Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/x3w0PY34AHdHibrRaTZxRgJrYKM.roa
File:                     x3w0PY34AHdHibrRaTZxRgJrYKM.roa (raw, json)
Hash identifier:          pZDMwq6Vs6QnzFDUOioUVAO8CS6/qHyHxHtMH2uGMvs=
Subject key identifier:   C7:7C:34:3D:8D:F8:00:77:47:89:BA:D1:69:36:71:46:02:6B:60:A3
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       01991A1A6FC835D634634860309A262D3FD6
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/x3w0PY34AHdHibrRaTZxRgJrYKM.roa
Signing time:             Fri 05 Sep 2025 13:39:23 +0000
ROA not before:           Fri 05 Sep 2025 13:39:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8190
IP address blocks:        212.134.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1a:1a:6f:c8:35:d6:34:63:48:60:30:9a:26:2d:3f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Sep  5 13:39:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c77c343d8df800774789bad169367146026b60a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ea:06:78:24:38:51:91:98:67:25:59:99:66:
                    5a:27:56:5f:3f:fa:3e:e8:be:dc:c1:b1:b7:b2:8f:
                    1c:69:eb:74:f8:d3:0f:37:1f:59:51:ed:2d:1b:57:
                    8d:9f:1d:dc:ea:e5:d5:48:10:2a:be:f9:8f:24:c6:
                    14:c6:35:f5:1a:53:43:83:94:5c:d4:7b:ef:70:38:
                    b6:07:f0:7b:10:df:70:fa:7f:c8:5f:db:97:61:0b:
                    79:a4:f5:3f:e3:9c:7d:5f:bc:f3:18:1d:07:66:7e:
                    68:7c:72:50:a0:d3:61:74:6a:06:ce:c9:21:83:60:
                    fd:2c:99:19:c5:80:3d:14:2e:c4:66:c0:cf:64:84:
                    86:82:1f:1b:b6:c3:4d:e4:63:f9:24:f7:6c:ba:d5:
                    b3:c4:86:2e:47:7f:58:4a:ce:86:5a:0a:c8:65:bb:
                    83:be:19:8a:e6:37:ef:02:a0:ce:a4:96:78:35:a5:
                    4d:0e:90:a7:5f:ff:f9:ba:40:02:32:46:4d:db:aa:
                    c5:58:a0:24:25:f8:f8:e8:f0:36:9e:e0:6f:7c:62:
                    e0:90:2f:39:13:bf:8c:b0:4d:67:02:aa:f7:69:51:
                    f7:6d:82:fa:cf:78:36:3a:98:0c:16:98:ba:a5:33:
                    bd:07:29:42:ee:45:c0:e0:16:e1:e5:47:15:fc:a2:
                    0b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:7C:34:3D:8D:F8:00:77:47:89:BA:D1:69:36:71:46:02:6B:60:A3
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/x3w0PY34AHdHibrRaTZxRgJrYKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:94:9e:aa:f0:49:4f:2d:f9:2c:ee:cc:ac:a9:6e:5d:90:b8:
         46:15:d5:f9:51:3f:b9:c1:79:f7:ff:fc:f0:e2:5b:c3:0c:23:
         22:ab:02:8b:10:de:f0:ba:6d:51:9f:02:2d:6f:0c:ef:dd:92:
         b3:31:1e:9a:f9:ce:a4:2c:a5:d4:41:0b:30:34:e2:a7:b5:33:
         c0:f5:fc:5b:1f:d8:39:92:12:40:2a:1d:6e:4d:9d:e6:60:34:
         c1:08:3f:80:cf:63:9e:67:43:7d:0c:5d:3e:3c:5c:d8:ec:40:
         a3:29:9f:cc:82:9a:a1:15:2e:2d:f6:cd:97:74:69:11:72:98:
         67:ea:fa:65:3b:4f:b1:f9:3b:71:17:34:de:d9:dd:a2:78:81:
         73:e3:f1:7e:2e:90:a3:e7:a9:ad:67:31:f1:f3:69:91:af:e6:
         d9:ed:41:80:1f:3b:a6:9b:c0:e2:67:f2:1e:29:f0:05:64:b8:
         21:71:06:47:95:30:d4:dd:20:51:d1:92:16:35:3b:75:58:13:
         68:3b:27:75:8f:a0:d3:0e:06:9d:13:29:91:f6:b2:20:31:66:
         2e:8c:45:c4:e8:19:fe:dd:95:84:63:cc:0e:dc:30:2a:20:87:
         c4:4f:79:c2:5d:78:5a:0a:93:3f:34:68:97:50:ea:31:36:63:
         5d:91:be:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkaGm/INdY0Y0hgMJomLT/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwOTA1MTMzOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzdjMzQzZDhkZjgwMDc3NDc4OWJhZDE2OTM2NzE0NjAyNmI2MGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6uoGeCQ4UZGYZyVZmWZaJ1ZfP/o+
6L7cwbG3so8caet0+NMPNx9ZUe0tG1eNnx3c6uXVSBAqvvmPJMYUxjX1GlNDg5Rc
1HvvcDi2B/B7EN9w+n/IX9uXYQt5pPU/45x9X7zzGB0HZn5ofHJQoNNhdGoGzskh
g2D9LJkZxYA9FC7EZsDPZISGgh8btsNN5GP5JPdsutWzxIYuR39YSs6GWgrIZbuD
vhmK5jfvAqDOpJZ4NaVNDpCnX//5ukACMkZN26rFWKAkJfj46PA2nuBvfGLgkC85
E7+MsE1nAqr3aVH3bYL6z3g2OpgMFpi6pTO9BylC7kXA4Bbh5UcV/KILHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMd8ND2N+AB3R4m60Wk2cUYCa2CjMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEveDN3MFBZMzRBSGRIaWJyUmFUWnhSZ0pyWUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IZPMA0G
CSqGSIb3DQEBCwUAA4IBAQDBlJ6q8ElPLfks7sysqW5dkLhGFdX5UT+5wXn3//zw
4lvDDCMiqwKLEN7wum1RnwItbwzv3ZKzMR6a+c6kLKXUQQswNOKntTPA9fxbH9g5
khJAKh1uTZ3mYDTBCD+Az2OeZ0N9DF0+PFzY7ECjKZ/MgpqhFS4t9s2XdGkRcphn
6vplO0+x+TtxFzTe2d2ieIFz4/F+LpCj56mtZzHx82mRr+bZ7UGAHzumm8DiZ/Ie
KfAFZLghcQZHlTDU3SBR0ZIWNTt1WBNoOyd1j6DTDgadEymR9rIgMWYujEXE6Bn+
3ZWEY8wO3DAqIIfET3nCXXhaCpM/NGiXUOoxNmNdkb6M
-----END CERTIFICATE-----