Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/4BgSPKv6u7Nvejd0u9LkHaV6_JY.roa
File:                     4BgSPKv6u7Nvejd0u9LkHaV6_JY.roa (raw, json)
Hash identifier:          bwSQuPs4B3f2sRZ41JXYWa4n5L7eymXGexKeSzaf/Z0=
Subject key identifier:   E0:18:12:3C:AB:FA:BB:B3:6F:7A:37:74:BB:D2:E4:1D:A5:7A:FC:96
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       01990E5DFBB4F0C00F48AE39F393D6599562
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/4BgSPKv6u7Nvejd0u9LkHaV6_JY.roa
Signing time:             Wed 03 Sep 2025 06:57:44 +0000
ROA not before:           Wed 03 Sep 2025 06:57:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216211
IP address blocks:        212.135.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0e:5d:fb:b4:f0:c0:0f:48:ae:39:f3:93:d6:59:95:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Sep  3 06:57:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e018123cabfabbb36f7a3774bbd2e41da57afc96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:74:0f:04:e9:d6:b9:c1:5c:9d:13:f4:26:a9:
                    40:3f:6f:72:d8:7d:be:60:be:73:b2:98:8e:bf:79:
                    47:fe:2d:78:e0:e4:4c:1c:90:ba:6f:a0:12:f0:de:
                    aa:c5:f7:11:a5:a1:80:c3:90:33:b4:d4:48:89:97:
                    aa:54:06:75:dd:19:16:4f:4d:2a:38:21:60:70:d7:
                    cf:ba:ce:a0:3a:f5:3f:b5:63:5d:f8:9f:cd:18:6b:
                    5e:b7:f9:9e:81:e2:6b:65:86:ff:c6:58:8f:9a:50:
                    a6:e0:96:8f:4f:07:89:17:b4:5b:de:3e:80:68:49:
                    2b:0a:3f:71:87:12:dd:69:c6:21:02:80:e9:1b:34:
                    c7:f1:46:90:33:e5:99:8c:8a:4a:5f:a2:da:1e:ed:
                    7c:be:7f:4f:5b:b9:1b:bf:da:6e:ff:08:ed:e6:9e:
                    c3:50:51:04:7f:40:d7:54:12:69:99:5d:31:70:95:
                    04:83:c6:55:ae:40:8e:c8:b3:a5:23:56:78:7a:f7:
                    14:f8:46:ba:cb:b2:69:03:4a:e0:da:c2:cc:f6:fd:
                    c7:6b:91:45:d3:ca:53:d0:bf:9f:07:d7:85:9a:03:
                    0f:30:05:46:56:8b:5a:9d:50:af:d2:ee:09:bd:94:
                    b6:28:10:67:09:be:e5:95:08:03:f8:c5:70:10:5b:
                    5e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:18:12:3C:AB:FA:BB:B3:6F:7A:37:74:BB:D2:E4:1D:A5:7A:FC:96
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/4BgSPKv6u7Nvejd0u9LkHaV6_JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1f:b6:5c:59:e7:c4:ad:63:13:e2:f4:92:cd:fd:2b:f4:97:63:
         be:bb:73:3d:16:67:8f:c4:c5:f4:b9:e4:d3:f1:d5:b0:5f:25:
         e2:c3:2e:ef:6e:a8:c1:6c:95:78:ed:29:d4:2a:56:b0:37:90:
         88:3e:d7:14:2f:dd:cb:10:72:3a:86:57:a8:50:4e:22:84:29:
         a9:f0:f0:89:7a:65:fd:60:dc:2e:66:d8:42:78:3f:d8:9d:49:
         91:5d:af:7a:53:99:5e:47:f2:5b:2a:4f:d8:71:e7:bb:a4:cd:
         be:7b:37:d2:69:0f:be:06:ae:17:17:33:b7:54:a2:89:4e:ae:
         33:fe:e9:7f:0a:52:83:3b:99:5b:8b:87:1f:de:63:e4:59:8a:
         48:d3:f1:30:52:48:7e:c9:5d:0a:48:f4:7c:36:de:3a:2f:7c:
         14:66:ae:a1:02:d7:69:03:3a:16:f4:46:ae:38:8c:80:45:ed:
         58:b4:87:b7:60:26:61:a1:cc:79:28:23:b3:3a:00:b6:70:d5:
         94:87:16:99:04:b5:71:88:db:82:22:fc:3f:89:89:87:05:9f:
         63:97:10:1c:96:76:4f:6e:1a:6d:4e:b9:9e:fd:af:1f:ff:8e:
         3f:be:15:c9:28:16:59:e5:f7:0e:05:4c:34:4b:be:35:84:ec:
         ef:07:ae:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkOXfu08MAPSK4585PWWZViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwOTAzMDY1NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDE4MTIzY2FiZmFiYmIzNmY3YTM3NzRiYmQyZTQxZGE1N2FmYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXQPBOnWucFcnRP0JqlAP29y2H2+
YL5zspiOv3lH/i144ORMHJC6b6AS8N6qxfcRpaGAw5AztNRIiZeqVAZ13RkWT00q
OCFgcNfPus6gOvU/tWNd+J/NGGtet/megeJrZYb/xliPmlCm4JaPTweJF7Rb3j6A
aEkrCj9xhxLdacYhAoDpGzTH8UaQM+WZjIpKX6LaHu18vn9PW7kbv9pu/wjt5p7D
UFEEf0DXVBJpmV0xcJUEg8ZVrkCOyLOlI1Z4evcU+Ea6y7JpA0rg2sLM9v3Ha5FF
08pT0L+fB9eFmgMPMAVGVotanVCv0u4JvZS2KBBnCb7llQgD+MVwEFtejwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAYEjyr+ruzb3o3dLvS5B2levyWMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvNEJnU1BLdjZ1N052ZWpkMHU5TGtIYVY2X0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1IfQMA0G
CSqGSIb3DQEBCwUAA4IBAQAftlxZ58StYxPi9JLN/Sv0l2O+u3M9FmePxMX0ueTT
8dWwXyXiwy7vbqjBbJV47SnUKlawN5CIPtcUL93LEHI6hleoUE4ihCmp8PCJemX9
YNwuZthCeD/YnUmRXa96U5leR/JbKk/Ycee7pM2+ezfSaQ++Bq4XFzO3VKKJTq4z
/ul/ClKDO5lbi4cf3mPkWYpI0/EwUkh+yV0KSPR8Nt46L3wUZq6hAtdpAzoW9Eau
OIyARe1YtIe3YCZhocx5KCOzOgC2cNWUhxaZBLVxiNuCIvw/iYmHBZ9jlxAclnZP
bhptTrme/a8f/44/vhXJKBZZ5fcOBUw0S741hOzvB66f
-----END CERTIFICATE-----