Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mFo8YXRdHMo28SFq4VR7pv43I5k.roa
File:                     mFo8YXRdHMo28SFq4VR7pv43I5k.roa (raw, json)
Hash identifier:          IJRHoYYesAcmpoeMtY55EzFFFRphtnQI1JX9hxP/AjY=
Subject key identifier:   98:5A:3C:61:74:5D:1C:CA:36:F1:21:6A:E1:54:7B:A6:FE:37:23:99
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D899339C1AEDC866F012ED2874B37C9B9
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mFo8YXRdHMo28SFq4VR7pv43I5k.roa
Signing time:             Tue 14 Apr 2026 01:20:20 +0000
ROA not before:           Tue 14 Apr 2026 01:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402268
IP address blocks:        212.134.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 13:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:89:93:39:c1:ae:dc:86:6f:01:2e:d2:87:4b:37:c9:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 14 01:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=985a3c61745d1cca36f1216ae1547ba6fe372399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:bd:88:1d:81:a1:03:96:52:c7:6a:ea:98:a6:
                    22:1a:1d:b9:05:c9:9c:bf:02:3c:c5:ad:4e:a7:38:
                    73:da:a3:3f:05:42:a9:3d:e0:3f:17:95:19:31:6d:
                    70:31:5c:7c:2e:81:10:82:5e:f7:aa:51:3d:f1:f1:
                    4c:fc:2b:34:04:a7:ec:c9:13:32:89:8e:df:81:e0:
                    da:d0:52:06:ad:b1:cc:30:85:4c:bf:3e:cc:98:ba:
                    c9:3d:98:0f:68:0b:0a:4c:b5:f8:7b:78:cb:2e:fe:
                    45:87:8f:41:cd:3f:d1:17:de:9c:a2:49:0b:1b:56:
                    98:0d:ab:26:d3:07:c3:8e:7c:36:c8:51:d2:52:c5:
                    b1:87:03:98:24:fa:e1:70:ce:d1:c0:22:55:d6:23:
                    b3:4d:15:ea:45:1d:27:67:0d:58:04:85:3a:1b:31:
                    30:93:29:7f:42:2f:7a:89:ea:aa:4b:39:60:30:6b:
                    6c:0f:c2:78:5d:78:25:dc:b9:c6:e3:62:e5:58:98:
                    c2:85:f7:f4:58:3a:39:3a:5f:20:ce:f0:07:6a:35:
                    79:0d:f2:82:9a:41:ee:cb:0f:d1:0d:76:3f:82:d3:
                    93:ad:3f:4c:9a:31:9d:a5:21:f3:bf:03:61:2a:98:
                    66:5a:59:3a:d4:1b:b9:21:d1:d9:81:cf:d1:22:5b:
                    ee:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5A:3C:61:74:5D:1C:CA:36:F1:21:6A:E1:54:7B:A6:FE:37:23:99
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mFo8YXRdHMo28SFq4VR7pv43I5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:ed:13:5f:f3:c8:31:ba:ba:51:1b:27:79:43:30:1b:f6:17:
         02:33:25:e8:e6:39:69:f6:e8:7e:32:08:c7:3c:be:b7:12:17:
         89:62:73:83:49:21:1a:31:53:26:21:9b:e6:b9:c8:6f:0a:24:
         3b:49:7d:5f:f3:80:fe:39:9d:b7:18:cb:9c:4d:fd:79:18:40:
         48:1a:a0:f1:2f:9d:0f:35:76:e1:0f:0b:60:26:cf:45:4e:62:
         de:fc:26:6e:f2:ca:9c:3d:77:6f:f5:e1:56:b9:1b:d7:cd:da:
         2b:01:0e:ae:f8:f4:c7:07:d9:df:55:98:10:50:a8:e3:e0:48:
         67:08:3e:e7:af:3b:54:ef:e3:1e:39:0f:a5:92:1e:f3:5c:d3:
         05:d2:09:c3:33:02:f0:64:90:42:55:af:c6:f3:ec:f3:49:6a:
         1f:14:99:92:3e:92:6a:66:36:64:72:f9:bf:ad:55:2e:2d:10:
         f2:69:7a:7d:c6:94:14:2a:15:6f:a4:86:2a:df:ed:eb:8a:06:
         21:d8:27:02:ee:51:54:6b:4b:36:01:11:c6:1f:f8:06:33:5f:
         be:f1:29:c7:c4:f7:1e:33:d4:32:71:02:06:47:ce:e1:f5:4e:
         27:6b:67:77:30:a8:03:b9:06:0b:c5:2e:ed:93:fd:ea:65:97:
         ec:f8:5c:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2JkznBrtyGbwEu0odLN8m5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDE0MDEyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODVhM2M2MTc0NWQxY2NhMzZmMTIxNmFlMTU0N2JhNmZlMzcyMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzr2IHYGhA5ZSx2rqmKYiGh25Bcmc
vwI8xa1Opzhz2qM/BUKpPeA/F5UZMW1wMVx8LoEQgl73qlE98fFM/Cs0BKfsyRMy
iY7fgeDa0FIGrbHMMIVMvz7MmLrJPZgPaAsKTLX4e3jLLv5Fh49BzT/RF96cokkL
G1aYDasm0wfDjnw2yFHSUsWxhwOYJPrhcM7RwCJV1iOzTRXqRR0nZw1YBIU6GzEw
kyl/Qi96ieqqSzlgMGtsD8J4XXgl3LnG42LlWJjChff0WDo5Ol8gzvAHajV5DfKC
mkHuyw/RDXY/gtOTrT9MmjGdpSHzvwNhKphmWlk61Bu5IdHZgc/RIlvunQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhaPGF0XRzKNvEhauFUe6b+NyOZMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvbUZvOFlYUmRITW8yOFNGcTRWUjdwdjQzSTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Ib+MA0G
CSqGSIb3DQEBCwUAA4IBAQBn7RNf88gxurpRGyd5QzAb9hcCMyXo5jlp9uh+MgjH
PL63EheJYnODSSEaMVMmIZvmuchvCiQ7SX1f84D+OZ23GMucTf15GEBIGqDxL50P
NXbhDwtgJs9FTmLe/CZu8sqcPXdv9eFWuRvXzdorAQ6u+PTHB9nfVZgQUKjj4Ehn
CD7nrztU7+MeOQ+lkh7zXNMF0gnDMwLwZJBCVa/G8+zzSWofFJmSPpJqZjZkcvm/
rVUuLRDyaXp9xpQUKhVvpIYq3+3rigYh2CcC7lFUa0s2ARHGH/gGM1++8SnHxPce
M9QycQIGR87h9U4na2d3MKgDuQYLxS7tk/3qZZfs+Fzi
-----END CERTIFICATE-----