Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/MfQwMcV7k6wVuRzRD4r7VxyjRaE.roa
File:                     MfQwMcV7k6wVuRzRD4r7VxyjRaE.roa (raw, json)
Hash identifier:          gueYab/WTKN0uljS8RQ2ZRR41Q36HfGAm7SnQ9V7lY0=
Subject key identifier:   31:F4:30:31:C5:7B:93:AC:15:B9:1C:D1:0F:8A:FB:57:1C:A3:45:A1
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DBC3E8755B69CFF2436623881A373CB10
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/MfQwMcV7k6wVuRzRD4r7VxyjRaE.roa
Signing time:             Thu 23 Apr 2026 21:28:27 +0000
ROA not before:           Thu 23 Apr 2026 21:28:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205544
IP address blocks:        212.135.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bc:3e:87:55:b6:9c:ff:24:36:62:38:81:a3:73:cb:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 23 21:28:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31f43031c57b93ac15b91cd10f8afb571ca345a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7b:5f:02:7c:6e:2d:c7:6c:ee:28:7c:d2:21:
                    36:f7:d9:68:d2:c4:55:7c:5e:9f:fc:3b:30:1b:12:
                    7e:a4:1c:22:1a:09:20:3e:30:e9:0f:58:26:b4:86:
                    98:e0:b5:c7:06:52:05:6a:64:64:7a:14:6a:0c:46:
                    65:b7:ad:25:fa:16:86:e3:c7:73:d4:1c:04:ac:d0:
                    6f:2a:50:b2:8b:c4:4d:dd:92:5d:55:40:cc:a1:da:
                    13:c6:6d:7c:01:0d:02:a1:06:c5:43:15:65:54:b2:
                    be:ed:07:20:54:5b:29:89:b7:38:a5:6e:87:51:09:
                    f0:03:d6:e9:9e:c8:f0:d0:2e:37:5b:37:97:94:0e:
                    f5:ff:61:39:b3:01:be:bf:79:54:1d:bf:76:90:e5:
                    01:38:2d:37:d8:0d:0a:35:96:73:73:b2:e7:51:f5:
                    5d:27:4f:91:cd:1a:25:d6:51:1f:a2:54:b2:1d:0c:
                    71:36:1a:6f:3b:8a:d0:dc:b6:ab:f8:81:bc:69:59:
                    8d:d9:c5:77:85:c3:90:7f:df:1f:4f:d4:c3:00:56:
                    f7:83:56:12:4e:7f:f4:a2:0a:65:99:4f:67:d2:39:
                    dc:08:6f:d9:42:80:fd:c0:e4:1f:0a:8c:1b:df:5b:
                    33:04:78:e5:d1:8b:11:a2:8e:cb:4e:55:cd:62:ef:
                    de:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F4:30:31:C5:7B:93:AC:15:B9:1C:D1:0F:8A:FB:57:1C:A3:45:A1
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/MfQwMcV7k6wVuRzRD4r7VxyjRaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:34:96:5d:38:70:03:38:8c:28:43:0a:7b:57:ad:6c:fb:76:
         c2:f8:6f:2e:cf:b9:30:47:30:a1:4b:d8:73:62:23:38:6a:c5:
         00:e0:f6:8f:88:5a:e2:74:30:a0:ca:ad:1a:30:29:46:5a:34:
         9f:5e:76:20:9d:51:6c:50:88:7d:fa:3d:d9:c7:d6:37:84:32:
         c9:1d:d6:a4:88:27:fe:4c:6a:9f:57:f1:6c:8c:e3:be:65:9f:
         78:f9:bc:2b:7a:88:5d:be:f7:77:74:28:bb:c9:a8:b1:5b:1f:
         65:d4:4a:60:48:3d:e8:ff:19:ee:64:27:c4:c1:8e:f5:28:14:
         c6:bf:e4:04:a5:df:c3:c8:af:a9:8b:37:23:c4:55:03:66:f0:
         fa:09:15:72:80:80:8b:6c:63:60:d8:62:aa:60:e6:44:56:ad:
         ef:2a:b0:ee:d3:b2:46:56:65:de:fa:f0:0a:61:b3:2f:0c:66:
         e6:e2:84:45:b4:21:18:ac:ca:be:cd:0b:bd:8d:d7:e5:f4:6a:
         0d:10:f7:82:41:a3:1d:41:84:d7:4d:3f:fd:9a:f2:f0:50:66:
         84:63:b7:9b:1a:68:b3:0a:94:d6:c5:f5:16:e4:7e:40:28:72:
         fc:c2:84:8a:ef:84:d3:2c:98:96:74:00:2d:78:49:59:0d:75:
         b8:ba:72:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ28PodVtpz/JDZiOIGjc8sQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDIzMjEyODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWY0MzAzMWM1N2I5M2FjMTViOTFjZDEwZjhhZmI1NzFjYTM0NWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3tfAnxuLcds7ih80iE299lo0sRV
fF6f/DswGxJ+pBwiGgkgPjDpD1gmtIaY4LXHBlIFamRkehRqDEZlt60l+haG48dz
1BwErNBvKlCyi8RN3ZJdVUDModoTxm18AQ0CoQbFQxVlVLK+7QcgVFspibc4pW6H
UQnwA9bpnsjw0C43WzeXlA71/2E5swG+v3lUHb92kOUBOC032A0KNZZzc7LnUfVd
J0+RzRol1lEfolSyHQxxNhpvO4rQ3Lar+IG8aVmN2cV3hcOQf98fT9TDAFb3g1YS
Tn/0ogplmU9n0jncCG/ZQoD9wOQfCowb31szBHjl0YsRoo7LTlXNYu/e4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDH0MDHFe5OsFbkc0Q+K+1cco0WhMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvTWZRd01jVjdrNndWdVJ6UkQ0cjdWeHlqUmFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IeAMA0G
CSqGSIb3DQEBCwUAA4IBAQCANJZdOHADOIwoQwp7V61s+3bC+G8uz7kwRzChS9hz
YiM4asUA4PaPiFridDCgyq0aMClGWjSfXnYgnVFsUIh9+j3Zx9Y3hDLJHdakiCf+
TGqfV/FsjOO+ZZ94+bwreohdvvd3dCi7yaixWx9l1EpgSD3o/xnuZCfEwY71KBTG
v+QEpd/DyK+pizcjxFUDZvD6CRVygICLbGNg2GKqYOZEVq3vKrDu07JGVmXe+vAK
YbMvDGbm4oRFtCEYrMq+zQu9jdfl9GoNEPeCQaMdQYTXTT/9mvLwUGaEY7ebGmiz
CpTWxfUW5H5AKHL8woSK74TTLJiWdAAteElZDXW4unIz
-----END CERTIFICATE-----