Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/cC3lAJ9r4WSIdTSs0iz0AuHlb-k.roa
File:                     cC3lAJ9r4WSIdTSs0iz0AuHlb-k.roa (raw, json)
Hash identifier:          C6d8jjkPLMpUpaBO3j+Mr9ssNE1PISN5/9NuP0DEKRs=
Subject key identifier:   70:2D:E5:00:9F:6B:E1:64:88:75:34:AC:D2:2C:F4:02:E1:E5:6F:E9
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DED22216A821A91995FEE0CA3DB46A5D9
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/cC3lAJ9r4WSIdTSs0iz0AuHlb-k.roa
Signing time:             Sun 03 May 2026 09:18:50 +0000
ROA not before:           Sun 03 May 2026 09:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        212.134.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ed:22:21:6a:82:1a:91:99:5f:ee:0c:a3:db:46:a5:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May  3 09:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=702de5009f6be164887534acd22cf402e1e56fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8b:5e:27:a7:ef:1a:b0:b9:cf:0d:fe:ad:28:
                    ca:a0:9e:f4:cd:cc:f6:a5:08:82:88:8e:e5:de:18:
                    b7:64:8e:e8:ca:80:33:fb:4f:3d:21:7c:ac:18:e5:
                    cf:4b:b2:1a:5e:13:33:da:59:68:84:9b:c0:8d:8e:
                    cf:0d:89:91:31:a2:41:5c:dd:28:8a:71:c6:bf:f6:
                    b7:54:bc:28:23:d5:c9:a8:3e:34:2b:e7:4b:fb:65:
                    a5:12:1f:e5:5e:da:8f:25:8b:8e:04:21:fd:1c:bd:
                    3e:27:af:4d:32:d2:86:60:1f:29:86:3f:61:3f:a4:
                    6c:43:25:0a:85:b4:bf:37:57:21:aa:98:38:d6:c9:
                    2c:40:8f:b6:d0:e3:53:c4:43:36:7f:1b:3a:24:0a:
                    2e:af:2b:18:1a:a3:e6:95:2e:70:16:07:1a:c7:8e:
                    46:c7:fa:25:59:cc:1a:26:64:97:39:08:f6:44:66:
                    df:79:2b:5a:68:bd:5b:29:08:90:58:8c:ed:ba:fe:
                    1a:fd:12:5a:13:65:ca:09:0c:de:15:f7:47:ef:83:
                    63:4c:71:a4:96:96:1d:d4:59:23:08:08:07:75:36:
                    8e:c0:04:28:46:db:2f:76:18:69:a1:98:53:a1:98:
                    e7:98:d5:0d:7f:9d:e0:17:44:5e:d5:e6:cd:3c:ef:
                    c7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:2D:E5:00:9F:6B:E1:64:88:75:34:AC:D2:2C:F4:02:E1:E5:6F:E9
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/cC3lAJ9r4WSIdTSs0iz0AuHlb-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ac:97:4d:25:26:fb:8e:2e:6b:16:12:b9:77:8d:b1:ee:f1:
         fd:48:d0:f7:bd:5a:9a:99:c2:f9:b8:42:34:a4:fa:88:0b:a5:
         e7:44:1c:aa:9d:80:73:08:e4:f5:a9:43:7e:61:8a:d6:f9:4e:
         76:c4:44:39:5e:04:3b:18:7f:6f:19:10:9e:29:2c:6b:fc:27:
         f7:17:d8:0e:bf:7a:61:6f:e4:ad:c9:22:e0:35:07:89:c4:cd:
         66:fa:f2:dc:00:d3:4e:07:a2:da:1d:4d:39:12:81:b7:da:03:
         1d:56:af:c0:6a:06:f7:d2:56:d6:a0:44:6b:fe:a2:f5:75:a1:
         12:29:52:7b:07:b7:6e:9d:31:3c:55:3b:39:14:53:01:8c:cb:
         d6:f6:30:ce:34:3d:e6:44:6b:7f:0e:d8:77:4d:83:b9:e1:c9:
         5b:43:73:a6:ad:3a:6f:fb:fe:7a:ba:4c:49:da:47:57:88:9a:
         77:d9:ba:15:9e:8f:59:33:98:70:db:c9:60:15:73:cd:c6:69:
         f6:98:c7:b9:04:86:11:03:f5:c8:b0:44:24:5b:23:03:d2:15:
         ba:7e:81:1a:5e:ad:09:10:7f:05:ef:0e:d9:6d:5f:fd:2f:2d:
         11:08:e3:cf:33:ef:35:f6:97:0d:df:6d:e5:cc:fb:ba:13:f6:
         f6:08:a6:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3tIiFqghqRmV/uDKPbRqXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTAzMDkxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDJkZTUwMDlmNmJlMTY0ODg3NTM0YWNkMjJjZjQwMmUxZTU2ZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYteJ6fvGrC5zw3+rSjKoJ70zcz2
pQiCiI7l3hi3ZI7oyoAz+089IXysGOXPS7IaXhMz2llohJvAjY7PDYmRMaJBXN0o
inHGv/a3VLwoI9XJqD40K+dL+2WlEh/lXtqPJYuOBCH9HL0+J69NMtKGYB8phj9h
P6RsQyUKhbS/N1chqpg41sksQI+20ONTxEM2fxs6JAourysYGqPmlS5wFgcax45G
x/olWcwaJmSXOQj2RGbfeStaaL1bKQiQWIztuv4a/RJaE2XKCQzeFfdH74NjTHGk
lpYd1FkjCAgHdTaOwAQoRtsvdhhpoZhToZjnmNUNf53gF0Re1ebNPO/HNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAt5QCfa+FkiHU0rNIs9ALh5W/pMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvY0MzbEFKOXI0V1NJZFRTczBpejBBdUhsYi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IYXMA0G
CSqGSIb3DQEBCwUAA4IBAQBCrJdNJSb7ji5rFhK5d42x7vH9SND3vVqamcL5uEI0
pPqIC6XnRByqnYBzCOT1qUN+YYrW+U52xEQ5XgQ7GH9vGRCeKSxr/Cf3F9gOv3ph
b+StySLgNQeJxM1m+vLcANNOB6LaHU05EoG32gMdVq/Aagb30lbWoERr/qL1daES
KVJ7B7dunTE8VTs5FFMBjMvW9jDOND3mRGt/Dth3TYO54clbQ3OmrTpv+/56ukxJ
2kdXiJp32boVno9ZM5hw28lgFXPNxmn2mMe5BIYRA/XIsEQkWyMD0hW6foEaXq0J
EH8F7w7ZbV/9Ly0RCOPPM+819pcN323lzPu6E/b2CKba
-----END CERTIFICATE-----