Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/MWGeBRikHgY5iBxPIbv78r9ejqk.roa
File:                     MWGeBRikHgY5iBxPIbv78r9ejqk.roa (raw, json)
Hash identifier:          82KsjUbBdesPNbCoBDDpxRg9sqFEdzU2yIxY1Jsp2OE=
Subject key identifier:   31:61:9E:05:18:A4:1E:06:39:88:1C:4F:21:BB:FB:F2:BF:5E:8E:A9
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EACCB67A503A5D092D2FA4CE8F0B96C2C
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/MWGeBRikHgY5iBxPIbv78r9ejqk.roa
Signing time:             Tue 09 Jun 2026 14:31:11 +0000
ROA not before:           Tue 09 Jun 2026 14:31:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21859
IP address blocks:        212.135.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:cb:67:a5:03:a5:d0:92:d2:fa:4c:e8:f0:b9:6c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun  9 14:31:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31619e0518a41e0639881c4f21bbfbf2bf5e8ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:76:fc:e7:9d:9a:25:a2:75:e2:09:cf:65:08:
                    f9:6b:3a:f0:81:e6:29:c1:46:08:f0:97:e2:c8:31:
                    36:05:56:66:58:95:f6:5f:37:42:76:f4:e4:12:4f:
                    2d:70:f8:49:ca:fd:18:c7:72:7d:bb:35:65:02:07:
                    a8:43:11:97:43:c4:73:78:01:3b:dc:4f:c3:f9:19:
                    19:33:2f:58:9c:f5:58:90:87:94:bf:64:b8:ea:f6:
                    19:47:f4:ce:c1:cb:b1:0f:c2:6c:06:bd:77:b5:1e:
                    b4:1e:30:e0:d4:e1:88:8d:b2:5f:93:06:3f:c5:b5:
                    e7:0b:d5:5b:a1:66:c0:ca:e2:5b:fb:c8:3d:b6:d3:
                    b5:b1:53:2c:d8:e4:33:55:6a:dc:02:22:19:8c:ea:
                    47:bf:d5:74:71:47:8b:e6:63:ed:5a:ae:b2:fb:37:
                    0a:fa:57:52:6d:4f:7f:9b:ac:98:df:e7:43:33:22:
                    3b:d9:8f:88:fa:81:75:27:b1:73:75:e9:2a:0a:06:
                    6a:5c:80:7a:1f:9b:93:a9:17:e5:1a:8e:77:24:80:
                    f7:9c:90:7b:78:bd:8f:e9:4f:d1:ec:f7:e5:26:c0:
                    cf:66:39:5f:87:2f:1a:f9:f2:82:95:0d:3f:43:da:
                    ad:e4:03:9c:e6:b3:eb:06:6e:42:ea:4b:6d:a3:da:
                    f1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:61:9E:05:18:A4:1E:06:39:88:1C:4F:21:BB:FB:F2:BF:5E:8E:A9
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/MWGeBRikHgY5iBxPIbv78r9ejqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:f9:28:37:5b:bd:e7:20:bc:fe:79:de:77:84:e5:c5:11:2b:
         74:3b:3f:aa:7d:2c:63:ee:da:68:d8:97:54:f7:7d:0c:66:46:
         fa:0f:aa:0b:cb:1f:e0:f2:b9:c3:67:b4:db:74:f4:d8:a9:6b:
         d4:0e:6b:66:e7:9f:32:5a:91:63:6b:83:8a:44:1b:c2:aa:0e:
         7c:43:60:5b:0c:e3:9a:28:80:c1:2b:24:98:44:6d:7e:41:fa:
         8e:e3:de:01:4c:0d:72:95:a7:90:6e:1a:7f:74:59:50:35:06:
         6b:1b:2d:e4:ed:4f:ee:e7:0c:a5:85:c5:fd:7c:4f:83:ed:e7:
         89:00:b0:36:50:d3:6c:f8:35:d5:fe:2b:00:35:e6:09:ca:b9:
         cc:15:5b:f4:51:ce:2c:f3:e6:31:5d:7d:bd:63:1f:61:7a:e1:
         6b:43:58:1e:f7:51:4d:07:e1:e9:08:19:a2:24:3d:e6:3b:01:
         ef:84:d6:ec:b8:fe:38:aa:f3:7d:62:c9:36:00:fe:c3:6c:4c:
         69:8f:7c:83:e4:f7:03:e6:4d:4a:b7:f1:fd:cb:9f:fe:80:58:
         8f:fe:8e:7a:95:36:90:2f:42:2c:af:4a:7f:a6:27:91:40:c6:
         90:61:c3:7c:79:f5:cd:13:94:bc:95:87:64:cd:45:a4:60:50:
         e0:02:35:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6sy2elA6XQktL6TOjwuWwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjA5MTQzMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTYxOWUwNTE4YTQxZTA2Mzk4ODFjNGYyMWJiZmJmMmJmNWU4ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnb8552aJaJ14gnPZQj5azrwgeYp
wUYI8JfiyDE2BVZmWJX2XzdCdvTkEk8tcPhJyv0Yx3J9uzVlAgeoQxGXQ8RzeAE7
3E/D+RkZMy9YnPVYkIeUv2S46vYZR/TOwcuxD8JsBr13tR60HjDg1OGIjbJfkwY/
xbXnC9VboWbAyuJb+8g9ttO1sVMs2OQzVWrcAiIZjOpHv9V0cUeL5mPtWq6y+zcK
+ldSbU9/m6yY3+dDMyI72Y+I+oF1J7FzdekqCgZqXIB6H5uTqRflGo53JID3nJB7
eL2P6U/R7PflJsDPZjlfhy8a+fKClQ0/Q9qt5AOc5rPrBm5C6ktto9rxUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFhngUYpB4GOYgcTyG7+/K/Xo6pMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvTVdHZUJSaWtIZ1k1aUJ4UElidjc4cjllanFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IceMA0G
CSqGSIb3DQEBCwUAA4IBAQDN+Sg3W73nILz+ed53hOXFESt0Oz+qfSxj7tpo2JdU
930MZkb6D6oLyx/g8rnDZ7TbdPTYqWvUDmtm558yWpFja4OKRBvCqg58Q2BbDOOa
KIDBKySYRG1+QfqO494BTA1ylaeQbhp/dFlQNQZrGy3k7U/u5wylhcX9fE+D7eeJ
ALA2UNNs+DXV/isANeYJyrnMFVv0Uc4s8+YxXX29Yx9heuFrQ1ge91FNB+HpCBmi
JD3mOwHvhNbsuP44qvN9Ysk2AP7DbExpj3yD5PcD5k1Kt/H9y5/+gFiP/o56lTaQ
L0Isr0p/pieRQMaQYcN8efXNE5S8lYdkzUWkYFDgAjU/
-----END CERTIFICATE-----