+VUJTBHnXBGNfzwcpazx0ZHvCR2hdfjbkFpY7P0dTuJuBVdX3WPkze
YiXBzSjAFqPUw37fBymwUHjrZyXFsQENB7jdfiRySYVt4v4TFoPgyRCtbrYMhLAT
AUdxHeUBVS82OnBDtCBb0lZHbefw3jSFeLzW6IOE4j0T9s6ABGmfvoODncmD0v9B
9FvUTvES12xLPB7XIxsUuyXL17V6lz3DRWWMl8g2ewtGfFOeD3cPZlGRjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPVLz/HSQj6QZkTof+Fh8TbEVrVMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvdzlVdlA4ZEpDUHBCbVJPaF80V0h4TnNSV3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1IfIMA0G
CSqGSIb3DQEBCwUAA4IBAQBR+7rgE3uMFEH1mp5oPsilhNg3/5Wu7YqudfmjUXDG
vYr4BxtAsoUVaid5YcjuFU+WspaMnAo/AWxikGlY/edqIJuMZrA68PvLM8ppiwg2
gJaJ8fxkMc0b0DhotsopPgOGneUvnnczvJKpqgiRFxpaAjmjQg/Nrfmp4B5gct8n
OhKuAtPr8fw7HdL43Uwerfdj3Gh8wSf9UmMU7QKIOfzV65/JtL6WLZTpXfjRo2M7
eKWBRzVxl6Tjr9SX439/qt5MMC3ifyqOpnRuiwpEGsh9ll64SsiJ1aFw+Fq7tIGD
ew/Y8prkLXVoYDNFo9o4oq1IVYn0B0YdFx3IOpz+s68p
-----END CERTIFICATE-----