Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/oatjWiBZ_Nm3X8mb2z99BZsRbV4.roa
File:                     oatjWiBZ_Nm3X8mb2z99BZsRbV4.roa (raw, json)
Hash identifier:          iqC4/e6C+rR+kH4UKSUWQOnAgXO6AIOLX10/LI0fItw=
Subject key identifier:   A1:AB:63:5A:20:59:FC:D9:B7:5F:C9:9B:DB:3F:7D:05:9B:11:6D:5E
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EF95FF38D1AFF67B01827180E92027C47
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/oatjWiBZ_Nm3X8mb2z99BZsRbV4.roa
Signing time:             Wed 24 Jun 2026 11:24:35 +0000
ROA not before:           Wed 24 Jun 2026 11:24:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138789
IP address blocks:        87.85.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f9:5f:f3:8d:1a:ff:67:b0:18:27:18:0e:92:02:7c:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 24 11:24:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1ab635a2059fcd9b75fc99bdb3f7d059b116d5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:35:ad:22:d8:85:2a:ee:e5:ad:73:81:3d:9a:
                    d3:65:77:c4:14:9e:d6:8f:7c:14:86:63:a2:cf:c6:
                    0b:0f:bf:9c:f3:02:7d:c3:13:46:02:fd:4d:92:49:
                    bb:72:28:2d:42:19:ac:7a:97:5e:d9:3d:06:61:4f:
                    2a:30:b6:f8:fe:51:18:16:c0:fc:82:da:ce:2c:f0:
                    54:ee:d9:8f:cb:e9:df:4d:72:22:dd:21:57:38:46:
                    d9:21:92:79:73:12:78:c9:5f:88:9c:b9:81:b9:d0:
                    4d:41:45:e1:6d:fb:d0:c5:59:0b:b4:3d:0a:02:a9:
                    22:bc:80:a0:70:0f:b6:f6:47:54:77:25:93:27:d6:
                    ca:af:95:79:4a:ce:8f:c5:8a:cd:d7:9a:82:7a:15:
                    fc:bd:52:de:50:b6:a2:fb:b8:56:eb:e2:08:88:d8:
                    14:5a:a3:81:8b:6d:af:4f:8c:a5:73:95:65:4d:43:
                    3b:0b:6c:5f:32:94:9b:85:34:16:97:31:3c:af:83:
                    d5:20:d0:a0:59:5b:34:87:ae:27:97:94:93:3d:f1:
                    ff:07:4e:6e:ec:68:31:66:c2:98:67:f2:25:8e:6f:
                    5e:3b:f7:fc:19:72:91:0f:22:06:24:8f:61:f6:e5:
                    09:a7:ea:06:30:0e:e3:01:15:34:5c:91:bc:71:61:
                    0d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:AB:63:5A:20:59:FC:D9:B7:5F:C9:9B:DB:3F:7D:05:9B:11:6D:5E
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/oatjWiBZ_Nm3X8mb2z99BZsRbV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.85.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:6d:9e:67:5b:56:64:f9:cf:db:9f:25:b8:36:8f:99:be:ea:
         80:b5:15:0c:22:a4:0e:28:33:a7:8f:bb:79:e1:1a:26:2f:64:
         5a:2e:57:ad:ba:eb:45:b0:33:09:26:55:08:fc:fe:ca:12:8a:
         83:41:0d:ae:b6:a1:36:f3:aa:1f:18:cf:ee:e4:6b:14:47:d6:
         36:f8:3c:65:a9:dd:ea:67:56:1e:93:b0:bc:b3:45:5e:76:97:
         06:ad:a4:6a:fa:e0:5c:82:4f:e7:76:e5:7a:f9:08:53:f0:a2:
         9a:8f:7f:be:8c:f9:f9:e5:41:2e:65:88:ef:49:0a:e1:30:0b:
         a8:65:60:1e:b6:f6:83:e5:18:6c:ff:c6:9b:62:c8:7b:0f:e9:
         52:d2:96:92:ed:9e:ce:97:de:ad:58:a7:3d:60:39:45:3d:fa:
         ad:99:0a:0d:04:27:70:6d:c3:a2:44:98:bf:d7:6b:e8:09:9f:
         a3:60:85:96:ef:1d:a3:78:98:2a:94:e3:9b:ab:d5:09:65:0a:
         1e:34:8f:da:7f:b0:81:f7:4a:6e:ee:d4:36:38:ed:5e:c3:64:
         07:66:2d:3d:43:34:a7:b6:a6:d4:52:b7:29:f3:b0:ef:5d:13:
         13:5e:82:69:f3:7f:41:03:c6:f2:c9:db:10:a2:73:da:e3:9c:
         a6:4f:c9:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ75X/ONGv9nsBgnGA6SAnxHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjI0MTEyNDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWFiNjM1YTIwNTlmY2Q5Yjc1ZmM5OWJkYjNmN2QwNTliMTE2ZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTWtItiFKu7lrXOBPZrTZXfEFJ7W
j3wUhmOiz8YLD7+c8wJ9wxNGAv1Nkkm7cigtQhmsepde2T0GYU8qMLb4/lEYFsD8
gtrOLPBU7tmPy+nfTXIi3SFXOEbZIZJ5cxJ4yV+InLmBudBNQUXhbfvQxVkLtD0K
AqkivICgcA+29kdUdyWTJ9bKr5V5Ss6PxYrN15qCehX8vVLeULai+7hW6+IIiNgU
WqOBi22vT4ylc5VlTUM7C2xfMpSbhTQWlzE8r4PVINCgWVs0h64nl5STPfH/B05u
7GgxZsKYZ/Iljm9eO/f8GXKRDyIGJI9h9uUJp+oGMA7jARU0XJG8cWEN4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGrY1ogWfzZt1/Jm9s/fQWbEW1eMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvb2F0aldpQlpfTm0zWDhtYjJ6OTlCWnNSYlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV1WFMA0G
CSqGSIb3DQEBCwUAA4IBAQCAbZ5nW1Zk+c/bnyW4No+ZvuqAtRUMIqQOKDOnj7t5
4RomL2RaLletuutFsDMJJlUI/P7KEoqDQQ2utqE286ofGM/u5GsUR9Y2+Dxlqd3q
Z1Yek7C8s0VedpcGraRq+uBcgk/nduV6+QhT8KKaj3++jPn55UEuZYjvSQrhMAuo
ZWAetvaD5Rhs/8abYsh7D+lS0paS7Z7Ol96tWKc9YDlFPfqtmQoNBCdwbcOiRJi/
12voCZ+jYIWW7x2jeJgqlOObq9UJZQoeNI/af7CB90pu7tQ2OO1ew2QHZi09QzSn
tqbUUrcp87DvXRMTXoJp839BA8byydsQonPa45ymT8kA
-----END CERTIFICATE-----