Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Kp-Z8nZdjRuXThKWU8kcOsFHPSg.roa
File:                     Kp-Z8nZdjRuXThKWU8kcOsFHPSg.roa (raw, json)
Hash identifier:          zLAwsDi4I3aal27ef66TPxQggd8M5QOxXta/enuzEoo=
Subject key identifier:   2A:9F:99:F2:76:5D:8D:1B:97:4E:12:96:53:C9:1C:3A:C1:47:3D:28
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E44A0542294A3E754C0DF27561086545A
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Kp-Z8nZdjRuXThKWU8kcOsFHPSg.roa
Signing time:             Wed 20 May 2026 09:03:38 +0000
ROA not before:           Wed 20 May 2026 09:03:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198810
IP address blocks:        212.134.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:44:a0:54:22:94:a3:e7:54:c0:df:27:56:10:86:54:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May 20 09:03:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a9f99f2765d8d1b974e129653c91c3ac1473d28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a2:f5:5c:ee:7a:df:77:62:2c:81:ff:45:ef:
                    77:b2:0b:b7:8d:07:23:53:68:f9:70:db:67:e4:dd:
                    5c:65:3c:e1:ec:14:a3:4d:99:72:a2:4f:5e:8f:b2:
                    9e:09:2c:3a:4a:d8:24:90:1c:1d:19:e6:8b:f5:58:
                    ce:29:df:30:42:95:d3:8b:96:bc:22:86:96:6f:67:
                    06:7d:b7:e0:c0:a1:bc:95:0f:3a:c7:50:45:0a:31:
                    54:e7:8f:c5:57:03:87:9d:ea:51:7c:c7:6e:81:d6:
                    fb:5c:3b:6d:96:0b:93:ed:22:25:8f:31:5b:c9:c8:
                    57:ae:51:43:57:22:cc:79:56:cd:32:9b:82:20:82:
                    6a:0e:e2:dc:26:b0:9e:ba:3f:4c:44:87:97:1a:e2:
                    24:92:e7:f4:fb:ed:cf:df:25:a4:88:c0:c7:16:11:
                    38:7a:9d:62:6a:d4:09:11:df:b4:5b:75:7a:f5:b8:
                    69:30:d5:1e:42:b6:0e:92:d0:26:26:3b:26:33:9f:
                    e1:56:37:28:e4:2c:7c:4f:d0:38:da:c1:12:b5:a0:
                    bd:a3:8d:cf:15:fe:c6:10:4f:7d:71:bc:35:89:55:
                    c0:a1:b7:de:43:0c:1b:ff:6e:60:3b:86:c6:cb:e1:
                    23:e5:60:7f:86:f2:19:a7:e7:1f:5b:52:56:50:9a:
                    34:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:9F:99:F2:76:5D:8D:1B:97:4E:12:96:53:C9:1C:3A:C1:47:3D:28
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/Kp-Z8nZdjRuXThKWU8kcOsFHPSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:4f:11:b6:f6:ff:ed:c7:bb:9a:3f:9a:91:b2:bf:03:b1:d0:
         db:f2:80:76:ad:2d:a3:68:d9:1b:b4:3d:e7:a5:49:74:4c:4c:
         38:d2:48:aa:23:dd:03:e4:b0:15:38:7d:21:d7:8b:fc:47:9e:
         93:7d:29:52:0c:1c:2c:a5:40:3f:95:e2:0c:84:bb:45:aa:54:
         95:74:33:24:50:70:fc:19:5b:fe:ec:96:da:74:2d:1b:ae:e6:
         c9:a6:26:b7:27:5a:c5:b8:80:0c:da:fd:6d:bd:4f:53:87:2e:
         a2:2e:1d:99:85:4b:41:4f:61:c6:25:65:3f:ea:86:8d:1e:aa:
         71:d9:e3:b7:21:6c:78:05:2b:9d:36:07:73:de:05:cf:d7:de:
         b2:aa:e9:c5:9b:f2:73:44:15:78:be:4d:86:cf:f4:33:ce:f3:
         7e:ee:69:27:a2:82:9b:e9:8e:b9:9f:3a:cb:e1:2d:a2:13:14:
         27:e1:2b:7d:6e:ac:39:bf:41:73:81:92:f3:70:b5:69:3b:7a:
         20:02:76:1a:28:93:42:ae:a7:2c:60:72:de:4a:f2:0b:f5:1d:
         4a:a6:65:56:25:fe:f9:e1:dc:eb:77:c1:80:d6:73:6e:8e:28:
         3c:63:78:4b:77:54:1f:cb:2d:55:13:c5:64:ea:13:34:58:d4:
         3d:e2:ae:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5EoFQilKPnVMDfJ1YQhlRaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTIwMDkwMzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTlmOTlmMjc2NWQ4ZDFiOTc0ZTEyOTY1M2M5MWMzYWMxNDczZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qL1XO5633diLIH/Re93sgu3jQcj
U2j5cNtn5N1cZTzh7BSjTZlyok9ej7KeCSw6StgkkBwdGeaL9VjOKd8wQpXTi5a8
IoaWb2cGfbfgwKG8lQ86x1BFCjFU54/FVwOHnepRfMdugdb7XDttlguT7SIljzFb
ychXrlFDVyLMeVbNMpuCIIJqDuLcJrCeuj9MRIeXGuIkkuf0++3P3yWkiMDHFhE4
ep1iatQJEd+0W3V69bhpMNUeQrYOktAmJjsmM5/hVjco5Cx8T9A42sEStaC9o43P
Ff7GEE99cbw1iVXAobfeQwwb/25gO4bGy+Ej5WB/hvIZp+cfW1JWUJo0KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqfmfJ2XY0bl04SllPJHDrBRz0oMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvS3AtWjhuWmRqUnVYVGhLV1U4a2NPc0ZIUFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IadMA0G
CSqGSIb3DQEBCwUAA4IBAQAPTxG29v/tx7uaP5qRsr8DsdDb8oB2rS2jaNkbtD3n
pUl0TEw40kiqI90D5LAVOH0h14v8R56TfSlSDBwspUA/leIMhLtFqlSVdDMkUHD8
GVv+7JbadC0brubJpia3J1rFuIAM2v1tvU9Thy6iLh2ZhUtBT2HGJWU/6oaNHqpx
2eO3IWx4BSudNgdz3gXP196yqunFm/JzRBV4vk2Gz/QzzvN+7mknooKb6Y65nzrL
4S2iExQn4St9bqw5v0FzgZLzcLVpO3ogAnYaKJNCrqcsYHLeSvIL9R1KpmVWJf75
4dzrd8GA1nNujig8Y3hLd1Qfyy1VE8Vk6hM0WNQ94q65
-----END CERTIFICATE-----