Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/ABJeZ_3GC1dQAGLc7pryHv5JP4U.roa
File:                     ABJeZ_3GC1dQAGLc7pryHv5JP4U.roa (raw, json)
Hash identifier:          b/UMRldynJAJil5wWfl7s30Arkfra6le0omnJrbGF64=
Subject key identifier:   00:12:5E:67:FD:C6:0B:57:50:00:62:DC:EE:9A:F2:1E:FE:49:3F:85
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       019D24DD580DF04491C2CF76AC1424D50CB5
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/ABJeZ_3GC1dQAGLc7pryHv5JP4U.roa
Signing time:             Wed 25 Mar 2026 11:59:38 +0000
ROA not before:           Wed 25 Mar 2026 11:59:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402203
IP address blocks:        213.145.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:dd:58:0d:f0:44:91:c2:cf:76:ac:14:24:d5:0c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Mar 25 11:59:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00125e67fdc60b57500062dcee9af21efe493f85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:81:56:88:62:37:ef:55:00:ba:f0:93:e3:a1:
                    0a:a7:96:c4:11:2f:dd:94:c2:a7:87:79:96:ec:54:
                    87:56:bf:3d:62:73:fa:8f:9f:fa:2c:07:68:bc:23:
                    f6:17:de:29:0d:3b:0c:06:47:9c:80:b2:0b:49:33:
                    bf:b2:b1:4f:cb:2f:4b:c2:5f:0a:7d:38:b7:d7:d8:
                    9e:a6:69:95:e8:2c:74:63:5b:4a:cf:d3:dc:7b:23:
                    70:ba:f3:02:fe:b2:53:88:01:dd:34:ce:e8:d3:0a:
                    a5:67:38:b0:d0:f1:57:5e:70:d9:62:78:90:ee:65:
                    3f:e0:92:13:26:66:7c:35:79:df:00:2d:a6:b2:cc:
                    fa:ad:72:fe:21:47:03:27:20:95:23:ad:8d:a3:19:
                    a6:78:c7:9d:84:af:3b:19:ec:e3:c7:cf:54:aa:ea:
                    06:88:f9:56:1a:87:db:8d:93:32:b8:a7:8e:b4:58:
                    3c:22:9f:3c:41:ce:55:0b:42:5a:98:3b:3b:18:ec:
                    eb:e5:c7:ab:a2:fe:1e:a4:b2:f2:59:99:80:55:cb:
                    02:fe:54:e0:b8:03:12:48:98:ae:49:38:88:a9:04:
                    1b:6a:00:3a:cc:af:58:54:c8:da:5a:5d:a1:b8:49:
                    04:33:c8:32:61:41:9a:c6:8d:b1:58:5a:d7:fc:a1:
                    51:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:12:5E:67:FD:C6:0B:57:50:00:62:DC:EE:9A:F2:1E:FE:49:3F:85
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/ABJeZ_3GC1dQAGLc7pryHv5JP4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:4d:00:4e:2b:78:a1:76:0b:da:e9:cc:59:06:3f:be:fd:3e:
         4b:84:fd:b0:cd:2a:21:02:7f:68:96:7c:73:66:39:de:87:42:
         38:b4:e1:23:d0:77:3e:42:17:ae:e0:39:0c:c3:0c:20:d3:9b:
         1d:64:8d:7a:34:cf:d2:92:97:db:fd:78:3b:d4:49:9e:94:43:
         a8:b4:2a:fa:d5:58:19:dd:4b:de:fd:b8:6f:29:fd:b3:8d:75:
         4a:a7:32:cf:6d:95:58:6d:d3:2d:a3:41:40:a0:32:77:a6:fe:
         4a:cd:e5:da:15:e9:e4:1a:2f:ba:bb:ef:c1:cf:a3:f3:82:4f:
         20:ba:52:eb:27:5f:e3:c7:98:d4:15:58:49:e1:1c:4e:59:8c:
         61:f0:8b:b6:12:91:86:2c:b6:a4:18:4d:b5:87:46:af:aa:37:
         78:e1:bb:fc:3e:7f:5e:c6:b2:5c:78:c5:2b:dc:13:e9:c9:89:
         82:d8:bc:bc:c4:4b:b1:18:ee:b7:28:83:5b:dc:b7:cd:5f:63:
         e1:77:0f:87:df:f2:f5:86:12:af:84:49:09:44:c4:05:9f:c0:
         3a:79:92:bb:95:e5:5f:b1:2f:08:0a:36:73:f9:3f:34:e8:a9:
         4d:b6:ea:1a:e5:fe:e6:63:b4:e8:78:0e:30:ba:79:a6:77:5f:
         b5:74:3e:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0k3VgN8ESRws92rBQk1Qy1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjYwMzI1MTE1OTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDEyNWU2N2ZkYzYwYjU3NTAwMDYyZGNlZTlhZjIxZWZlNDkzZjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oFWiGI371UAuvCT46EKp5bEES/d
lMKnh3mW7FSHVr89YnP6j5/6LAdovCP2F94pDTsMBkecgLILSTO/srFPyy9Lwl8K
fTi319iepmmV6Cx0Y1tKz9PceyNwuvMC/rJTiAHdNM7o0wqlZziw0PFXXnDZYniQ
7mU/4JITJmZ8NXnfAC2mssz6rXL+IUcDJyCVI62NoxmmeMedhK87Gezjx89UquoG
iPlWGofbjZMyuKeOtFg8Ip88Qc5VC0JamDs7GOzr5cerov4epLLyWZmAVcsC/lTg
uAMSSJiuSTiIqQQbagA6zK9YVMjaWl2huEkEM8gyYUGaxo2xWFrX/KFRkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAASXmf9xgtXUABi3O6a8h7+ST+FMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvQUJKZVpfM0dDMWRRQUdMYzdwcnlIdjVKUDRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFXMA0G
CSqGSIb3DQEBCwUAA4IBAQDjTQBOK3ihdgva6cxZBj++/T5LhP2wzSohAn9olnxz
Zjneh0I4tOEj0Hc+Qheu4DkMwwwg05sdZI16NM/Skpfb/Xg71EmelEOotCr61VgZ
3Uve/bhvKf2zjXVKpzLPbZVYbdMto0FAoDJ3pv5KzeXaFenkGi+6u+/Bz6Pzgk8g
ulLrJ1/jx5jUFVhJ4RxOWYxh8Iu2EpGGLLakGE21h0avqjd44bv8Pn9exrJceMUr
3BPpyYmC2Ly8xEuxGO63KINb3LfNX2Phdw+H3/L1hhKvhEkJRMQFn8A6eZK7leVf
sS8ICjZz+T806KlNtuoa5f7mY7ToeA4wunmmd1+1dD6O
-----END CERTIFICATE-----