Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/FikmAhQ-CbIcz8TgfAX6_ks5-nQ.roa
File:                     FikmAhQ-CbIcz8TgfAX6_ks5-nQ.roa (raw, json)
Hash identifier:          5P1uVtKOOmGCFuaEMZboXI45RaPTb1yLB+AXuXBOrzk=
Subject key identifier:   16:29:26:02:14:3E:09:B2:1C:CF:C4:E0:7C:05:FA:FE:4B:39:FA:74
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D6BB951E03D0050AE2E66CB59AB807EB3
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/FikmAhQ-CbIcz8TgfAX6_ks5-nQ.roa
Signing time:             Wed 08 Apr 2026 06:13:20 +0000
ROA not before:           Wed 08 Apr 2026 06:13:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401293
IP address blocks:        212.134.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6b:b9:51:e0:3d:00:50:ae:2e:66:cb:59:ab:80:7e:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr  8 06:13:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16292602143e09b21ccfc4e07c05fafe4b39fa74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e8:6c:a9:3c:bd:93:36:fa:6e:5b:ad:36:bb:
                    d4:86:2a:ae:39:49:e2:31:31:55:4b:c3:94:5a:a6:
                    83:43:21:18:44:56:87:50:72:8b:37:9a:1f:34:33:
                    83:f8:e9:72:be:ec:7a:fe:d5:a8:5b:0e:51:72:87:
                    c7:0d:8c:23:86:2e:a4:dc:42:b1:92:0c:95:34:ef:
                    f3:6e:ee:88:47:bd:cd:0f:1f:63:5e:a1:3b:21:0e:
                    73:d4:38:d2:3f:f6:6e:e4:94:a2:c4:46:94:c7:9e:
                    e6:2b:92:66:5d:90:80:3c:0a:6a:da:58:ab:9e:53:
                    d4:c6:38:9c:8f:3e:9f:80:0c:2a:03:b5:2b:5f:c1:
                    c7:87:3f:60:e4:a1:c9:0d:ae:16:2e:d8:91:71:b9:
                    c0:e3:1b:16:1e:9b:0d:d6:2c:92:6f:4d:62:e6:b7:
                    07:bf:71:e0:e1:04:4e:4c:e5:8a:7e:7c:d9:02:fd:
                    bc:47:cf:00:36:ad:22:73:cc:7f:9c:50:75:f6:0a:
                    fb:d9:f7:84:5a:9e:e0:78:2f:ab:62:9e:0b:97:44:
                    39:bd:67:86:05:f0:72:74:a1:5c:1d:0b:bb:68:58:
                    c1:da:3c:ca:34:4f:ff:83:28:23:00:db:26:e6:76:
                    27:f1:34:76:85:60:4e:39:68:33:ce:95:06:57:ab:
                    b4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:29:26:02:14:3E:09:B2:1C:CF:C4:E0:7C:05:FA:FE:4B:39:FA:74
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/FikmAhQ-CbIcz8TgfAX6_ks5-nQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:d5:94:bd:49:6c:b2:b7:0b:79:c8:f8:bc:a5:04:9c:cd:60:
         29:be:89:15:69:0d:36:94:9e:ba:62:00:6c:2e:f5:b9:64:57:
         35:c2:55:93:da:7f:61:34:57:c1:a0:46:35:1a:be:b7:f9:16:
         fa:5a:88:50:6f:31:70:54:1d:c3:8e:a2:86:1c:94:b1:5d:d4:
         0f:77:61:eb:8a:a5:d3:70:55:b1:4b:20:b3:e3:ac:83:85:14:
         89:68:e3:96:f1:e7:60:0c:55:ee:24:58:4d:95:a9:0c:7d:84:
         ed:42:ed:89:b5:bb:ea:79:5a:98:fb:76:be:95:51:27:ea:cc:
         9d:fe:1a:cd:b2:e2:a6:ac:c4:22:f7:13:de:4b:bb:0e:ef:32:
         4c:d9:fe:e9:54:a0:bf:ec:4e:13:19:fd:9c:93:67:8e:67:86:
         6a:fc:20:c6:eb:65:e0:8d:b8:b5:d6:8a:e1:dd:5a:ce:25:da:
         bd:5c:fd:3c:23:69:5c:89:11:05:6d:d3:e9:b0:34:ae:bf:8d:
         a3:f9:f4:a6:d2:5b:83:98:37:0c:1e:c1:7c:db:ad:c3:e6:4d:
         fa:b1:ff:8c:44:43:31:c3:a7:d8:4f:9f:1e:16:81:b8:1c:21:
         1f:b2:17:b4:72:01:66:37:70:ed:1c:ea:57:4d:d3:20:ea:3c:
         b7:27:9a:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1ruVHgPQBQri5my1mrgH6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDA4MDYxMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjI5MjYwMjE0M2UwOWIyMWNjZmM0ZTA3YzA1ZmFmZTRiMzlmYTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOhsqTy9kzb6blutNrvUhiquOUni
MTFVS8OUWqaDQyEYRFaHUHKLN5ofNDOD+Olyvux6/tWoWw5RcofHDYwjhi6k3EKx
kgyVNO/zbu6IR73NDx9jXqE7IQ5z1DjSP/Zu5JSixEaUx57mK5JmXZCAPApq2lir
nlPUxjicjz6fgAwqA7UrX8HHhz9g5KHJDa4WLtiRcbnA4xsWHpsN1iySb01i5rcH
v3Hg4QROTOWKfnzZAv28R88ANq0ic8x/nFB19gr72feEWp7geC+rYp4Ll0Q5vWeG
BfBydKFcHQu7aFjB2jzKNE//gygjANsm5nYn8TR2hWBOOWgzzpUGV6u0TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYpJgIUPgmyHM/E4HwF+v5LOfp0MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvRmlrbUFoUS1DYkljejhUZ2ZBWDZfa3M1LW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Ia8MA0G
CSqGSIb3DQEBCwUAA4IBAQCh1ZS9SWyytwt5yPi8pQSczWApvokVaQ02lJ66YgBs
LvW5ZFc1wlWT2n9hNFfBoEY1Gr63+Rb6WohQbzFwVB3DjqKGHJSxXdQPd2HriqXT
cFWxSyCz46yDhRSJaOOW8edgDFXuJFhNlakMfYTtQu2JtbvqeVqY+3a+lVEn6syd
/hrNsuKmrMQi9xPeS7sO7zJM2f7pVKC/7E4TGf2ck2eOZ4Zq/CDG62Xgjbi11orh
3VrOJdq9XP08I2lciREFbdPpsDSuv42j+fSm0luDmDcMHsF8263D5k36sf+MREMx
w6fYT58eFoG4HCEfshe0cgFmN3DtHOpXTdMg6jy3J5ok
-----END CERTIFICATE-----