Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/M82EoNaCJpGtDY6ksjwBA-bSHeQ.roa
File:                     M82EoNaCJpGtDY6ksjwBA-bSHeQ.roa (raw, json)
Hash identifier:          aX4YlJSO5jdSHeO3wX0/65djMrJKjmQiTWet13vbwU8=
Subject key identifier:   33:CD:84:A0:D6:82:26:91:AD:0D:8E:A4:B2:3C:01:03:E6:D2:1D:E4
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019CBD7CEE1EBC060B7AF24D17C97D910ECD
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/M82EoNaCJpGtDY6ksjwBA-bSHeQ.roa
Signing time:             Thu 05 Mar 2026 10:13:27 +0000
ROA not before:           Thu 05 Mar 2026 10:13:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61112
IP address blocks:        212.135.32.0/20 maxlen: 24
                          212.135.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 10:13:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:7c:ee:1e:bc:06:0b:7a:f2:4d:17:c9:7d:91:0e:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar  5 10:13:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=33cd84a0d6822691ad0d8ea4b23c0103e6d21de4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:23:01:6d:d4:ed:e8:0d:60:2d:79:20:cc:97:
                    b8:b3:19:9f:be:de:cd:1f:78:b3:17:0f:d8:e2:57:
                    98:74:d0:a8:06:35:17:45:34:7a:8d:7d:06:1c:7b:
                    0f:89:d2:05:2d:54:45:0d:46:54:b8:4b:25:92:bf:
                    73:58:51:5a:5d:39:11:d9:ac:50:27:96:e4:32:1c:
                    4c:ac:78:8c:b7:b5:a5:fc:d3:40:5a:e9:c1:b9:11:
                    a0:30:97:89:1a:1c:e1:8a:3d:e7:14:e4:b1:bf:f1:
                    46:cf:7a:6f:61:76:8b:7b:0f:4f:f2:20:40:50:2a:
                    0d:b1:4b:98:aa:04:b6:a7:60:2c:84:c1:2e:3d:33:
                    b2:5d:6d:79:e0:0d:8a:3e:02:e7:26:0c:a5:f7:e9:
                    dd:28:61:e9:ed:2a:7b:ba:e7:67:be:d4:42:12:24:
                    7e:8d:08:eb:ad:65:98:68:7e:30:12:05:c3:e5:4f:
                    8a:71:9c:57:78:3c:13:33:1e:f1:7c:cb:36:d9:35:
                    35:64:7c:4d:26:56:bb:a3:e7:a1:07:84:48:89:fd:
                    e0:35:63:23:9e:fe:b8:68:1d:62:d6:aa:4a:30:dc:
                    53:99:cf:e7:61:b6:17:28:aa:d0:5e:7b:8b:4d:1b:
                    ca:04:ae:6f:cf:5e:7e:5c:e1:b0:54:f5:b7:79:e2:
                    63:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:CD:84:A0:D6:82:26:91:AD:0D:8E:A4:B2:3C:01:03:E6:D2:1D:E4
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/M82EoNaCJpGtDY6ksjwBA-bSHeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.32.0/20
                  212.135.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         41:01:9f:ca:a1:e1:34:01:d0:dc:c3:b4:4c:61:3d:77:e8:ba:
         80:28:1b:a6:04:03:d6:0f:8d:ac:94:c8:1d:73:21:34:e7:c6:
         f0:c1:ce:39:a7:0e:85:4b:0c:f4:cb:38:47:43:26:c5:f3:f8:
         bc:1f:3a:39:eb:ce:1d:ac:3d:8f:69:dd:03:c4:1e:a8:23:c4:
         cb:2f:75:d2:0c:5f:5c:68:77:9e:72:aa:c1:03:82:65:08:03:
         b6:89:3b:2c:9d:33:d3:d6:87:7a:b6:b8:dd:04:4d:2b:78:33:
         19:85:91:53:f9:1d:61:38:b5:8d:ea:fa:87:8c:79:12:26:31:
         43:95:b3:ea:2e:84:5a:a7:c3:ba:c5:91:07:fd:ba:4e:1c:1c:
         58:2c:75:73:4b:34:b1:89:23:05:cc:04:16:f1:ae:fd:02:5f:
         88:06:48:c5:23:b5:3f:73:36:c7:ef:f6:bb:19:bc:66:d0:7d:
         f0:b7:d8:a7:25:68:a5:bf:0c:02:bc:37:e0:2f:65:fd:26:41:
         b2:05:e4:b0:e3:00:c9:f9:79:9a:3a:90:8e:b7:e6:12:44:88:
         0f:9a:c7:e8:42:ff:23:9b:cd:c9:2d:db:f9:66:cc:d9:56:63:
         6e:aa:fd:64:5b:86:cb:02:ba:74:eb:29:1f:32:cf:55:f3:e6:
         c6:5a:99:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy9fO4evAYLevJNF8l9kQ7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzA1MTAxMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2NkODRhMGQ2ODIyNjkxYWQwZDhlYTRiMjNjMDEwM2U2ZDIxZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriMBbdTt6A1gLXkgzJe4sxmfvt7N
H3izFw/Y4leYdNCoBjUXRTR6jX0GHHsPidIFLVRFDUZUuEslkr9zWFFaXTkR2axQ
J5bkMhxMrHiMt7Wl/NNAWunBuRGgMJeJGhzhij3nFOSxv/FGz3pvYXaLew9P8iBA
UCoNsUuYqgS2p2AshMEuPTOyXW154A2KPgLnJgyl9+ndKGHp7Sp7uudnvtRCEiR+
jQjrrWWYaH4wEgXD5U+KcZxXeDwTMx7xfMs22TU1ZHxNJla7o+ehB4RIif3gNWMj
nv64aB1i1qpKMNxTmc/nYbYXKKrQXnuLTRvKBK5vz15+XOGwVPW3eeJjewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDPNhKDWgiaRrQ2OpLI8AQPm0h3kMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvTTgyRW9OYUNKcEd0RFk2a3Nqd0JBLWJTSGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQE1IcgAwQE
1IdwMA0GCSqGSIb3DQEBCwUAA4IBAQBBAZ/KoeE0AdDcw7RMYT136LqAKBumBAPW
D42slMgdcyE058bwwc45pw6FSwz0yzhHQybF8/i8Hzo5684drD2Pad0DxB6oI8TL
L3XSDF9caHeecqrBA4JlCAO2iTssnTPT1od6trjdBE0reDMZhZFT+R1hOLWN6vqH
jHkSJjFDlbPqLoRap8O6xZEH/bpOHBxYLHVzSzSxiSMFzAQW8a79Al+IBkjFI7U/
czbH7/a7Gbxm0H3wt9inJWilvwwCvDfgL2X9JkGyBeSw4wDJ+XmaOpCOt+YSRIgP
msfoQv8jm83JLdv5ZszZVmNuqv1kW4bLArp06ykfMs9V8+bGWpnG
-----END CERTIFICATE-----