Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/m36aNg27bhVfPb57L4N_rtpsmuk.roa
File:                     m36aNg27bhVfPb57L4N_rtpsmuk.roa (raw, json)
Hash identifier:          6W0YkgStjwEfrSB8Ae2TPCnaocDcq6fo7FxuRHF4JY8=
Subject key identifier:   9B:7E:9A:36:0D:BB:6E:15:5F:3D:BE:7B:2F:83:7F:AE:DA:6C:9A:E9
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E8664B5E8F8C63F03F7FCDFC9CA72D4E6
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/m36aNg27bhVfPb57L4N_rtpsmuk.roa
Signing time:             Tue 02 Jun 2026 03:33:27 +0000
ROA not before:           Tue 02 Jun 2026 03:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152324
IP address blocks:        212.134.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:86:64:b5:e8:f8:c6:3f:03:f7:fc:df:c9:ca:72:d4:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun  2 03:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b7e9a360dbb6e155f3dbe7b2f837faeda6c9ae9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7f:25:73:ef:55:d6:c2:d9:97:e3:e1:ae:3a:
                    d4:12:a5:dc:c5:5a:1b:0a:80:a1:5e:63:72:64:ec:
                    6a:65:f5:61:9d:8c:13:a3:62:56:37:0f:4d:b9:ad:
                    20:ff:69:b6:6b:ee:b9:5c:bb:4d:26:e8:6b:47:7a:
                    29:48:46:72:83:9a:20:5f:e4:d1:1a:c4:c6:12:55:
                    5c:08:38:28:59:54:4c:ef:b9:9c:78:11:e4:31:1d:
                    36:90:0d:a6:86:e5:55:1e:d9:ef:f4:90:69:de:16:
                    60:2a:bb:cd:43:32:dd:7d:19:53:43:53:cc:63:aa:
                    5a:52:b1:49:ac:e7:8f:96:e8:97:82:72:49:9c:5f:
                    31:8a:31:a1:c3:a4:98:c4:28:52:de:15:3d:54:1f:
                    65:33:74:30:81:a8:ad:4b:ce:69:27:5e:23:ed:82:
                    36:09:2f:18:8f:93:59:b1:46:ba:c9:6e:38:55:e1:
                    e0:46:9f:53:64:5c:b3:1e:37:8e:c8:02:f2:e6:fd:
                    81:24:5c:d0:e1:56:72:e3:c7:39:b2:76:73:40:6a:
                    93:9e:0f:d0:ae:d5:4f:bd:87:47:2f:db:bc:84:e9:
                    40:6d:5c:c0:d3:ed:c0:6d:de:1c:95:99:d9:9e:42:
                    1a:19:5f:83:55:a2:ab:dd:ec:37:f8:1f:ab:4d:d7:
                    80:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:7E:9A:36:0D:BB:6E:15:5F:3D:BE:7B:2F:83:7F:AE:DA:6C:9A:E9
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/m36aNg27bhVfPb57L4N_rtpsmuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:8a:d1:ac:43:7c:e8:ed:17:07:4b:1f:90:37:c5:ce:11:82:
         e4:9f:df:ee:8b:c5:75:6a:f7:70:e3:ec:a3:83:ac:8e:df:d7:
         7b:06:c9:1d:7e:3b:1e:b0:3e:18:a9:52:96:c9:3c:0c:c7:70:
         d5:ea:a4:25:42:a1:1d:2f:f5:d7:14:8f:2c:b5:f2:71:69:f7:
         d9:81:c3:72:75:14:f3:73:d6:6f:46:4e:e9:a3:e6:09:3d:27:
         5d:4b:3d:75:3c:d8:04:2a:45:30:8a:9e:71:31:1c:7a:cd:74:
         5e:ef:a3:f7:f9:fe:8d:f3:fb:4b:4f:8d:c2:bd:28:e2:9f:cc:
         3b:6d:cf:db:b6:46:6a:df:2e:fc:63:05:70:01:00:f4:d2:17:
         c4:77:01:30:71:ab:34:27:b4:cc:a4:3c:25:6e:47:8a:4a:d6:
         a7:9b:d6:05:63:d6:1c:d9:a8:76:08:6d:51:6a:42:1a:25:e7:
         be:08:7a:3b:31:ca:ae:90:7f:aa:a2:a2:96:70:1a:b4:64:4f:
         20:95:9e:b6:1d:0b:2b:7e:e4:8d:50:44:77:ec:02:4f:16:c4:
         c0:60:09:20:19:32:24:49:4f:9d:3d:6e:7c:99:2a:2d:4e:bc:
         d5:e9:e1:e4:b6:a5:18:1b:cd:b0:d3:1c:a6:18:83:40:a4:37:
         85:cc:93:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6GZLXo+MY/A/f838nKctTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjAyMDMzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjdlOWEzNjBkYmI2ZTE1NWYzZGJlN2IyZjgzN2ZhZWRhNmM5YWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX8lc+9V1sLZl+PhrjrUEqXcxVob
CoChXmNyZOxqZfVhnYwTo2JWNw9Nua0g/2m2a+65XLtNJuhrR3opSEZyg5ogX+TR
GsTGElVcCDgoWVRM77mceBHkMR02kA2mhuVVHtnv9JBp3hZgKrvNQzLdfRlTQ1PM
Y6paUrFJrOePluiXgnJJnF8xijGhw6SYxChS3hU9VB9lM3QwgaitS85pJ14j7YI2
CS8Yj5NZsUa6yW44VeHgRp9TZFyzHjeOyALy5v2BJFzQ4VZy48c5snZzQGqTng/Q
rtVPvYdHL9u8hOlAbVzA0+3Abd4clZnZnkIaGV+DVaKr3ew3+B+rTdeAqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJt+mjYNu24VXz2+ey+Df67abJrpMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvbTM2YU5nMjdiaFZmUGI1N0w0Tl9ydHBzbXVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1IaoMA0G
CSqGSIb3DQEBCwUAA4IBAQBGitGsQ3zo7RcHSx+QN8XOEYLkn9/ui8V1avdw4+yj
g6yO39d7BskdfjsesD4YqVKWyTwMx3DV6qQlQqEdL/XXFI8stfJxaffZgcNydRTz
c9ZvRk7po+YJPSddSz11PNgEKkUwip5xMRx6zXRe76P3+f6N8/tLT43CvSjin8w7
bc/btkZq3y78YwVwAQD00hfEdwEwcas0J7TMpDwlbkeKStanm9YFY9Yc2ah2CG1R
akIaJee+CHo7McqukH+qoqKWcBq0ZE8glZ62HQsrfuSNUER37AJPFsTAYAkgGTIk
SU+dPW58mSotTrzV6eHktqUYG82w0xymGINApDeFzJMd
-----END CERTIFICATE-----