Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/PdEgqGnhjpqLe4JxLqWHjdXydLc.roa
File:                     PdEgqGnhjpqLe4JxLqWHjdXydLc.roa (raw, json)
Hash identifier:          li5610WgjHU8jnZA2cIZHTYiB6BbcoPs8KdpYJ1PV9w=
Subject key identifier:   3D:D1:20:A8:69:E1:8E:9A:8B:7B:82:71:2E:A5:87:8D:D5:F2:74:B7
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       0199599140C150F065FE9C5FF4C895AA1B66
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/PdEgqGnhjpqLe4JxLqWHjdXydLc.roa
Signing time:             Wed 17 Sep 2025 21:25:15 +0000
ROA not before:           Wed 17 Sep 2025 21:25:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        212.134.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:59:91:40:c1:50:f0:65:fe:9c:5f:f4:c8:95:aa:1b:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Sep 17 21:25:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dd120a869e18e9a8b7b82712ea5878dd5f274b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:fc:43:26:e5:7a:6e:8b:db:4d:6d:80:24:f6:
                    b5:18:7b:7a:19:d1:00:0e:42:43:f7:ad:4f:e1:64:
                    4d:72:5e:3f:9a:29:cc:7a:ce:e6:35:02:2f:50:24:
                    d2:6f:72:cd:0e:dc:5c:93:29:75:15:a8:03:c8:24:
                    34:44:21:84:79:60:7d:c6:16:f6:06:73:ac:d2:34:
                    ab:38:5e:d9:7a:40:81:dc:1d:db:5a:d1:3c:3d:69:
                    be:67:45:00:96:5e:bd:af:34:de:31:d0:86:25:8c:
                    5b:b0:59:ed:9f:50:55:8c:8c:3d:84:12:e2:41:4f:
                    91:8d:6f:8a:dd:7a:ba:4d:a1:6f:e6:c5:72:a1:ae:
                    b0:40:18:b6:90:4d:3d:e4:d0:c5:cc:4b:b5:8d:40:
                    81:08:55:36:74:dc:b3:57:56:ef:31:91:16:94:69:
                    02:b0:eb:db:2b:6a:4b:7b:08:b4:11:c9:37:d5:3d:
                    b8:39:95:bb:49:2a:eb:12:ce:85:9a:74:e5:c9:36:
                    63:05:3e:b4:00:85:ca:80:42:08:8c:a5:44:3d:f8:
                    69:a4:f2:19:dc:af:21:75:1e:58:f8:c5:39:b9:7f:
                    68:ce:c9:76:c1:7d:f0:22:d4:09:3a:d6:a1:ae:c5:
                    b3:18:8f:86:03:94:e1:8e:54:a1:68:dd:dc:90:0d:
                    39:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D1:20:A8:69:E1:8E:9A:8B:7B:82:71:2E:A5:87:8D:D5:F2:74:B7
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/PdEgqGnhjpqLe4JxLqWHjdXydLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:f0:dd:ff:d3:c6:f5:4c:7c:88:43:e9:d3:fc:86:88:cc:67:
         bd:ea:3c:28:38:c3:4c:50:a3:b4:7f:38:af:f4:d1:e0:96:a0:
         f3:5b:0c:bd:2e:d9:97:78:c4:31:5e:96:9d:b5:87:57:2a:e0:
         0f:17:3f:2e:64:51:45:1a:36:37:9d:b5:f8:88:44:1c:2c:89:
         64:3d:d3:18:1a:a8:8f:aa:96:51:fd:09:bd:b6:fe:b8:17:85:
         8e:32:e8:93:52:8c:dc:3f:da:e4:68:70:83:ea:0e:81:c0:90:
         04:3f:23:8c:4a:0c:11:2e:86:a3:42:43:b9:bc:7e:ba:e4:33:
         bd:4d:15:64:bd:74:ff:a9:b6:46:1c:ef:5f:bb:bc:15:78:8c:
         9c:f7:cb:21:9f:18:b7:f7:8b:14:5d:e7:f3:78:df:44:c4:d2:
         14:92:e6:97:6b:a8:0b:40:58:5b:56:f3:3c:81:4f:30:ae:61:
         f1:98:dc:b5:f1:cb:0b:c9:24:dd:b9:14:86:cc:e1:ed:66:66:
         3f:80:b5:f5:c4:02:29:b1:0e:c8:7e:c1:8b:99:9b:40:52:2e:
         2f:e0:93:88:72:04:11:df:a8:75:8f:09:e7:6e:77:25:7b:8e:
         76:1a:78:5c:d1:9f:39:7a:e6:1d:c1:d3:5c:66:32:b0:31:aa:
         bb:8f:e6:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlZkUDBUPBl/pxf9MiVqhtmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwOTE3MjEyNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQxMjBhODY5ZTE4ZTlhOGI3YjgyNzEyZWE1ODc4ZGQ1ZjI3NGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8PxDJuV6bovbTW2AJPa1GHt6GdEA
DkJD961P4WRNcl4/minMes7mNQIvUCTSb3LNDtxckyl1FagDyCQ0RCGEeWB9xhb2
BnOs0jSrOF7ZekCB3B3bWtE8PWm+Z0UAll69rzTeMdCGJYxbsFntn1BVjIw9hBLi
QU+RjW+K3Xq6TaFv5sVyoa6wQBi2kE095NDFzEu1jUCBCFU2dNyzV1bvMZEWlGkC
sOvbK2pLewi0Eck31T24OZW7SSrrEs6FmnTlyTZjBT60AIXKgEIIjKVEPfhppPIZ
3K8hdR5Y+MU5uX9ozsl2wX3wItQJOtahrsWzGI+GA5ThjlShaN3ckA05AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3RIKhp4Y6ai3uCcS6lh43V8nS3MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvUGRFZ3FHbmhqcHFMZTRKeExxV0hqZFh5ZExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IYQMA0G
CSqGSIb3DQEBCwUAA4IBAQAM8N3/08b1THyIQ+nT/IaIzGe96jwoOMNMUKO0fziv
9NHglqDzWwy9LtmXeMQxXpadtYdXKuAPFz8uZFFFGjY3nbX4iEQcLIlkPdMYGqiP
qpZR/Qm9tv64F4WOMuiTUozcP9rkaHCD6g6BwJAEPyOMSgwRLoajQkO5vH665DO9
TRVkvXT/qbZGHO9fu7wVeIyc98shnxi394sUXefzeN9ExNIUkuaXa6gLQFhbVvM8
gU8wrmHxmNy18csLySTduRSGzOHtZmY/gLX1xAIpsQ7IfsGLmZtAUi4v4JOIcgQR
36h1jwnnbncle452Gnhc0Z85euYdwdNcZjKwMaq7j+aJ
-----END CERTIFICATE-----