Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/lQUEM92Ff0YoffOt5-sYlWXmEh0.roa
File:                     lQUEM92Ff0YoffOt5-sYlWXmEh0.roa (raw, json)
Hash identifier:          vtzY545WxUzvamI917S97LnGpmTboy/tU+8/OU1JeKQ=
Subject key identifier:   95:05:04:33:DD:85:7F:46:28:7D:F3:AD:E7:EB:18:95:65:E6:12:1D
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D353B64BA9AF2261D5E005C4A35D69E2F
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/lQUEM92Ff0YoffOt5-sYlWXmEh0.roa
Signing time:             Sat 28 Mar 2026 16:16:17 +0000
ROA not before:           Sat 28 Mar 2026 16:16:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204942
IP address blocks:        212.134.229.0/24 maxlen: 24
                          212.134.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 00:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:35:3b:64:ba:9a:f2:26:1d:5e:00:5c:4a:35:d6:9e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 28 16:16:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95050433dd857f46287df3ade7eb189565e6121d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:db:fb:32:ce:71:f0:17:bf:2a:13:ac:07:6f:
                    83:4d:6f:6a:40:23:a6:17:61:20:8f:3e:62:53:b1:
                    12:b0:78:46:62:0c:75:2f:4f:5e:5f:2b:bc:cd:5b:
                    c4:26:0a:fb:8a:04:8f:cc:96:98:ac:7c:9a:80:68:
                    08:79:49:1a:67:11:26:68:cc:d7:98:87:0e:b0:b2:
                    80:0c:fa:7f:e8:e5:1e:33:32:90:35:3b:10:52:4c:
                    da:91:09:e5:9c:bd:15:45:82:a9:77:e8:5b:37:6a:
                    e8:b3:c2:3e:66:86:31:86:6e:12:a1:c9:77:8d:17:
                    a7:08:39:8f:c9:f1:dd:43:72:78:60:4c:41:76:8e:
                    94:f6:f3:24:ab:b1:86:78:04:dc:d1:0b:c0:38:73:
                    94:16:5b:39:45:92:b1:ce:97:fa:4e:1d:a2:69:64:
                    f0:a0:9f:f7:3a:e9:82:c4:03:7d:9d:a3:4f:cc:d3:
                    be:f4:b9:d7:dd:c7:64:a4:c0:4c:e0:a2:45:38:f9:
                    06:12:35:5c:1f:b8:af:f9:5f:54:bb:21:8d:91:99:
                    6c:87:58:db:5d:9a:bd:24:8a:6e:b6:ed:a9:a0:71:
                    2a:44:b8:32:cb:7f:82:37:d2:81:09:9c:58:3c:de:
                    18:5a:35:c9:4f:4c:24:3a:3d:ec:7c:78:90:28:fb:
                    2f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:05:04:33:DD:85:7F:46:28:7D:F3:AD:E7:EB:18:95:65:E6:12:1D
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/lQUEM92Ff0YoffOt5-sYlWXmEh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.229.0-212.134.230.255

    Signature Algorithm: sha256WithRSAEncryption
         54:4f:fb:aa:d0:27:3e:dc:17:7e:64:ff:e9:31:22:c3:c4:04:
         c5:e5:cd:7a:20:b8:86:17:a7:d4:5e:95:a0:14:01:ee:44:53:
         3d:fa:93:ab:77:8f:98:bd:fe:d5:5f:b8:92:43:c1:2d:ff:36:
         e7:1b:d2:ab:b2:94:80:e3:d4:69:e5:5f:1f:a6:6f:62:48:e9:
         99:ac:90:ba:0d:aa:fc:f0:55:98:97:ae:79:6d:f1:7f:1f:ba:
         b9:83:db:3d:82:62:dc:7b:39:5b:aa:69:8a:c5:2a:80:a2:7c:
         87:af:48:8b:f7:61:4f:c1:b5:73:ef:b0:0a:eb:12:e7:a6:aa:
         1d:d0:93:43:25:77:7b:00:c7:db:73:40:f9:9a:2f:d8:b7:45:
         ea:aa:a3:56:3d:55:25:96:c8:3f:df:82:a4:69:58:11:43:69:
         9b:d8:e5:67:9b:97:98:92:1c:72:52:47:33:3a:76:74:a3:57:
         f4:2c:c4:e2:3b:7d:2e:4e:b8:c1:22:2d:70:fc:43:fe:fd:48:
         ff:06:a2:e7:de:94:f5:44:1b:49:78:fb:73:cf:5d:73:e9:86:
         13:9f:ff:41:bc:36:49:7e:74:ec:d1:0a:cb:32:f8:fa:f9:f7:
         e6:3a:98:eb:3b:09:ae:b4:a3:bc:57:71:c0:88:41:e0:36:31:
         e1:68:be:2e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ01O2S6mvImHV4AXEo11p4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzI4MTYxNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTA1MDQzM2RkODU3ZjQ2Mjg3ZGYzYWRlN2ViMTg5NTY1ZTYxMjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59v7Ms5x8Be/KhOsB2+DTW9qQCOm
F2Egjz5iU7ESsHhGYgx1L09eXyu8zVvEJgr7igSPzJaYrHyagGgIeUkaZxEmaMzX
mIcOsLKADPp/6OUeMzKQNTsQUkzakQnlnL0VRYKpd+hbN2ros8I+ZoYxhm4Socl3
jRenCDmPyfHdQ3J4YExBdo6U9vMkq7GGeATc0QvAOHOUFls5RZKxzpf6Th2iaWTw
oJ/3OumCxAN9naNPzNO+9LnX3cdkpMBM4KJFOPkGEjVcH7iv+V9UuyGNkZlsh1jb
XZq9JIputu2poHEqRLgyy3+CN9KBCZxYPN4YWjXJT0wkOj3sfHiQKPsvPQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJUFBDPdhX9GKH3zrefrGJVl5hIdMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvbFFVRU05MkZmMFlvZmZPdDUtc1lsV1htRWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADUhuUD
BADUhuYwDQYJKoZIhvcNAQELBQADggEBAFRP+6rQJz7cF35k/+kxIsPEBMXlzXog
uIYXp9RelaAUAe5EUz36k6t3j5i9/tVfuJJDwS3/Nucb0quylIDj1GnlXx+mb2JI
6ZmskLoNqvzwVZiXrnlt8X8furmD2z2CYtx7OVuqaYrFKoCifIevSIv3YU/BtXPv
sArrEuemqh3Qk0Mld3sAx9tzQPmaL9i3Reqqo1Y9VSWWyD/fgqRpWBFDaZvY5Web
l5iSHHJSRzM6dnSjV/QsxOI7fS5OuMEiLXD8Q/79SP8GoufelPVEG0l4+3PPXXPp
hhOf/0G8Nkl+dOzRCssy+Pr59+Y6mOs7Ca60o7xXccCIQeA2MeFovi4=
-----END CERTIFICATE-----