Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/sePAmYQQHw2y0O6dBMo8ZnDT3_c.roa
File:                     sePAmYQQHw2y0O6dBMo8ZnDT3_c.roa (raw, json)
Hash identifier:          z72MZIBoWobxUCSfbgYHHqB6Lfeyzfsu/XmTc9T6tNg=
Subject key identifier:   B1:E3:C0:99:84:10:1F:0D:B2:D0:EE:9D:04:CA:3C:66:70:D3:DF:F7
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DDA38D0240282F9693B19DE99547B088B
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/sePAmYQQHw2y0O6dBMo8ZnDT3_c.roa
Signing time:             Wed 29 Apr 2026 17:10:49 +0000
ROA not before:           Wed 29 Apr 2026 17:10:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402298
IP address blocks:        212.135.29.0/24 maxlen: 24
                          212.135.129.0/24 maxlen: 24
                          212.135.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 12:23:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:38:d0:24:02:82:f9:69:3b:19:de:99:54:7b:08:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 29 17:10:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1e3c09984101f0db2d0ee9d04ca3c6670d3dff7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0c:71:84:3a:aa:b8:cb:77:aa:b0:27:f6:8b:
                    d6:2b:4a:64:83:85:e0:ee:b0:b8:56:0f:5e:e8:60:
                    45:21:2a:54:4b:1f:6d:05:6c:c7:63:38:0f:36:51:
                    37:10:ee:a7:e5:dc:7c:a8:21:ea:cb:7e:e6:de:e7:
                    01:be:97:21:b0:b1:fb:e9:94:b3:31:07:77:e8:3f:
                    95:66:55:cf:58:d0:6e:f9:4d:03:0b:fd:d6:3c:64:
                    aa:0a:0d:92:f1:de:c2:82:8f:b5:93:ee:31:38:8c:
                    e1:fb:a0:1e:dd:3d:5a:8f:56:b4:1d:fc:d7:0f:76:
                    27:63:d0:97:39:88:4e:f2:07:93:20:12:b8:8e:53:
                    77:27:f0:f0:90:0f:73:a0:ff:6a:4b:ee:85:1c:55:
                    8b:76:56:4b:bf:5b:f5:4a:8b:d9:51:5a:33:85:ce:
                    65:70:f1:f8:c1:94:b6:7e:dd:f5:b8:05:3f:ec:26:
                    41:53:11:6b:44:84:0a:d5:ff:09:9a:62:ff:69:09:
                    54:77:0c:ec:d0:86:e9:e2:7b:3a:ad:3f:23:78:57:
                    9d:2e:64:b4:5e:cd:8e:e9:ef:c9:dc:7f:33:0f:40:
                    2e:2b:ca:cb:30:3c:1c:16:ee:44:5d:33:f9:85:7a:
                    75:e0:13:8a:f5:7d:34:cb:40:60:22:26:9f:3f:41:
                    1b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E3:C0:99:84:10:1F:0D:B2:D0:EE:9D:04:CA:3C:66:70:D3:DF:F7
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/sePAmYQQHw2y0O6dBMo8ZnDT3_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.29.0/24
                  212.135.129.0/24
                  212.135.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:cd:e3:c6:03:86:e6:ec:1d:c3:5b:a5:d4:70:25:73:42:11:
         0a:97:aa:5c:f2:00:b0:70:cd:3c:d5:3b:8b:56:62:68:42:af:
         e9:53:ff:88:8b:53:c9:a2:28:a5:f3:94:ee:ac:99:52:3e:00:
         f4:ab:46:8a:8b:d2:46:be:aa:5d:88:2e:e6:31:37:0a:a1:b5:
         92:2a:a9:ff:67:c0:a3:58:8f:9f:c0:fd:1d:e7:64:56:75:1c:
         4f:f2:f9:69:3f:30:47:e9:7f:20:c1:f6:44:cd:05:74:c6:d4:
         23:f3:a3:8e:7b:08:05:bf:b9:db:e7:0f:77:1d:49:f4:52:ce:
         b5:6e:9a:4e:ea:da:6c:bd:21:58:25:a7:3a:54:e3:94:dd:88:
         e6:fb:41:52:54:c3:03:47:04:76:f2:d3:28:67:77:45:e7:0e:
         c4:dc:1b:26:73:44:05:41:fe:35:25:dc:b3:69:f5:81:d8:90:
         5d:d5:cd:f8:ff:df:fd:77:04:6a:c9:10:1c:8f:56:13:6e:4a:
         1e:f3:9c:a6:b1:c2:36:ac:de:8d:a4:6d:c1:73:6a:a9:0d:fd:
         b9:19:af:6c:ec:a5:3a:10:5c:e5:74:39:36:76:26:a7:f2:0e:
         f9:95:56:e8:42:2f:a8:a2:69:5c:ad:f9:61:9a:52:32:84:71:
         59:aa:41:a3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3aONAkAoL5aTsZ3plUewiLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDI5MTcxMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWUzYzA5OTg0MTAxZjBkYjJkMGVlOWQwNGNhM2M2NjcwZDNkZmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAxxhDqquMt3qrAn9ovWK0pkg4Xg
7rC4Vg9e6GBFISpUSx9tBWzHYzgPNlE3EO6n5dx8qCHqy37m3ucBvpchsLH76ZSz
MQd36D+VZlXPWNBu+U0DC/3WPGSqCg2S8d7Cgo+1k+4xOIzh+6Ae3T1aj1a0HfzX
D3YnY9CXOYhO8geTIBK4jlN3J/DwkA9zoP9qS+6FHFWLdlZLv1v1SovZUVozhc5l
cPH4wZS2ft31uAU/7CZBUxFrRIQK1f8JmmL/aQlUdwzs0Ibp4ns6rT8jeFedLmS0
Xs2O6e/J3H8zD0AuK8rLMDwcFu5EXTP5hXp14BOK9X00y0BgIiafP0EbNwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLHjwJmEEB8NstDunQTKPGZw09/3MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvc2VQQW1ZUVFIdzJ5ME82ZEJNbzhabkRUM19jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1IcdAwQA
1IeBAwQA1IeOMA0GCSqGSIb3DQEBCwUAA4IBAQDazePGA4bm7B3DW6XUcCVzQhEK
l6pc8gCwcM081TuLVmJoQq/pU/+Ii1PJoiil85TurJlSPgD0q0aKi9JGvqpdiC7m
MTcKobWSKqn/Z8CjWI+fwP0d52RWdRxP8vlpPzBH6X8gwfZEzQV0xtQj86OOewgF
v7nb5w93HUn0Us61bppO6tpsvSFYJac6VOOU3Yjm+0FSVMMDRwR28tMoZ3dF5w7E
3Bsmc0QFQf41JdyzafWB2JBd1c34/9/9dwRqyRAcj1YTbkoe85ymscI2rN6NpG3B
c2qpDf25Ga9s7KU6EFzldDk2dian8g75lVboQi+oomlcrflhmlIyhHFZqkGj
-----END CERTIFICATE-----