Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/VFDcSSFSCdtj2D_K5QxpIVMpxcc.roa
File:                     VFDcSSFSCdtj2D_K5QxpIVMpxcc.roa (raw, json)
Hash identifier:          c+yjxUATT7qzUilLmcdAVDL1APple6I/aQF6q87qPzo=
Subject key identifier:   54:50:DC:49:21:52:09:DB:63:D8:3F:CA:E5:0C:69:21:53:29:C5:C7
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EDABBECE1C09EC9544DBD575B6E3EB75A
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/VFDcSSFSCdtj2D_K5QxpIVMpxcc.roa
Signing time:             Thu 18 Jun 2026 12:36:49 +0000
ROA not before:           Thu 18 Jun 2026 12:36:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        212.134.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Jun 2026 15:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:bb:ec:e1:c0:9e:c9:54:4d:bd:57:5b:6e:3e:b7:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 18 12:36:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5450dc49215209db63d83fcae50c69215329c5c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0c:f3:6d:78:01:3a:b9:59:05:79:ec:e7:b0:
                    56:43:3c:43:d3:4d:e0:cd:f5:b1:88:bd:ca:ac:d5:
                    8a:31:d1:99:c3:2f:cb:4d:a6:ad:86:d9:2d:c3:a7:
                    ba:3a:37:9f:f5:ed:0b:2e:f5:90:2c:31:7b:d6:29:
                    ec:fd:b4:4f:5b:41:fc:75:01:04:e6:37:37:27:1d:
                    c2:aa:4a:98:eb:fc:68:fc:c0:e0:6e:cf:8e:ba:6a:
                    8a:41:c4:77:3b:ef:a7:4c:cb:23:f5:c4:1f:c1:c8:
                    e9:a6:e6:48:1c:11:67:5f:a7:05:ba:61:ff:cd:7b:
                    96:e4:d9:67:91:62:19:b1:01:f5:c9:2b:af:60:70:
                    c8:da:89:60:4b:5d:87:da:e0:0e:6a:df:15:ea:35:
                    1b:f9:e7:4c:4f:dd:b4:cb:b1:8c:2b:11:97:53:bc:
                    51:dd:97:5e:77:77:90:b6:1f:ac:ff:9a:a8:b6:4f:
                    73:34:8c:eb:a0:53:bb:7c:5b:9d:a9:7b:06:87:69:
                    40:33:39:58:d7:71:0a:a2:6a:87:25:67:21:9b:b8:
                    1d:ad:a4:86:a6:bb:62:87:f0:b5:df:4e:df:d3:24:
                    58:48:4a:94:98:ce:07:1c:e3:15:b1:96:7c:b9:2f:
                    d0:63:3c:1e:a4:4a:3c:51:b7:b7:20:93:7e:07:80:
                    cc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:50:DC:49:21:52:09:DB:63:D8:3F:CA:E5:0C:69:21:53:29:C5:C7
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/VFDcSSFSCdtj2D_K5QxpIVMpxcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:27:f5:48:99:ea:e8:f0:65:69:1d:02:35:9f:57:d1:a4:30:
         3e:6e:93:8f:1a:bb:02:58:c4:84:63:d1:ed:be:41:c5:9f:69:
         c6:21:eb:3d:98:ad:9d:bb:73:9c:79:c0:e7:aa:d5:69:8e:9e:
         38:c7:00:dc:2f:0a:0e:08:36:e4:57:10:ba:ec:3c:5d:e7:10:
         4a:29:05:4a:d9:3c:cc:58:48:08:ce:7f:97:27:33:62:1d:01:
         b5:4c:ae:0a:06:30:88:34:d4:87:62:d5:80:5e:d8:0a:07:19:
         ca:d5:6c:18:75:c1:85:23:c1:fd:4e:8b:09:97:50:24:db:4c:
         7e:60:09:7f:a9:76:29:f1:d8:b3:58:26:b7:ee:1b:ee:07:a1:
         aa:39:cc:a2:9c:07:07:26:c2:c9:0d:51:b1:fb:3f:03:80:0c:
         ca:01:18:47:42:d8:29:a2:6e:50:c1:41:78:0d:75:34:61:d9:
         d7:c1:18:18:95:56:99:03:6a:1a:0e:f3:90:f1:0f:1d:dc:ee:
         7a:f1:fc:31:96:4d:4d:eb:79:28:09:2a:0b:6b:17:d3:69:91:
         b4:30:51:6e:3e:af:87:e8:5b:ec:36:7b:ea:d3:b3:bb:81:77:
         c9:15:6b:46:25:1c:88:55:a2:d5:89:5c:41:36:3f:12:8f:a9:
         f4:5c:42:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7au+zhwJ7JVE29V1tuPrdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjE4MTIzNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDUwZGM0OTIxNTIwOWRiNjNkODNmY2FlNTBjNjkyMTUzMjljNWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQzzbXgBOrlZBXns57BWQzxD003g
zfWxiL3KrNWKMdGZwy/LTaathtktw6e6Ojef9e0LLvWQLDF71ins/bRPW0H8dQEE
5jc3Jx3CqkqY6/xo/MDgbs+OumqKQcR3O++nTMsj9cQfwcjppuZIHBFnX6cFumH/
zXuW5NlnkWIZsQH1ySuvYHDI2olgS12H2uAOat8V6jUb+edMT920y7GMKxGXU7xR
3Zded3eQth+s/5qotk9zNIzroFO7fFudqXsGh2lAMzlY13EKomqHJWchm7gdraSG
prtih/C1307f0yRYSEqUmM4HHOMVsZZ8uS/QYzwepEo8Ube3IJN+B4DMgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRQ3EkhUgnbY9g/yuUMaSFTKcXHMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvVkZEY1NTRlNDZHRqMkRfSzVReHBJVk1weGNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IZkMA0G
CSqGSIb3DQEBCwUAA4IBAQC1J/VImero8GVpHQI1n1fRpDA+bpOPGrsCWMSEY9Ht
vkHFn2nGIes9mK2du3OcecDnqtVpjp44xwDcLwoOCDbkVxC67Dxd5xBKKQVK2TzM
WEgIzn+XJzNiHQG1TK4KBjCINNSHYtWAXtgKBxnK1WwYdcGFI8H9TosJl1Ak20x+
YAl/qXYp8dizWCa37hvuB6GqOcyinAcHJsLJDVGx+z8DgAzKARhHQtgpom5QwUF4
DXU0YdnXwRgYlVaZA2oaDvOQ8Q8d3O568fwxlk1N63koCSoLaxfTaZG0MFFuPq+H
6FvsNnvq07O7gXfJFWtGJRyIVaLViVxBNj8Sj6n0XEIm
-----END CERTIFICATE-----