Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/O2wPHb36n_ou21-C03wF0wBz_Zk.roa
File:                     O2wPHb36n_ou21-C03wF0wBz_Zk.roa (raw, json)
Hash identifier:          ze0uVbNUzgpwyr/WkerqLKUUmTfC4w85a7fZQt9k6O0=
Subject key identifier:   3B:6C:0F:1D:BD:FA:9F:FA:2E:DB:5F:82:D3:7C:05:D3:00:73:FD:99
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019CFF88EE35138E492041687207F298AAF9
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/O2wPHb36n_ou21-C03wF0wBz_Zk.roa
Signing time:             Wed 18 Mar 2026 06:01:29 +0000
ROA not before:           Wed 18 Mar 2026 06:01:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199524
IP address blocks:        212.134.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ff:88:ee:35:13:8e:49:20:41:68:72:07:f2:98:aa:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 18 06:01:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b6c0f1dbdfa9ffa2edb5f82d37c05d30073fd99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:51:7a:13:38:ee:24:bc:5b:40:5c:04:ce:01:
                    45:40:87:fa:04:17:03:ce:85:df:b3:a0:66:f3:0f:
                    a3:e5:1b:fa:7c:07:10:6d:38:00:2f:5b:62:f2:8c:
                    e8:a7:e6:b1:d2:c5:55:90:9d:f7:37:4d:57:6d:d1:
                    0c:b1:8d:09:8c:5f:c7:27:01:6f:9f:43:77:a5:ee:
                    22:d5:49:34:ee:f4:11:06:46:37:00:54:0a:62:10:
                    c2:54:fd:64:f4:cd:09:a3:50:d0:d5:89:87:9d:16:
                    82:ca:ec:6e:fa:1e:a5:37:23:f7:7a:31:87:79:95:
                    62:fd:da:e6:33:72:c7:ba:b6:df:b5:0f:6e:7d:a4:
                    75:2c:f1:d5:1d:57:8f:a8:96:92:96:18:17:e4:f6:
                    c5:2c:1c:59:b3:5f:21:90:a6:92:c7:b8:ff:54:8a:
                    59:01:b3:0f:ca:be:55:ce:91:30:76:b3:38:c2:d9:
                    db:2f:56:0c:c4:98:28:fa:cb:ac:e2:01:66:1b:0b:
                    69:f8:f9:d2:f0:a0:dc:1f:da:65:58:08:63:fd:c5:
                    6d:13:c0:56:8f:48:44:19:ef:a4:f4:c2:b9:ce:a8:
                    aa:79:a9:73:20:2c:c5:97:4b:09:4d:ca:0e:07:be:
                    dc:29:56:eb:70:73:99:8a:37:e5:30:62:43:7c:c5:
                    0d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:6C:0F:1D:BD:FA:9F:FA:2E:DB:5F:82:D3:7C:05:D3:00:73:FD:99
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/O2wPHb36n_ou21-C03wF0wBz_Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a3:5f:42:9d:50:ef:50:cc:3c:c1:40:f4:97:26:94:3a:fd:
         9b:94:e8:ba:c8:23:a0:fb:b1:d7:01:6c:8c:5c:17:9d:fb:27:
         58:77:72:0e:68:e1:0a:33:35:ed:c1:2d:7d:bd:ec:2d:84:7c:
         da:f9:6a:39:ae:64:63:c8:01:fa:45:d7:7a:d0:a2:03:e3:bb:
         aa:62:b1:34:bd:23:6e:ea:bb:9d:dc:1a:5c:70:4b:d5:ff:73:
         2f:10:69:9d:1a:d0:d3:bf:ed:a8:e7:8b:f0:2e:bf:b9:e8:00:
         09:62:e3:0a:c6:59:9c:84:82:fb:37:dd:d7:20:b6:2e:58:6c:
         9b:d8:87:ad:a6:a1:f8:21:70:d2:0d:a4:0a:cd:52:ae:f5:1c:
         3d:88:7e:41:b9:cb:15:89:42:83:1d:0a:88:94:41:e4:38:03:
         77:6a:7b:ae:ec:07:9e:55:f7:66:6b:6a:d8:bb:eb:3e:e0:36:
         ec:58:06:b4:d0:d7:3d:b2:e2:5e:88:3e:13:dd:0f:5e:1c:ec:
         25:b3:3c:12:92:9b:06:28:19:9d:29:a5:93:dd:9b:d4:d3:8a:
         94:36:ab:65:81:14:21:4f:dd:e2:e6:f7:e2:43:3e:14:e9:14:
         b7:4c:55:be:f3:a1:29:45:10:fa:3b:0f:4c:4b:a3:79:75:4d:
         95:85:31:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz/iO41E45JIEFocgfymKr5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzE4MDYwMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjZjMGYxZGJkZmE5ZmZhMmVkYjVmODJkMzdjMDVkMzAwNzNmZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFF6EzjuJLxbQFwEzgFFQIf6BBcD
zoXfs6Bm8w+j5Rv6fAcQbTgAL1ti8ozop+ax0sVVkJ33N01XbdEMsY0JjF/HJwFv
n0N3pe4i1Uk07vQRBkY3AFQKYhDCVP1k9M0Jo1DQ1YmHnRaCyuxu+h6lNyP3ejGH
eZVi/drmM3LHurbftQ9ufaR1LPHVHVePqJaSlhgX5PbFLBxZs18hkKaSx7j/VIpZ
AbMPyr5VzpEwdrM4wtnbL1YMxJgo+sus4gFmGwtp+PnS8KDcH9plWAhj/cVtE8BW
j0hEGe+k9MK5zqiqealzICzFl0sJTcoOB77cKVbrcHOZijflMGJDfMUNkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtsDx29+p/6LttfgtN8BdMAc/2ZMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvTzJ3UEhiMzZuX291MjEtQzAzd0Ywd0J6X1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IajMA0G
CSqGSIb3DQEBCwUAA4IBAQBOo19CnVDvUMw8wUD0lyaUOv2blOi6yCOg+7HXAWyM
XBed+ydYd3IOaOEKMzXtwS19vewthHza+Wo5rmRjyAH6Rdd60KID47uqYrE0vSNu
6rud3BpccEvV/3MvEGmdGtDTv+2o54vwLr+56AAJYuMKxlmchIL7N93XILYuWGyb
2IetpqH4IXDSDaQKzVKu9Rw9iH5BucsViUKDHQqIlEHkOAN3anuu7AeeVfdma2rY
u+s+4DbsWAa00Nc9suJeiD4T3Q9eHOwlszwSkpsGKBmdKaWT3ZvU04qUNqtlgRQh
T93i5vfiQz4U6RS3TFW+86EpRRD6Ow9MS6N5dU2VhTGQ
-----END CERTIFICATE-----