Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mUylKn1JiKCImDmcQTMBlWMDtM4.roa
File:                     mUylKn1JiKCImDmcQTMBlWMDtM4.roa (raw, json)
Hash identifier:          TBJ/mklQBn+xFmgATSzETYIeKePtvqWuk1/ZReSDGDI=
Subject key identifier:   99:4C:A5:2A:7D:49:88:A0:88:98:39:9C:41:33:01:95:63:03:B4:CE
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019CCDE38AF78BB253D172883AA794F9D2AF
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mUylKn1JiKCImDmcQTMBlWMDtM4.roa
Signing time:             Sun 08 Mar 2026 14:39:27 +0000
ROA not before:           Sun 08 Mar 2026 14:39:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213734
IP address blocks:        212.134.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Mar 2026 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:cd:e3:8a:f7:8b:b2:53:d1:72:88:3a:a7:94:f9:d2:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar  8 14:39:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=994ca52a7d4988a08898399c413301956303b4ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7e:ff:7f:8b:d4:4c:0a:cc:61:d6:48:3c:46:
                    f4:8c:9f:57:de:0f:b7:03:0d:ff:7d:c4:8d:0a:a1:
                    77:a6:50:49:13:b9:40:87:24:e0:60:96:95:c3:9b:
                    62:07:30:9b:af:28:89:e8:9a:25:99:17:22:36:17:
                    07:5e:c2:0b:1d:b3:93:11:98:3b:53:4a:60:d5:f2:
                    03:1f:21:99:b9:9a:cc:6a:93:dd:09:19:a4:50:51:
                    5b:7b:3f:c1:51:86:8a:9c:3b:a3:74:6f:cc:e3:39:
                    56:8e:e8:4f:03:c9:25:07:a5:c1:c2:cc:5e:b5:a7:
                    d6:70:d4:ce:0c:91:af:10:ad:5c:7f:10:a6:14:23:
                    b7:56:d1:7d:03:e5:f4:31:12:2a:c0:be:0f:e9:28:
                    87:07:2b:65:3c:dd:6c:07:94:69:df:cd:5e:17:2c:
                    65:ae:38:25:3a:95:ea:92:1d:bc:9d:b0:54:0f:1f:
                    fb:24:0b:fe:79:21:ef:b2:b2:c2:3f:0f:77:7b:f2:
                    5e:6e:de:1f:ea:77:c3:7b:b1:fc:a8:43:d2:cc:4b:
                    0e:e2:36:b8:b7:fd:b7:ef:ad:83:79:26:80:b9:af:
                    6b:39:38:d0:cf:d5:5e:d7:ef:ec:6f:d8:43:78:d1:
                    7b:96:98:d9:e6:86:08:84:ae:9e:df:bc:b7:46:ea:
                    88:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:4C:A5:2A:7D:49:88:A0:88:98:39:9C:41:33:01:95:63:03:B4:CE
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/mUylKn1JiKCImDmcQTMBlWMDtM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:3f:3e:db:8d:c6:3c:4d:2e:64:22:52:2b:18:11:fd:c3:b7:
         51:38:a5:79:c7:d9:20:72:a7:4b:81:67:1d:f0:90:63:6d:d2:
         df:d6:74:fd:90:5c:0b:be:d3:f5:8d:56:1d:69:42:36:8e:21:
         79:1d:79:a8:39:66:34:04:74:3a:94:a3:1c:ac:cb:a3:89:1b:
         51:2e:9b:be:df:e4:1f:81:a9:1f:35:c0:62:e5:47:20:c5:22:
         a5:b1:67:aa:ef:0f:e1:6e:b0:c5:e6:0f:f8:4a:1c:65:70:5f:
         50:8f:50:b5:7e:96:09:a3:18:f7:48:c9:4b:4d:60:3d:95:9d:
         97:23:72:c4:9f:5f:05:cb:dd:21:c0:27:1d:c1:84:6b:07:d0:
         67:1d:6b:16:2b:18:80:52:42:76:b7:a0:4b:f9:aa:4d:08:b8:
         fe:18:1e:61:5a:50:7d:ac:27:98:77:47:f8:18:58:0b:ed:5d:
         6a:dc:27:07:29:e4:c5:47:4c:72:52:00:d8:9d:32:48:15:bb:
         fc:47:6a:e5:62:90:be:39:88:5b:43:9b:c3:b8:78:63:07:b8:
         d2:5e:14:72:4e:c0:ff:a0:48:ed:cf:52:ef:05:81:fa:0e:76:
         a2:d4:23:91:2d:d7:a2:be:17:66:5e:b4:11:d7:6c:32:34:53:
         81:1c:13:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzN44r3i7JT0XKIOqeU+dKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzA4MTQzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTRjYTUyYTdkNDk4OGEwODg5ODM5OWM0MTMzMDE5NTYzMDNiNGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn7/f4vUTArMYdZIPEb0jJ9X3g+3
Aw3/fcSNCqF3plBJE7lAhyTgYJaVw5tiBzCbryiJ6JolmRciNhcHXsILHbOTEZg7
U0pg1fIDHyGZuZrMapPdCRmkUFFbez/BUYaKnDujdG/M4zlWjuhPA8klB6XBwsxe
tafWcNTODJGvEK1cfxCmFCO3VtF9A+X0MRIqwL4P6SiHBytlPN1sB5Rp381eFyxl
rjglOpXqkh28nbBUDx/7JAv+eSHvsrLCPw93e/Jebt4f6nfDe7H8qEPSzEsO4ja4
t/23762DeSaAua9rOTjQz9Ve1+/sb9hDeNF7lpjZ5oYIhK6e37y3RuqIlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlMpSp9SYigiJg5nEEzAZVjA7TOMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvbVV5bEtuMUppS0NJbURtY1FUTUJsV01EdE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IZgMA0G
CSqGSIb3DQEBCwUAA4IBAQAWPz7bjcY8TS5kIlIrGBH9w7dROKV5x9kgcqdLgWcd
8JBjbdLf1nT9kFwLvtP1jVYdaUI2jiF5HXmoOWY0BHQ6lKMcrMujiRtRLpu+3+Qf
gakfNcBi5UcgxSKlsWeq7w/hbrDF5g/4ShxlcF9Qj1C1fpYJoxj3SMlLTWA9lZ2X
I3LEn18Fy90hwCcdwYRrB9BnHWsWKxiAUkJ2t6BL+apNCLj+GB5hWlB9rCeYd0f4
GFgL7V1q3CcHKeTFR0xyUgDYnTJIFbv8R2rlYpC+OYhbQ5vDuHhjB7jSXhRyTsD/
oEjtz1LvBYH6Dnai1CORLdeivhdmXrQR12wyNFOBHBOG
-----END CERTIFICATE-----