Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/7Ha6IFpkRZLQ7b01jgsnrdm6DBc.roa
File:                     7Ha6IFpkRZLQ7b01jgsnrdm6DBc.roa (raw, json)
Hash identifier:          7n8zQZaqN54a2G5lrIniru+wF+PV6mpkYx7wYlMb1Qk=
Subject key identifier:   EC:76:BA:20:5A:64:45:92:D0:ED:BD:35:8E:0B:27:AD:D9:BA:0C:17
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       0199D26FAC93806F0D7695DFF0282A557F99
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/7Ha6IFpkRZLQ7b01jgsnrdm6DBc.roa
Signing time:             Sat 11 Oct 2025 08:42:38 +0000
ROA not before:           Sat 11 Oct 2025 08:42:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395201
IP address blocks:        212.135.22.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Oct 2025 23:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d2:6f:ac:93:80:6f:0d:76:95:df:f0:28:2a:55:7f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Oct 11 08:42:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec76ba205a644592d0edbd358e0b27add9ba0c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:42:8c:40:d0:d0:f5:ee:04:ae:0c:0b:8c:c1:
                    7b:a6:a9:a7:1f:a4:6f:1e:e2:53:10:4d:33:b5:89:
                    4f:38:d9:76:78:71:2a:da:8d:b3:fe:01:ca:ae:f7:
                    10:08:cd:d5:66:dd:e3:73:33:e4:e1:8c:bd:6e:3d:
                    58:8b:32:04:36:b4:38:95:ad:74:c4:11:db:bf:b4:
                    5d:e6:36:d3:8c:63:7d:07:50:d7:8c:ac:56:6f:ea:
                    7d:51:d0:6e:a3:7c:b3:9a:68:e8:5e:c2:cb:47:8c:
                    94:04:36:d3:a3:dc:1d:ce:29:6f:9c:34:fd:3e:00:
                    2e:40:97:7f:c7:18:b0:06:04:97:8e:c9:4b:4a:e0:
                    5f:4c:df:2d:ef:bf:27:e0:0a:82:d3:53:6a:10:39:
                    fa:96:3b:ca:10:d6:79:62:00:b9:e9:42:49:f7:22:
                    b4:42:82:c6:f0:5e:68:13:33:d8:da:51:66:fd:81:
                    79:6f:fa:3b:a9:ea:ba:38:7f:53:b1:89:a1:eb:cb:
                    bc:c9:52:b5:c7:f8:38:bf:8c:1b:9e:2e:36:12:13:
                    f6:c2:96:66:c9:0d:c7:08:50:b9:11:45:1c:57:17:
                    e8:72:05:e2:c4:a5:a7:21:21:13:b9:57:ed:e0:73:
                    2a:71:cb:aa:d4:b6:53:92:ed:e2:a2:25:ed:95:90:
                    5f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:76:BA:20:5A:64:45:92:D0:ED:BD:35:8E:0B:27:AD:D9:BA:0C:17
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/7Ha6IFpkRZLQ7b01jgsnrdm6DBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:69:ee:05:68:fc:0f:d9:29:e7:fb:41:0d:9d:76:4d:48:9f:
         b9:ed:c9:26:74:d6:bd:43:5c:b1:3b:1b:a2:f3:fb:fb:5f:a1:
         cf:11:01:9f:f4:fe:c8:5c:fc:d8:82:e5:b7:8a:2c:2a:a3:33:
         63:9c:4e:05:56:9d:86:e8:31:3b:c1:59:ac:2f:ad:62:25:5a:
         20:46:0c:35:48:e0:bf:57:72:7b:5a:58:eb:23:95:57:c4:70:
         ea:3d:7c:6a:a3:5b:4e:6f:df:04:a3:0f:90:e7:4b:d2:6e:77:
         2b:72:f1:c8:8d:8c:83:53:14:5e:34:78:6a:ad:e4:9b:28:e8:
         35:91:a7:66:48:b1:a9:e4:1a:d0:6a:a1:1c:ef:3f:20:69:35:
         99:78:04:9b:79:b7:cc:bd:72:94:04:17:11:13:2e:f4:f7:2c:
         e6:e5:00:e6:c6:76:15:fd:e4:14:e7:28:d0:b9:17:3a:85:0c:
         97:c6:53:8b:37:9f:b2:6b:61:3c:b8:23:65:11:16:d9:1f:a2:
         47:98:72:59:43:82:2e:0a:3e:79:1d:13:34:6e:b7:c2:c1:c4:
         ee:bb:35:55:b6:2d:60:9c:61:2c:0d:33:e5:8e:74:1f:4e:2d:
         5d:c8:11:c2:ff:35:7e:8b:af:aa:6b:3b:a9:c1:2a:ba:8d:43:
         14:ce:12:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnSb6yTgG8NdpXf8CgqVX+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDExMDg0MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzc2YmEyMDVhNjQ0NTkyZDBlZGJkMzU4ZTBiMjdhZGQ5YmEwYzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkKMQNDQ9e4ErgwLjMF7pqmnH6Rv
HuJTEE0ztYlPONl2eHEq2o2z/gHKrvcQCM3VZt3jczPk4Yy9bj1YizIENrQ4la10
xBHbv7Rd5jbTjGN9B1DXjKxWb+p9UdBuo3yzmmjoXsLLR4yUBDbTo9wdzilvnDT9
PgAuQJd/xxiwBgSXjslLSuBfTN8t778n4AqC01NqEDn6ljvKENZ5YgC56UJJ9yK0
QoLG8F5oEzPY2lFm/YF5b/o7qeq6OH9TsYmh68u8yVK1x/g4v4wbni42EhP2wpZm
yQ3HCFC5EUUcVxfocgXixKWnISETuVft4HMqccuq1LZTku3ioiXtlZBfewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOx2uiBaZEWS0O29NY4LJ63ZugwXMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvN0hhNklGcGtSWkxRN2IwMWpnc25yZG02REJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1IcWMA0G
CSqGSIb3DQEBCwUAA4IBAQA0ae4FaPwP2Snn+0ENnXZNSJ+57ckmdNa9Q1yxOxui
8/v7X6HPEQGf9P7IXPzYguW3iiwqozNjnE4FVp2G6DE7wVmsL61iJVogRgw1SOC/
V3J7WljrI5VXxHDqPXxqo1tOb98Eow+Q50vSbncrcvHIjYyDUxReNHhqreSbKOg1
kadmSLGp5BrQaqEc7z8gaTWZeASbebfMvXKUBBcREy709yzm5QDmxnYV/eQU5yjQ
uRc6hQyXxlOLN5+ya2E8uCNlERbZH6JHmHJZQ4IuCj55HRM0brfCwcTuuzVVti1g
nGEsDTPljnQfTi1dyBHC/zV+i6+qazupwSq6jUMUzhKZ
-----END CERTIFICATE-----