Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/wXnn_-JOvF64IlJuSPrXzphKWxw.roa
File:                     wXnn_-JOvF64IlJuSPrXzphKWxw.roa (raw, json)
Hash identifier:          Mxnr3ldLgjplb4XNY8QRIW9ZoZGT+YWB8jXMwjbWM0M=
Subject key identifier:   C1:79:E7:FF:E2:4E:BC:5E:B8:22:52:6E:48:FA:D7:CE:98:4A:5B:1C
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E9BB237DC5CC19117537F171DD5B3B8E2
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/wXnn_-JOvF64IlJuSPrXzphKWxw.roa
Signing time:             Sat 06 Jun 2026 06:50:08 +0000
ROA not before:           Sat 06 Jun 2026 06:50:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     132479
IP address blocks:        212.134.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9b:b2:37:dc:5c:c1:91:17:53:7f:17:1d:d5:b3:b8:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun  6 06:50:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c179e7ffe24ebc5eb822526e48fad7ce984a5b1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c3:19:f8:b2:af:45:7c:82:d2:a3:7a:9e:43:
                    74:04:ea:4b:b7:01:7f:e0:26:c8:0f:3e:d1:48:46:
                    ad:fc:96:8c:36:47:ca:f0:e1:51:bd:96:58:78:81:
                    94:f1:7e:54:6d:1d:68:bd:f0:40:1a:eb:2d:b1:1a:
                    c7:25:f2:ed:4f:91:3a:c2:6f:a3:84:75:c3:47:2b:
                    2b:5c:4b:ef:8e:93:bc:d3:3e:d8:7c:18:c7:d6:2b:
                    df:5a:e8:66:b9:6b:da:d2:75:4e:cc:b2:22:d0:92:
                    b1:b1:c7:c2:87:21:f4:5e:74:1e:d8:38:1a:b9:d9:
                    a7:17:73:bb:0e:42:d7:58:15:2c:e6:6f:4e:82:86:
                    1c:ba:3c:5b:41:6e:43:26:8b:07:a1:0a:31:00:f9:
                    96:0f:8c:a0:4c:c7:28:db:c2:6b:b1:c5:43:32:3f:
                    ba:49:0b:0b:8a:f1:d5:53:9b:84:39:a1:3b:dc:e2:
                    07:81:c2:6b:14:fc:c4:dd:36:1a:e3:b6:c8:dc:88:
                    59:ef:e0:13:5f:fa:bb:b7:ee:89:86:50:44:84:68:
                    87:42:b7:ed:47:93:40:da:a0:f3:a2:c9:3a:29:56:
                    ca:9e:f6:24:59:21:23:0e:af:4b:96:c1:d8:e1:83:
                    5d:1b:7d:0d:2d:a8:40:13:b4:05:19:05:a4:fb:c3:
                    24:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:79:E7:FF:E2:4E:BC:5E:B8:22:52:6E:48:FA:D7:CE:98:4A:5B:1C
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/wXnn_-JOvF64IlJuSPrXzphKWxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:0f:3e:83:85:c7:11:5e:2b:89:54:f1:42:f0:12:84:a2:23:
         e3:1c:02:9d:0a:fe:3a:73:4f:e4:80:58:e8:34:d1:5e:1b:4c:
         69:b9:fd:69:f5:76:b4:4e:3f:08:21:9a:3c:50:c2:2f:cd:4b:
         5d:96:42:f3:e4:0f:19:f6:2b:27:7b:1d:54:52:ac:7b:1a:7d:
         aa:c6:0d:5a:16:09:de:19:9b:28:bc:20:2f:f9:11:ea:af:74:
         4b:02:fd:97:88:c2:b5:53:49:9f:b0:80:43:6f:e4:00:f1:30:
         3d:6f:1f:64:59:65:1e:76:9d:fe:02:52:72:21:84:45:a5:8d:
         82:ec:fd:af:92:94:71:ce:4e:bc:7c:19:a4:ae:bd:e8:2e:2c:
         0d:0c:c0:db:ec:59:00:0e:c5:33:70:b9:8f:88:79:82:e4:73:
         53:17:ed:2d:27:5b:60:a1:9d:1e:e6:4a:dc:e1:9b:2a:f0:05:
         dd:e6:70:69:a0:8d:7b:08:05:a3:b6:8a:23:cf:54:f1:17:fc:
         db:ac:9e:df:fd:b0:d6:31:7d:b1:b5:66:66:a4:d9:17:38:6d:
         eb:d3:4d:c3:18:68:47:77:17:32:99:c1:57:ab:a8:98:67:66:
         ab:12:41:46:f8:dd:2a:2f:6f:54:3b:bd:94:c8:eb:df:89:4b:
         17:f5:20:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6bsjfcXMGRF1N/Fx3Vs7jiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjA2MDY1MDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTc5ZTdmZmUyNGViYzVlYjgyMjUyNmU0OGZhZDdjZTk4NGE1YjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0sMZ+LKvRXyC0qN6nkN0BOpLtwF/
4CbIDz7RSEat/JaMNkfK8OFRvZZYeIGU8X5UbR1ovfBAGustsRrHJfLtT5E6wm+j
hHXDRysrXEvvjpO80z7YfBjH1ivfWuhmuWva0nVOzLIi0JKxscfChyH0XnQe2Dga
udmnF3O7DkLXWBUs5m9OgoYcujxbQW5DJosHoQoxAPmWD4ygTMco28JrscVDMj+6
SQsLivHVU5uEOaE73OIHgcJrFPzE3TYa47bI3IhZ7+ATX/q7t+6JhlBEhGiHQrft
R5NA2qDzosk6KVbKnvYkWSEjDq9LlsHY4YNdG30NLahAE7QFGQWk+8MkEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMF55//iTrxeuCJSbkj6186YSlscMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvd1hubl8tSk92RjY0SWxKdVNQclh6cGhLV3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IaIMA0G
CSqGSIb3DQEBCwUAA4IBAQCKDz6DhccRXiuJVPFC8BKEoiPjHAKdCv46c0/kgFjo
NNFeG0xpuf1p9Xa0Tj8IIZo8UMIvzUtdlkLz5A8Z9isnex1UUqx7Gn2qxg1aFgne
GZsovCAv+RHqr3RLAv2XiMK1U0mfsIBDb+QA8TA9bx9kWWUedp3+AlJyIYRFpY2C
7P2vkpRxzk68fBmkrr3oLiwNDMDb7FkADsUzcLmPiHmC5HNTF+0tJ1tgoZ0e5krc
4Zsq8AXd5nBpoI17CAWjtoojz1TxF/zbrJ7f/bDWMX2xtWZmpNkXOG3r003DGGhH
dxcymcFXq6iYZ2arEkFG+N0qL29UO72UyOvfiUsX9SCE
-----END CERTIFICATE-----