Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/D_iEG8PmSOY9Wf8Gcg7QColbCwY.roa
File:                     D_iEG8PmSOY9Wf8Gcg7QColbCwY.roa (raw, json)
Hash identifier:          DJa1ZIMTqoAkL+tgWp47SOwFKbqsb+SY7B6EO2uwvbE=
Subject key identifier:   0F:F8:84:1B:C3:E6:48:E6:3D:59:FF:06:72:0E:D0:0A:89:5B:0B:06
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019A15072DF456645D555C003ADA88D45076
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/D_iEG8PmSOY9Wf8Gcg7QColbCwY.roa
Signing time:             Fri 24 Oct 2025 07:03:03 +0000
ROA not before:           Fri 24 Oct 2025 07:03:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        212.134.19.0/24 maxlen: 24
                          212.134.171.0/24 maxlen: 24
                          212.135.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:28:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:15:07:2d:f4:56:64:5d:55:5c:00:3a:da:88:d4:50:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Oct 24 07:03:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ff8841bc3e648e63d59ff06720ed00a895b0b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:45:38:5e:55:a6:4c:ac:cb:97:28:77:b7:d1:
                    8b:d2:7f:08:08:bb:eb:b5:8a:32:06:0c:92:25:c8:
                    38:9f:69:20:64:e1:ef:e5:00:e6:a5:ff:b9:30:f5:
                    c8:ea:29:de:7f:8d:07:55:d3:41:46:6b:92:fe:dd:
                    2b:3e:21:c2:cb:43:8b:e0:55:c4:af:9b:9a:eb:2b:
                    3e:fc:6f:4d:4c:7f:61:7c:d4:62:e9:70:b7:9d:42:
                    7e:50:2e:6a:e4:42:0a:e8:9e:ff:45:11:b2:06:32:
                    62:84:31:c4:bb:a9:32:18:7a:77:b2:4f:c8:63:1f:
                    db:bc:43:e5:1e:c7:da:41:87:30:29:94:83:57:8a:
                    10:d3:ed:29:6f:89:ed:39:6a:03:a1:bf:01:cc:f0:
                    a1:a9:64:0c:0f:8b:4f:24:fb:3f:98:74:da:3e:4c:
                    41:a9:08:2e:89:f8:c3:80:84:7e:7c:9e:0f:b5:42:
                    50:f1:21:8b:e1:b5:3f:ab:10:07:58:aa:75:09:5c:
                    a4:bc:e6:09:65:07:1a:77:af:cd:d2:01:e1:38:db:
                    42:27:5b:18:f3:f3:a4:6a:4e:88:29:92:65:c8:fb:
                    5b:89:93:8f:ec:db:a2:a6:47:96:3f:94:f6:65:d4:
                    2d:d0:f8:d1:4b:c2:80:3e:47:62:7a:c5:4f:00:e0:
                    d9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F8:84:1B:C3:E6:48:E6:3D:59:FF:06:72:0E:D0:0A:89:5B:0B:06
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/D_iEG8PmSOY9Wf8Gcg7QColbCwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.19.0/24
                  212.134.171.0/24
                  212.135.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:1b:67:ac:7d:5a:4a:42:a7:93:85:1f:e0:11:19:c8:46:27:
         0a:f6:3a:37:b9:6d:6e:e8:34:79:51:fa:d0:1f:76:13:40:66:
         3a:e2:62:86:13:7a:52:dd:af:bf:c7:7d:9a:a3:5d:01:16:52:
         f8:b5:c4:be:fc:80:f4:36:3c:2a:8e:79:ac:f8:9f:8e:dd:90:
         ac:d2:03:89:86:b1:41:e7:95:a7:4c:e3:a4:16:a9:e6:16:36:
         28:4e:fd:63:96:8b:4c:bb:e7:d4:5e:72:5e:c2:8b:aa:98:bf:
         82:9d:f9:16:7c:e1:5e:e3:ed:69:2f:3f:58:ce:72:a9:14:8c:
         36:12:8b:49:c0:1a:07:cb:62:f0:45:f8:98:7c:40:e5:c4:61:
         fd:06:4b:3c:45:e1:36:c1:14:3f:d3:83:d5:6c:44:f5:3d:c3:
         14:a0:8e:42:34:06:1b:75:bd:d7:1a:65:43:ae:0f:c8:11:98:
         5f:67:d4:15:9c:d6:1f:5c:86:6f:31:2e:05:69:58:c6:ed:58:
         b7:01:fa:05:99:fc:d6:fe:c5:0b:64:2b:bd:07:c9:ec:4b:19:
         06:ad:0d:c0:a2:23:09:dc:10:76:00:8d:50:fd:58:fc:2d:8e:
         9e:f2:fe:6e:10:d1:95:f3:aa:1a:d4:2f:2a:c6:10:33:62:b1:
         31:d8:b1:e1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoVBy30VmRdVVwAOtqI1FB2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDI0MDcwMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmY4ODQxYmMzZTY0OGU2M2Q1OWZmMDY3MjBlZDAwYTg5NWIwYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5EU4XlWmTKzLlyh3t9GL0n8ICLvr
tYoyBgySJcg4n2kgZOHv5QDmpf+5MPXI6inef40HVdNBRmuS/t0rPiHCy0OL4FXE
r5ua6ys+/G9NTH9hfNRi6XC3nUJ+UC5q5EIK6J7/RRGyBjJihDHEu6kyGHp3sk/I
Yx/bvEPlHsfaQYcwKZSDV4oQ0+0pb4ntOWoDob8BzPChqWQMD4tPJPs/mHTaPkxB
qQguifjDgIR+fJ4PtUJQ8SGL4bU/qxAHWKp1CVykvOYJZQcad6/N0gHhONtCJ1sY
8/Okak6IKZJlyPtbiZOP7NuipkeWP5T2ZdQt0PjRS8KAPkdiesVPAODZYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA/4hBvD5kjmPVn/BnIO0AqJWwsGMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvRF9pRUc4UG1TT1k5V2Y4R2NnN1FDb2xiQ3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1IYTAwQA
1IarAwQA1IekMA0GCSqGSIb3DQEBCwUAA4IBAQC5G2esfVpKQqeThR/gERnIRicK
9jo3uW1u6DR5UfrQH3YTQGY64mKGE3pS3a+/x32ao10BFlL4tcS+/ID0Njwqjnms
+J+O3ZCs0gOJhrFB55WnTOOkFqnmFjYoTv1jlotMu+fUXnJewouqmL+CnfkWfOFe
4+1pLz9YznKpFIw2EotJwBoHy2LwRfiYfEDlxGH9Bks8ReE2wRQ/04PVbET1PcMU
oI5CNAYbdb3XGmVDrg/IEZhfZ9QVnNYfXIZvMS4FaVjG7Vi3AfoFmfzW/sULZCu9
B8nsSxkGrQ3AoiMJ3BB2AI1Q/Vj8LY6e8v5uENGV86oa1C8qxhAzYrEx2LHh
-----END CERTIFICATE-----