Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/H1so49iOpvdwUQ2in6FDsAP1SXI.roa
File:                     H1so49iOpvdwUQ2in6FDsAP1SXI.roa (raw, json)
Hash identifier:          VRR8cjRzQX/g0FH55V05vcko08ONAa3UU+Qf2kyqOP0=
Subject key identifier:   1F:5B:28:E3:D8:8E:A6:F7:70:51:0D:A2:9F:A1:43:B0:03:F5:49:72
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019C8D0B327F7378D35F08607FF2D1918E7F
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/H1so49iOpvdwUQ2in6FDsAP1SXI.roa
Signing time:             Tue 24 Feb 2026 00:27:27 +0000
ROA not before:           Tue 24 Feb 2026 00:27:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        212.134.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8d:0b:32:7f:73:78:d3:5f:08:60:7f:f2:d1:91:8e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Feb 24 00:27:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f5b28e3d88ea6f770510da29fa143b003f54972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4d:55:bc:5f:9d:ae:3c:d5:4f:7b:d1:37:e5:
                    51:e8:40:41:c4:7d:30:c4:e6:ac:7b:06:b1:2e:1f:
                    70:f6:9d:08:69:f6:20:5e:7b:27:c8:41:bf:5f:58:
                    05:6e:28:08:cd:ab:f4:c8:44:90:ff:f8:1c:df:6c:
                    75:6b:d4:ce:b1:16:bf:8b:2b:95:e3:4f:f8:99:53:
                    82:66:fe:e0:16:8a:87:ae:e7:aa:d6:29:7e:09:e4:
                    92:11:7b:99:45:8b:8b:71:14:e1:ac:8a:ca:29:56:
                    09:28:99:7a:5e:da:dc:15:04:bc:cd:4f:17:e1:0e:
                    1f:66:04:3e:76:84:63:0e:29:7d:45:bc:bd:98:6f:
                    89:b1:34:b6:ac:8c:e3:46:3b:15:b3:91:56:9b:95:
                    9b:21:60:65:a6:f6:d0:0f:c7:de:8a:15:78:86:1d:
                    aa:e2:a0:93:7d:2a:25:d4:3d:61:03:5d:c1:66:22:
                    35:17:9f:1c:10:d3:d7:5c:df:0e:69:a7:8e:f6:16:
                    06:32:82:00:ca:89:fe:01:0a:0a:3f:a7:be:70:61:
                    d2:37:a8:02:5f:86:f2:b8:df:c4:b2:d1:4c:57:ad:
                    ba:3f:da:2f:60:e7:1b:90:46:25:cc:3b:09:10:44:
                    bd:13:c0:c4:e1:62:8d:c1:e9:ab:63:8a:04:62:27:
                    13:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:5B:28:E3:D8:8E:A6:F7:70:51:0D:A2:9F:A1:43:B0:03:F5:49:72
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/H1so49iOpvdwUQ2in6FDsAP1SXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:3a:8a:3a:32:50:c0:f7:d1:72:20:03:16:a8:2c:d6:5c:e4:
         f1:11:63:76:95:f7:66:71:f0:33:93:5a:18:f0:dd:e9:5c:99:
         a2:93:80:55:64:55:05:93:9a:92:43:3f:9e:db:ad:8e:f8:79:
         4c:95:ac:d8:0d:09:e2:d1:73:7b:9b:b3:f5:0a:33:fa:83:94:
         81:c7:0a:77:7c:33:5b:67:a1:59:ab:13:5c:c2:ed:d6:48:67:
         d2:93:b1:ae:17:5c:1f:fc:e9:dc:55:de:93:c5:35:30:1e:f8:
         60:fa:e2:2c:96:aa:80:0b:25:91:85:7a:39:8d:2c:1e:62:27:
         20:e8:6f:c2:67:06:3f:e7:56:2b:cc:cc:c5:f5:0d:45:62:73:
         2a:a2:95:b3:f1:ab:e2:14:39:6c:84:a7:3c:91:78:8a:c0:5f:
         2f:08:16:92:22:97:01:07:97:a7:fa:c9:61:8b:32:f8:60:38:
         8c:41:e9:1b:97:52:d0:c1:4b:0b:d5:bd:09:24:fe:42:f2:47:
         87:04:29:f5:d1:59:29:96:9a:80:46:b9:ac:c1:80:9f:6d:a8:
         ea:7d:13:0a:e5:6f:9e:c0:23:c1:16:bd:64:e6:20:89:1a:d1:
         14:34:5c:b5:85:87:1f:54:14:28:a2:94:5c:42:c0:d8:0b:52:
         60:8b:9c:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyNCzJ/c3jTXwhgf/LRkY5/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMjI0MDAyNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjViMjhlM2Q4OGVhNmY3NzA1MTBkYTI5ZmExNDNiMDAzZjU0OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvk1VvF+drjzVT3vRN+VR6EBBxH0w
xOasewaxLh9w9p0IafYgXnsnyEG/X1gFbigIzav0yESQ//gc32x1a9TOsRa/iyuV
40/4mVOCZv7gFoqHrueq1il+CeSSEXuZRYuLcRThrIrKKVYJKJl6XtrcFQS8zU8X
4Q4fZgQ+doRjDil9Rby9mG+JsTS2rIzjRjsVs5FWm5WbIWBlpvbQD8feihV4hh2q
4qCTfSol1D1hA13BZiI1F58cENPXXN8OaaeO9hYGMoIAyon+AQoKP6e+cGHSN6gC
X4byuN/EstFMV626P9ovYOcbkEYlzDsJEES9E8DE4WKNwemrY4oEYicTxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9bKOPYjqb3cFENop+hQ7AD9UlyMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvSDFzbzQ5aU9wdmR3VVEyaW42RkRzQVAxU1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IYmMA0G
CSqGSIb3DQEBCwUAA4IBAQCFOoo6MlDA99FyIAMWqCzWXOTxEWN2lfdmcfAzk1oY
8N3pXJmik4BVZFUFk5qSQz+e262O+HlMlazYDQni0XN7m7P1CjP6g5SBxwp3fDNb
Z6FZqxNcwu3WSGfSk7GuF1wf/OncVd6TxTUwHvhg+uIslqqACyWRhXo5jSweYicg
6G/CZwY/51YrzMzF9Q1FYnMqopWz8aviFDlshKc8kXiKwF8vCBaSIpcBB5en+slh
izL4YDiMQekbl1LQwUsL1b0JJP5C8keHBCn10VkplpqARrmswYCfbajqfRMK5W+e
wCPBFr1k5iCJGtEUNFy1hYcfVBQoopRcQsDYC1Jgi5yG
-----END CERTIFICATE-----