Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/uIJ06GoCcKIfwOwF-xnDv68Hv_I.roa
File:                     uIJ06GoCcKIfwOwF-xnDv68Hv_I.roa (raw, json)
Hash identifier:          MuOQAWAaa5mwCevCSv7HwbHtd2lF559NuBgC/0vifYc=
Subject key identifier:   B8:82:74:E8:6A:02:70:A2:1F:C0:EC:05:FB:19:C3:BF:AF:07:BF:F2
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D633BF1C497770E2090A76087122701D4
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/uIJ06GoCcKIfwOwF-xnDv68Hv_I.roa
Signing time:             Mon 06 Apr 2026 14:39:26 +0000
ROA not before:           Mon 06 Apr 2026 14:39:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402276
IP address blocks:        212.134.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:3b:f1:c4:97:77:0e:20:90:a7:60:87:12:27:01:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr  6 14:39:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b88274e86a0270a21fc0ec05fb19c3bfaf07bff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:54:52:6d:d0:b0:44:dc:78:a1:6e:aa:f2:d8:
                    9f:32:82:90:43:e0:eb:50:05:65:7a:72:07:a7:71:
                    53:1d:78:22:9c:f1:ef:7c:2a:9c:67:90:e0:7d:c5:
                    35:03:59:70:d5:39:5b:e4:bc:45:c3:42:fc:b6:66:
                    6e:16:a3:a0:e9:06:46:a8:42:19:18:60:8b:35:32:
                    46:b4:e2:11:6f:71:2b:3e:bd:61:31:40:34:fb:bb:
                    9c:e3:6a:64:2a:a9:50:c6:c6:6e:e0:65:ee:bd:93:
                    25:15:9b:87:71:6b:0b:54:30:92:8d:78:a7:aa:52:
                    c0:0d:e1:86:c7:d3:e5:3f:18:54:58:98:84:3c:3a:
                    b8:44:c3:2e:98:b8:05:3e:24:aa:01:45:4f:56:dc:
                    96:e9:5c:c0:e9:c5:88:c8:21:b7:c6:5a:30:2c:b5:
                    cc:6e:13:52:bd:01:34:d6:10:5b:05:0f:02:15:98:
                    fe:0c:a1:b4:d7:19:d5:fc:d7:dd:a2:ae:93:e4:b7:
                    85:5c:ee:39:5b:5d:c7:a2:8d:58:49:8e:b4:8e:a5:
                    82:ff:1d:33:4b:23:7f:83:c3:e9:96:1d:7f:0f:32:
                    fe:7d:8d:5a:e0:d6:63:ac:32:bb:26:6a:2f:1e:43:
                    9d:3a:2e:99:62:ca:b8:89:eb:5e:e2:08:41:ed:9d:
                    02:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:82:74:E8:6A:02:70:A2:1F:C0:EC:05:FB:19:C3:BF:AF:07:BF:F2
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/uIJ06GoCcKIfwOwF-xnDv68Hv_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:af:2f:c9:5e:35:4a:54:5a:a4:3a:8b:69:a5:2d:e9:2e:b6:
         55:9e:3e:86:0f:53:2b:b2:b0:f8:12:c6:e4:62:7e:cf:37:51:
         8e:dd:b0:1e:7f:68:2f:4c:26:f1:8a:0b:82:79:f4:45:79:d5:
         0f:ae:d9:ee:49:17:aa:6f:dd:10:82:45:6d:33:3d:ee:4c:db:
         73:b7:7f:73:3f:3d:06:99:07:09:e8:17:19:eb:11:bf:d1:1a:
         97:53:d8:ba:ee:21:39:43:12:3c:cf:14:03:c7:19:ea:95:c3:
         7d:b6:80:17:1e:71:8f:2b:52:0f:f9:fe:05:34:39:ef:f5:21:
         bc:01:92:82:46:4f:d5:0c:55:43:08:f5:3d:27:ee:d2:27:10:
         58:44:c6:89:76:f5:cc:e8:31:9c:e0:23:67:9e:0f:e9:97:ac:
         c0:5a:6c:4a:88:62:c8:3d:df:6e:28:94:79:ab:e4:e3:c3:86:
         bc:01:42:6d:14:31:0e:8e:a8:2e:97:37:f3:64:d3:7d:0e:cb:
         5e:02:ac:fe:20:17:9a:5f:b4:42:9c:23:4f:5d:3e:96:f0:9c:
         a9:26:2d:98:bb:cf:61:86:01:42:b8:86:e4:ed:f8:c6:74:a4:
         97:42:e7:4a:59:24:54:66:7e:09:6b:b3:46:2e:0f:95:c9:a6:
         df:c4:86:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1jO/HEl3cOIJCnYIcSJwHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDA2MTQzOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODgyNzRlODZhMDI3MGEyMWZjMGVjMDVmYjE5YzNiZmFmMDdiZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslRSbdCwRNx4oW6q8tifMoKQQ+Dr
UAVlenIHp3FTHXginPHvfCqcZ5DgfcU1A1lw1Tlb5LxFw0L8tmZuFqOg6QZGqEIZ
GGCLNTJGtOIRb3ErPr1hMUA0+7uc42pkKqlQxsZu4GXuvZMlFZuHcWsLVDCSjXin
qlLADeGGx9PlPxhUWJiEPDq4RMMumLgFPiSqAUVPVtyW6VzA6cWIyCG3xlowLLXM
bhNSvQE01hBbBQ8CFZj+DKG01xnV/Nfdoq6T5LeFXO45W13Hoo1YSY60jqWC/x0z
SyN/g8Pplh1/DzL+fY1a4NZjrDK7JmovHkOdOi6ZYsq4iete4ghB7Z0CEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiCdOhqAnCiH8DsBfsZw7+vB7/yMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvdUlKMDZHb0NjS0lmd093Ri14bkR2NjhIdl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Ib3MA0G
CSqGSIb3DQEBCwUAA4IBAQBqry/JXjVKVFqkOotppS3pLrZVnj6GD1MrsrD4Esbk
Yn7PN1GO3bAef2gvTCbxiguCefRFedUPrtnuSReqb90QgkVtMz3uTNtzt39zPz0G
mQcJ6BcZ6xG/0RqXU9i67iE5QxI8zxQDxxnqlcN9toAXHnGPK1IP+f4FNDnv9SG8
AZKCRk/VDFVDCPU9J+7SJxBYRMaJdvXM6DGc4CNnng/pl6zAWmxKiGLIPd9uKJR5
q+Tjw4a8AUJtFDEOjqgulzfzZNN9DsteAqz+IBeaX7RCnCNPXT6W8JypJi2Yu89h
hgFCuIbk7fjGdKSXQudKWSRUZn4Ja7NGLg+VyabfxIZi
-----END CERTIFICATE-----