Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/RqQNVnuHViibX9CoiyJK_b3a6Dg.roa
File:                     RqQNVnuHViibX9CoiyJK_b3a6Dg.roa (raw, json)
Hash identifier:          OBsB6P1HSiWQLBSPQwf3vtTlTtE8nL9ilMaZtqveD0A=
Subject key identifier:   46:A4:0D:56:7B:87:56:28:9B:5F:D0:A8:8B:22:4A:FD:BD:DA:E8:38
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019A6CEF5E811F8B43A116BFA4503767422D
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/RqQNVnuHViibX9CoiyJK_b3a6Dg.roa
Signing time:             Mon 10 Nov 2025 08:43:37 +0000
ROA not before:           Mon 10 Nov 2025 08:43:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53755
IP address blocks:        212.134.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6c:ef:5e:81:1f:8b:43:a1:16:bf:a4:50:37:67:42:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Nov 10 08:43:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46a40d567b8756289b5fd0a88b224afdbddae838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:13:a3:00:21:a2:43:50:40:29:4a:73:b7:a4:
                    57:50:87:c7:13:33:f3:ec:7c:57:18:d3:76:fc:61:
                    53:b6:85:e9:57:1c:be:36:8b:6f:08:1b:bc:f7:29:
                    94:08:97:12:6b:0e:63:d8:3d:72:23:30:d2:4b:74:
                    7e:91:35:88:28:4f:68:ce:28:83:00:a8:21:f7:72:
                    68:3a:04:1d:58:ff:94:ba:5f:26:4d:49:0a:2e:b3:
                    cb:44:c4:a5:56:39:b6:df:2a:5b:cb:05:ca:e6:4e:
                    5c:c8:c2:a4:2d:95:c1:46:27:d4:70:71:9a:db:09:
                    d6:38:71:ae:82:79:96:84:f6:d8:ed:76:dd:d4:8e:
                    d4:61:06:97:f8:31:72:13:8b:cb:79:f5:0f:fd:a0:
                    61:9c:90:99:e8:8c:fc:03:fe:17:5a:93:53:67:09:
                    a0:22:fc:3c:a3:a6:4e:6e:88:0f:0c:3e:a2:e6:21:
                    d3:7a:e3:22:eb:4a:7c:93:59:c4:88:97:1d:69:26:
                    fe:a1:94:cf:f2:5e:57:43:bd:71:06:61:7d:03:be:
                    95:dd:88:9c:be:86:63:41:dc:86:d1:e0:23:2a:62:
                    74:c2:06:0d:93:46:96:b9:fa:2a:10:2e:a9:5e:80:
                    ab:ab:a1:a4:09:8c:53:e3:15:ef:29:a5:28:bd:2d:
                    14:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A4:0D:56:7B:87:56:28:9B:5F:D0:A8:8B:22:4A:FD:BD:DA:E8:38
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/RqQNVnuHViibX9CoiyJK_b3a6Dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:a9:65:51:8a:2d:e5:b3:83:fe:df:e3:95:25:21:a7:15:12:
         30:c6:bf:1a:16:9a:82:ca:3d:10:56:6b:2e:54:4c:a9:13:17:
         bf:ba:27:f0:d9:c2:c7:f8:b4:0a:26:ff:5c:78:0f:e6:67:04:
         58:17:3e:c2:ca:2d:88:ae:b2:40:3a:7e:37:1a:3d:8e:37:80:
         df:0b:d8:f7:2e:5d:57:97:5b:e8:35:81:4d:2f:07:ce:c3:13:
         ae:70:c3:80:72:bf:52:8b:51:9b:ac:70:2f:10:a2:30:7a:49:
         84:43:3f:32:ae:8b:8b:95:75:1f:d2:3d:9b:0d:53:5d:e7:39:
         f2:0f:fa:96:11:87:b4:46:1b:14:e4:88:19:65:c3:ae:eb:ab:
         b6:a8:a2:fe:4a:5f:5e:67:c9:93:56:00:a3:1a:ea:d2:70:07:
         60:42:43:44:f6:d7:1e:72:8f:1f:ab:eb:28:d6:3b:ec:15:5c:
         04:5d:03:9e:ed:f5:fe:1c:3e:55:4e:56:d6:9d:19:33:c1:ad:
         ac:3b:2a:9a:ce:25:3e:7c:48:a3:01:4f:b7:21:b9:0d:b7:a3:
         02:ab:d5:dc:c6:da:f0:bf:95:e5:3c:76:85:bb:48:36:0b:be:
         b3:8d:d5:cf:9e:00:35:2a:f9:3b:9a:b6:95:b1:d5:81:8f:45:
         c2:77:26:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZps716BH4tDoRa/pFA3Z0ItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMTEwMDg0MzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmE0MGQ1NjdiODc1NjI4OWI1ZmQwYTg4YjIyNGFmZGJkZGFlODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ROjACGiQ1BAKUpzt6RXUIfHEzPz
7HxXGNN2/GFTtoXpVxy+NotvCBu89ymUCJcSaw5j2D1yIzDSS3R+kTWIKE9oziiD
AKgh93JoOgQdWP+Uul8mTUkKLrPLRMSlVjm23ypbywXK5k5cyMKkLZXBRifUcHGa
2wnWOHGugnmWhPbY7Xbd1I7UYQaX+DFyE4vLefUP/aBhnJCZ6Iz8A/4XWpNTZwmg
Ivw8o6ZObogPDD6i5iHTeuMi60p8k1nEiJcdaSb+oZTP8l5XQ71xBmF9A76V3Yic
voZjQdyG0eAjKmJ0wgYNk0aWufoqEC6pXoCrq6GkCYxT4xXvKaUovS0U/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEakDVZ7h1Yom1/QqIsiSv292ug4MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvUnFRTlZudUhWaWliWDlDb2l5SktfYjNhNkRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IY1MA0G
CSqGSIb3DQEBCwUAA4IBAQCPqWVRii3ls4P+3+OVJSGnFRIwxr8aFpqCyj0QVmsu
VEypExe/uifw2cLH+LQKJv9ceA/mZwRYFz7Cyi2IrrJAOn43Gj2ON4DfC9j3Ll1X
l1voNYFNLwfOwxOucMOAcr9Si1GbrHAvEKIwekmEQz8yrouLlXUf0j2bDVNd5zny
D/qWEYe0RhsU5IgZZcOu66u2qKL+Sl9eZ8mTVgCjGurScAdgQkNE9tceco8fq+so
1jvsFVwEXQOe7fX+HD5VTlbWnRkzwa2sOyqaziU+fEijAU+3IbkNt6MCq9Xcxtrw
v5XlPHaFu0g2C76zjdXPngA1Kvk7mraVsdWBj0XCdybR
-----END CERTIFICATE-----