Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/T5paJPb9Me-IT6IZKiXiZH-Bdrk.roa
File:                     T5paJPb9Me-IT6IZKiXiZH-Bdrk.roa (raw, json)
Hash identifier:          at2RU/nqsw/8AJ/p/xvQRVuidsArNOMLqm1fh2M4Two=
Subject key identifier:   4F:9A:5A:24:F6:FD:31:EF:88:4F:A2:19:2A:25:E2:64:7F:81:76:B9
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EDB186207E32F97B449C390C3CD8626DB
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/T5paJPb9Me-IT6IZKiXiZH-Bdrk.roa
Signing time:             Thu 18 Jun 2026 14:17:48 +0000
ROA not before:           Thu 18 Jun 2026 14:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215935
IP address blocks:        212.134.134.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Jun 2026 15:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:db:18:62:07:e3:2f:97:b4:49:c3:90:c3:cd:86:26:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 18 14:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f9a5a24f6fd31ef884fa2192a25e2647f8176b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5b:10:64:6b:81:ca:ff:4f:82:0d:35:0a:d4:
                    7d:f1:0c:43:77:b2:9e:d8:e1:72:0b:c3:4f:40:b7:
                    3b:91:83:14:19:69:d2:04:19:63:35:3f:6b:7b:4e:
                    bc:75:b6:a2:b6:d6:75:8e:23:e3:4c:a4:a8:a3:d2:
                    e5:80:bc:5c:e4:af:6e:3e:5f:d1:b1:a1:e6:c0:ca:
                    99:1a:8c:e2:4c:bf:26:ce:9f:a6:97:ea:8c:70:74:
                    c2:62:7b:36:ce:5b:6e:ae:81:5f:fb:e0:14:86:77:
                    18:c6:06:b3:30:47:a1:bc:58:8d:03:88:95:44:80:
                    06:20:a7:0c:9c:df:50:5c:0d:f3:f5:a7:e8:8b:9e:
                    68:f7:39:fb:30:7f:80:df:a3:39:22:51:c7:37:0c:
                    ae:8f:39:bd:6e:73:7f:c4:83:63:5c:42:e6:f4:8a:
                    0f:75:44:83:63:cb:b1:4f:25:8f:61:6e:46:ee:49:
                    20:04:1b:e8:78:c2:81:10:99:f3:59:a3:99:8a:be:
                    59:11:90:24:95:75:a5:85:be:03:8e:fb:73:9a:b2:
                    c6:48:ec:d7:61:2c:2b:d8:93:b1:78:c5:81:b8:6b:
                    bf:fa:09:c9:8f:3e:39:95:31:81:84:24:aa:d6:f1:
                    03:74:f9:d0:65:9b:15:75:51:fe:ba:48:56:d7:ff:
                    df:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:9A:5A:24:F6:FD:31:EF:88:4F:A2:19:2A:25:E2:64:7F:81:76:B9
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/T5paJPb9Me-IT6IZKiXiZH-Bdrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:92:a1:a9:a2:6a:59:f2:d7:80:ce:bb:b8:26:f1:41:13:94:
         ba:bd:64:f0:ba:55:b6:46:0a:bf:ff:3d:56:41:21:9f:b0:f5:
         c7:4b:2b:29:c6:01:2a:b8:fb:8a:8b:25:bb:bc:7d:4d:74:83:
         0b:c8:9c:7d:89:18:2c:a5:dd:78:c2:fe:3d:2e:d6:19:33:b1:
         9b:a8:90:a0:17:17:a4:f5:52:df:5e:37:e9:46:f2:61:a2:f8:
         e8:4f:c2:df:f2:a8:31:60:3b:df:0a:d0:8f:87:a0:25:3f:71:
         42:48:92:bb:af:e1:38:57:94:6d:a7:34:34:cb:cc:44:17:ed:
         80:24:ac:73:b0:ed:d4:cd:c2:6d:0e:b0:f4:16:25:65:79:c9:
         4e:ea:20:84:dd:72:ad:9c:15:8e:91:0a:20:db:c5:ee:90:94:
         ae:07:c9:18:87:8e:23:85:c3:15:10:65:ff:5d:f4:7e:52:c1:
         e4:54:b2:e5:f5:60:0c:a0:53:7a:a2:6e:aa:a4:7d:b5:ed:07:
         4c:09:7a:10:99:b3:6e:b3:3d:09:d9:d6:f3:9a:fb:60:a2:97:
         35:c1:32:60:d1:7b:c5:3e:47:7c:81:25:41:7c:ac:d7:cc:b1:
         85:92:a6:df:28:fe:fe:a7:2f:34:d1:fa:f4:33:15:65:42:67:
         e2:14:8d:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7bGGIH4y+XtEnDkMPNhibbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjE4MTQxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjlhNWEyNGY2ZmQzMWVmODg0ZmEyMTkyYTI1ZTI2NDdmODE3NmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFsQZGuByv9Pgg01CtR98QxDd7Ke
2OFyC8NPQLc7kYMUGWnSBBljNT9re068dbaittZ1jiPjTKSoo9LlgLxc5K9uPl/R
saHmwMqZGoziTL8mzp+ml+qMcHTCYns2zlturoFf++AUhncYxgazMEehvFiNA4iV
RIAGIKcMnN9QXA3z9afoi55o9zn7MH+A36M5IlHHNwyujzm9bnN/xINjXELm9IoP
dUSDY8uxTyWPYW5G7kkgBBvoeMKBEJnzWaOZir5ZEZAklXWlhb4DjvtzmrLGSOzX
YSwr2JOxeMWBuGu/+gnJjz45lTGBhCSq1vEDdPnQZZsVdVH+ukhW1//fuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+aWiT2/THviE+iGSol4mR/gXa5MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvVDVwYUpQYjlNZS1JVDZJWktpWGlaSC1CZHJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1IaGMA0G
CSqGSIb3DQEBCwUAA4IBAQCMkqGpompZ8teAzru4JvFBE5S6vWTwulW2Rgq//z1W
QSGfsPXHSyspxgEquPuKiyW7vH1NdIMLyJx9iRgspd14wv49LtYZM7GbqJCgFxek
9VLfXjfpRvJhovjoT8Lf8qgxYDvfCtCPh6AlP3FCSJK7r+E4V5RtpzQ0y8xEF+2A
JKxzsO3UzcJtDrD0FiVleclO6iCE3XKtnBWOkQog28XukJSuB8kYh44jhcMVEGX/
XfR+UsHkVLLl9WAMoFN6om6qpH217QdMCXoQmbNusz0J2dbzmvtgopc1wTJg0XvF
Pkd8gSVBfKzXzLGFkqbfKP7+py800fr0MxVlQmfiFI1/
-----END CERTIFICATE-----