Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/lLPUfB6AJE6CBK0d5Yu3K_IEvDU.roa
File:                     lLPUfB6AJE6CBK0d5Yu3K_IEvDU.roa (raw, json)
Hash identifier:          hVnoamEqtn6C0iLnLPcW5lStwSykV3dKrEcxMJNbQB0=
Subject key identifier:   94:B3:D4:7C:1E:80:24:4E:82:04:AD:1D:E5:8B:B7:2B:F2:04:BC:35
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019C27F667332D85D22C16E4C94CE12D9769
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/lLPUfB6AJE6CBK0d5Yu3K_IEvDU.roa
Signing time:             Wed 04 Feb 2026 09:23:05 +0000
ROA not before:           Wed 04 Feb 2026 09:23:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        212.134.88.0/24 maxlen: 24
                          212.134.95.0/24 maxlen: 24
                          212.135.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:27:f6:67:33:2d:85:d2:2c:16:e4:c9:4c:e1:2d:97:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Feb  4 09:23:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94b3d47c1e80244e8204ad1de58bb72bf204bc35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e5:82:5d:a6:8d:ef:f4:a6:bb:35:18:e9:06:
                    95:4b:40:20:58:e5:b9:cd:8f:a0:7d:3b:71:54:6c:
                    1b:0e:2c:03:58:91:14:75:ec:9d:fa:1a:6f:77:32:
                    22:81:3f:63:22:fc:c5:3e:09:dd:d3:a4:82:95:59:
                    71:f9:56:e3:63:3d:5c:e9:6b:93:21:f1:e8:77:34:
                    43:a7:b8:2e:b8:ae:2a:fa:ff:7d:60:fc:ce:15:17:
                    c0:4a:6e:c7:d1:7f:cb:9e:9b:e3:9a:0e:9b:91:49:
                    ca:de:b8:d2:74:9e:0e:f1:0b:bf:56:ea:45:cb:e1:
                    5f:b3:e8:61:df:ff:6c:17:b4:e5:a0:84:11:30:03:
                    f4:c9:c6:f2:9e:81:ac:ea:64:0e:fb:e9:c6:ae:b6:
                    40:b8:cb:13:f9:ff:8b:ef:ce:c7:02:e1:3e:2e:50:
                    3a:34:be:4f:f4:b1:cb:7e:79:5f:7f:b3:2a:ad:b5:
                    05:72:22:ec:87:03:85:47:23:af:75:a7:b5:cd:21:
                    d9:b4:2f:59:c9:81:bd:42:1b:17:1e:22:bd:96:7e:
                    ab:d2:0b:5d:53:3b:2e:be:bb:69:f5:ab:d4:2f:77:
                    55:11:2d:8b:7b:ca:6d:ec:ec:35:96:b9:74:6d:a6:
                    f7:4c:94:ab:67:c4:9f:d0:da:a3:34:fb:dd:c9:68:
                    d1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B3:D4:7C:1E:80:24:4E:82:04:AD:1D:E5:8B:B7:2B:F2:04:BC:35
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/lLPUfB6AJE6CBK0d5Yu3K_IEvDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.88.0/24
                  212.134.95.0/24
                  212.135.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:be:02:8b:3a:94:09:3d:dc:be:8e:22:e2:f1:d8:65:b8:18:
         bb:a1:06:3c:3b:83:f8:68:1d:df:2f:fd:c6:60:ca:de:71:90:
         f3:95:3f:ca:b4:69:11:2e:49:6a:be:44:ee:97:8e:4a:97:44:
         24:70:73:b8:17:19:05:54:5e:0f:1d:b6:a3:6b:47:22:93:f5:
         1f:32:93:07:ab:0c:be:ba:fc:70:5d:6d:f4:f4:b9:32:81:84:
         6f:d6:9e:00:79:92:43:be:f6:29:84:2d:3b:35:34:d2:ca:96:
         b2:c5:93:84:8f:7c:74:c3:b1:bc:2d:b2:76:2c:bf:ab:72:2b:
         f1:13:3c:ae:db:06:90:a9:5a:b9:be:c0:d4:53:36:3f:b8:68:
         77:b6:13:21:5c:83:48:4c:21:5b:c6:6f:74:65:ea:ea:e8:33:
         1b:18:75:e8:f6:b4:3f:15:3d:74:ed:07:08:ca:57:a6:28:75:
         69:f8:32:49:2d:27:d7:04:f6:65:49:f7:6f:8c:20:ef:f6:68:
         b0:76:62:1f:ba:f8:8c:73:9c:18:cd:2f:44:f3:89:40:c3:29:
         fa:be:07:91:38:47:7c:eb:88:29:4a:7b:ee:93:b6:f7:4a:16:
         b7:12:71:10:84:c3:91:d8:0c:c2:1f:c8:8e:6e:0d:4f:ca:90:
         a9:d4:93:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZwn9mczLYXSLBbkyUzhLZdpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMjA0MDkyMzA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGIzZDQ3YzFlODAyNDRlODIwNGFkMWRlNThiYjcyYmYyMDRiYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+WCXaaN7/SmuzUY6QaVS0AgWOW5
zY+gfTtxVGwbDiwDWJEUdeyd+hpvdzIigT9jIvzFPgnd06SClVlx+VbjYz1c6WuT
IfHodzRDp7guuK4q+v99YPzOFRfASm7H0X/Lnpvjmg6bkUnK3rjSdJ4O8Qu/VupF
y+Ffs+hh3/9sF7TloIQRMAP0ycbynoGs6mQO++nGrrZAuMsT+f+L787HAuE+LlA6
NL5P9LHLfnlff7MqrbUFciLshwOFRyOvdae1zSHZtC9ZyYG9QhsXHiK9ln6r0gtd
Uzsuvrtp9avUL3dVES2Le8pt7Ow1lrl0bab3TJSrZ8Sf0NqjNPvdyWjRdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJSz1HwegCROggStHeWLtyvyBLw1MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvbExQVWZCNkFKRTZDQkswZDVZdTNLX0lFdkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1IZYAwQA
1IZfAwQC1IfAMA0GCSqGSIb3DQEBCwUAA4IBAQAevgKLOpQJPdy+jiLi8dhluBi7
oQY8O4P4aB3fL/3GYMrecZDzlT/KtGkRLklqvkTul45Kl0QkcHO4FxkFVF4PHbaj
a0cik/UfMpMHqwy+uvxwXW309LkygYRv1p4AeZJDvvYphC07NTTSypayxZOEj3x0
w7G8LbJ2LL+rcivxEzyu2waQqVq5vsDUUzY/uGh3thMhXINITCFbxm90Zerq6DMb
GHXo9rQ/FT107QcIylemKHVp+DJJLSfXBPZlSfdvjCDv9miwdmIfuviMc5wYzS9E
84lAwyn6vgeROEd864gpSnvuk7b3Sha3EnEQhMOR2AzCH8iObg1PypCp1JMI
-----END CERTIFICATE-----