Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/E5PNljCY8JOiKzc_3wPAe9tgXgY.roa
File:                     E5PNljCY8JOiKzc_3wPAe9tgXgY.roa (raw, json)
Hash identifier:          pLYZEYrrKhQ1YO4embrzqMtPZPQTzW4e2XBOcAyhL30=
Subject key identifier:   13:93:CD:96:30:98:F0:93:A2:2B:37:3F:DF:03:C0:7B:DB:60:5E:06
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DA5994F2885C7F0FFC7B5E72CDF7CAB6D
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/E5PNljCY8JOiKzc_3wPAe9tgXgY.roa
Signing time:             Sun 19 Apr 2026 11:56:21 +0000
ROA not before:           Sun 19 Apr 2026 11:56:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402203
IP address blocks:        212.134.129.0/24 maxlen: 24
                          212.135.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 14:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a5:99:4f:28:85:c7:f0:ff:c7:b5:e7:2c:df:7c:ab:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 19 11:56:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1393cd963098f093a22b373fdf03c07bdb605e06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c6:a9:12:06:35:b0:fb:d0:b6:25:c0:2b:6e:
                    95:28:3a:31:28:88:c1:73:82:52:57:27:c8:2a:71:
                    6c:45:ca:87:6f:2e:1d:f3:8d:f7:c9:70:93:fc:f5:
                    f5:4a:91:8e:b1:cb:87:51:fd:a7:ee:9a:34:66:ab:
                    4f:d5:46:77:10:eb:df:b2:2b:78:66:57:5a:a4:8e:
                    72:6c:14:e7:cc:c8:58:3f:bf:5f:44:b0:7c:78:cb:
                    7e:50:c7:2f:11:87:c9:fd:ec:2f:9e:b0:5f:c8:cb:
                    0c:cb:16:cf:e0:e6:7f:5f:02:4d:16:2d:bd:b9:df:
                    18:d4:ca:93:7f:d2:5c:6b:db:75:9b:1f:02:6e:50:
                    6c:6b:40:09:6f:73:cd:c9:11:2b:a3:a9:48:fa:5a:
                    43:51:c6:93:c1:2c:15:58:ce:fe:1f:94:1c:bf:01:
                    70:bd:22:97:29:87:70:91:bc:09:78:99:be:b3:83:
                    e9:d6:28:b8:55:85:12:ef:21:be:0c:29:b1:57:d2:
                    dc:58:fb:bd:12:d4:3a:03:53:ad:12:e9:69:6f:85:
                    04:aa:f8:fb:e1:d6:6b:a9:c6:c3:5f:8f:38:36:16:
                    ae:3c:40:ea:98:49:d9:fa:3a:73:1b:d9:28:52:46:
                    a6:3e:5d:32:a3:dd:37:70:4b:a1:36:0c:07:8e:64:
                    3a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:93:CD:96:30:98:F0:93:A2:2B:37:3F:DF:03:C0:7B:DB:60:5E:06
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/E5PNljCY8JOiKzc_3wPAe9tgXgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.129.0/24
                  212.135.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:47:72:3a:3f:7d:aa:44:d5:ee:6b:04:f7:ab:24:38:8f:4b:
         0c:0d:8d:90:65:8b:b4:e1:48:1b:4d:1c:1b:99:26:27:7e:99:
         88:b3:17:b7:39:7e:92:64:19:db:3e:09:89:c3:e9:14:dd:5e:
         19:b8:c0:c9:e8:5f:57:3a:ec:c4:2f:4f:2e:43:be:c4:0f:df:
         b2:db:4f:de:e2:03:e2:2b:21:e5:07:2b:00:0a:1d:99:06:2f:
         69:8f:0d:01:16:c5:9a:43:4c:07:06:37:f7:e0:94:85:25:c5:
         f3:2b:c1:3a:85:62:cc:2a:50:b2:d4:d5:17:47:90:e8:cc:09:
         34:ad:d8:32:f0:24:19:cd:74:88:9c:70:40:2b:e7:77:78:4e:
         7b:83:61:62:94:1c:4a:09:b2:bd:60:c3:ba:44:6c:f9:07:07:
         98:3f:a1:78:ce:92:9c:3a:ce:5c:12:4d:b8:88:81:6b:79:9b:
         e9:a0:8a:e4:3e:ec:84:94:46:98:f0:6f:7e:61:c6:d5:47:ad:
         5b:1d:6c:cb:5b:38:7c:1c:e5:2c:df:31:bb:5a:9b:05:88:d5:
         1f:7e:aa:9e:27:35:f7:da:f2:55:65:8e:c3:44:f7:89:d4:c6:
         f8:5e:d2:30:4f:42:84:9e:c2:e6:c7:4c:7a:8b:aa:e1:9c:e0:
         2e:ec:bd:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2lmU8ohcfw/8e15yzffKttMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDE5MTE1NjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzkzY2Q5NjMwOThmMDkzYTIyYjM3M2ZkZjAzYzA3YmRiNjA1ZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18apEgY1sPvQtiXAK26VKDoxKIjB
c4JSVyfIKnFsRcqHby4d8433yXCT/PX1SpGOscuHUf2n7po0ZqtP1UZ3EOvfsit4
ZldapI5ybBTnzMhYP79fRLB8eMt+UMcvEYfJ/ewvnrBfyMsMyxbP4OZ/XwJNFi29
ud8Y1MqTf9Jca9t1mx8CblBsa0AJb3PNyREro6lI+lpDUcaTwSwVWM7+H5QcvwFw
vSKXKYdwkbwJeJm+s4Pp1ii4VYUS7yG+DCmxV9LcWPu9EtQ6A1OtEulpb4UEqvj7
4dZrqcbDX484NhauPEDqmEnZ+jpzG9koUkamPl0yo903cEuhNgwHjmQ6rwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBOTzZYwmPCTois3P98DwHvbYF4GMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvRTVQTmxqQ1k4Sk9pS3pjXzN3UEFlOXRnWGdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IaBAwQA
1IemMA0GCSqGSIb3DQEBCwUAA4IBAQCMR3I6P32qRNXuawT3qyQ4j0sMDY2QZYu0
4UgbTRwbmSYnfpmIsxe3OX6SZBnbPgmJw+kU3V4ZuMDJ6F9XOuzEL08uQ77ED9+y
20/e4gPiKyHlBysACh2ZBi9pjw0BFsWaQ0wHBjf34JSFJcXzK8E6hWLMKlCy1NUX
R5DozAk0rdgy8CQZzXSInHBAK+d3eE57g2FilBxKCbK9YMO6RGz5BweYP6F4zpKc
Os5cEk24iIFreZvpoIrkPuyElEaY8G9+YcbVR61bHWzLWzh8HOUs3zG7WpsFiNUf
fqqeJzX32vJVZY7DRPeJ1Mb4XtIwT0KEnsLmx0x6i6rhnOAu7L2/
-----END CERTIFICATE-----