Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/V-mQNcMv6ASTmlXQlssUgCNQyWQ.roa
File:                     V-mQNcMv6ASTmlXQlssUgCNQyWQ.roa (raw, json)
Hash identifier:          prrC2dcIJuQFP2bCHe8Xgkoxq9d4gDNJi8D7ZkQp7mY=
Subject key identifier:   57:E9:90:35:C3:2F:E8:04:93:9A:55:D0:96:CB:14:80:23:50:C9:64
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DB49F88C345B4B4652B3B9623067CA975
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/V-mQNcMv6ASTmlXQlssUgCNQyWQ.roa
Signing time:             Wed 22 Apr 2026 09:57:27 +0000
ROA not before:           Wed 22 Apr 2026 09:57:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153671
IP address blocks:        212.135.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:9f:88:c3:45:b4:b4:65:2b:3b:96:23:06:7c:a9:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 22 09:57:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=57e99035c32fe804939a55d096cb14802350c964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:2b:12:ed:1a:31:d5:8c:d4:c5:cb:4a:1f:dd:
                    c4:90:16:26:dd:cd:9a:71:e0:26:90:a5:4e:51:e9:
                    ac:2e:7c:a3:8b:36:07:52:80:40:44:ac:a9:b3:06:
                    51:c5:5c:ba:30:6b:13:1c:48:fd:ef:87:af:0e:4e:
                    0f:5a:5f:7f:5e:ff:1e:92:f1:f2:ed:2c:1a:c3:6a:
                    2b:50:ea:14:7b:8b:33:c0:3c:d4:39:a4:47:86:26:
                    71:43:00:52:10:97:fd:57:71:b8:56:62:91:a1:35:
                    84:8e:fa:e1:ca:cf:54:1c:85:68:f6:da:10:63:a7:
                    67:4e:f1:02:cc:84:2c:67:0a:b7:bd:ee:b6:4c:67:
                    ac:90:fb:c4:db:31:ef:5d:08:1b:2b:0d:dd:6b:0e:
                    ce:bd:26:d2:83:24:63:7f:96:d0:5c:ab:63:ab:20:
                    bb:e6:d5:02:6a:21:60:b1:a9:5c:9f:c6:06:a3:ea:
                    7d:6e:00:b4:f7:f7:70:63:4f:0e:64:76:0c:32:47:
                    1c:24:73:47:30:78:40:c9:58:26:2d:e9:d4:d9:42:
                    4b:20:17:6f:d3:2e:70:ac:4a:20:e1:40:5a:de:59:
                    e5:13:85:c5:71:c6:20:1b:21:a2:1e:0a:de:00:ba:
                    5f:05:04:07:30:28:a8:47:2d:44:44:8d:21:44:f6:
                    a5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E9:90:35:C3:2F:E8:04:93:9A:55:D0:96:CB:14:80:23:50:C9:64
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/V-mQNcMv6ASTmlXQlssUgCNQyWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:ac:7d:94:5d:c0:28:f7:e2:5f:79:b4:2d:a2:83:70:87:f9:
         41:e5:62:f3:4c:27:85:a0:66:02:96:fd:7e:48:99:64:07:17:
         9a:10:95:eb:12:48:5b:c8:39:40:a0:1b:74:5c:15:25:e8:d3:
         72:fa:c6:90:fe:c0:00:58:c6:ce:aa:57:a7:63:7c:61:2f:fd:
         cc:5f:1c:6a:05:25:ed:02:5e:28:9c:13:40:97:4c:11:70:34:
         f6:0a:f0:21:79:89:b3:85:16:48:f3:fe:ae:82:d6:ce:62:f5:
         58:2c:b2:ee:26:83:f6:7a:77:a1:55:d0:69:ee:a5:6c:fb:99:
         88:85:c8:01:91:01:7d:b1:ea:d6:49:3a:3a:76:a9:89:3c:3b:
         34:d3:7c:ba:25:50:95:d7:5e:ad:78:13:ea:56:15:ad:f1:d7:
         80:4b:c5:a1:a9:01:cf:ea:47:a9:30:69:fe:7c:c0:78:b2:5a:
         15:2c:44:57:2f:b5:38:4c:45:c1:0a:c8:16:24:5b:6f:48:b5:
         f6:cd:3e:aa:66:19:c9:fe:70:b9:04:e4:6a:c0:66:00:20:70:
         f7:3e:b0:8a:c3:f5:54:2a:de:94:bf:ad:7b:de:94:9f:05:21:
         41:b3:7a:8d:14:84:bb:a6:b7:12:95:dd:9e:b6:9d:67:0f:70:
         cd:2f:f7:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20n4jDRbS0ZSs7liMGfKl1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDIyMDk1NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2U5OTAzNWMzMmZlODA0OTM5YTU1ZDA5NmNiMTQ4MDIzNTBjOTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0isS7Rox1YzUxctKH93EkBYm3c2a
ceAmkKVOUemsLnyjizYHUoBARKypswZRxVy6MGsTHEj974evDk4PWl9/Xv8ekvHy
7Swaw2orUOoUe4szwDzUOaRHhiZxQwBSEJf9V3G4VmKRoTWEjvrhys9UHIVo9toQ
Y6dnTvECzIQsZwq3ve62TGeskPvE2zHvXQgbKw3daw7OvSbSgyRjf5bQXKtjqyC7
5tUCaiFgsalcn8YGo+p9bgC09/dwY08OZHYMMkccJHNHMHhAyVgmLenU2UJLIBdv
0y5wrEog4UBa3lnlE4XFccYgGyGiHgreALpfBQQHMCioRy1ERI0hRPalOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfpkDXDL+gEk5pV0JbLFIAjUMlkMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvVi1tUU5jTXY2QVNUbWxYUWxzc1VnQ05ReVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IenMA0G
CSqGSIb3DQEBCwUAA4IBAQB+rH2UXcAo9+JfebQtooNwh/lB5WLzTCeFoGYClv1+
SJlkBxeaEJXrEkhbyDlAoBt0XBUl6NNy+saQ/sAAWMbOqlenY3xhL/3MXxxqBSXt
Al4onBNAl0wRcDT2CvAheYmzhRZI8/6ugtbOYvVYLLLuJoP2enehVdBp7qVs+5mI
hcgBkQF9serWSTo6dqmJPDs003y6JVCV116teBPqVhWt8deAS8WhqQHP6kepMGn+
fMB4sloVLERXL7U4TEXBCsgWJFtvSLX2zT6qZhnJ/nC5BORqwGYAIHD3PrCKw/VU
Kt6Uv6173pSfBSFBs3qNFIS7prcSld2etp1nD3DNL/dc
-----END CERTIFICATE-----