Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/_hxU7tULn_LbCEmtKEKM7wXfJV4.roa
File:                     _hxU7tULn_LbCEmtKEKM7wXfJV4.roa (raw, json)
Hash identifier:          vrgrZN3/6Qzx83Xu1eKkHQexoklLKRHouot45MWR+KE=
Subject key identifier:   FE:1C:54:EE:D5:0B:9F:F2:DB:08:49:AD:28:42:8C:EF:05:DF:25:5E
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D918DC4EF8FBC74E1AF33A312BF5A78F2
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/_hxU7tULn_LbCEmtKEKM7wXfJV4.roa
Signing time:             Wed 15 Apr 2026 14:31:20 +0000
ROA not before:           Wed 15 Apr 2026 14:31:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209104
IP address blocks:        212.134.24.0/24 maxlen: 24
                          212.135.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 11:27:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:8d:c4:ef:8f:bc:74:e1:af:33:a3:12:bf:5a:78:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 15 14:31:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe1c54eed50b9ff2db0849ad28428cef05df255e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:76:55:d5:53:cd:d0:4a:66:0e:7f:b3:f9:61:
                    7b:7b:5f:0b:1f:3d:ab:27:4a:aa:5d:ea:a6:b9:9d:
                    21:db:86:94:46:28:1b:8d:d5:0f:fe:90:9d:d5:8a:
                    2b:cf:ff:45:bf:29:b0:80:03:04:2f:7c:ec:e0:56:
                    3d:3d:18:81:d1:40:d3:95:c9:9a:bb:d8:b8:cc:db:
                    f3:0c:a0:d4:79:27:14:aa:9f:48:d1:e2:0b:36:22:
                    28:49:e0:b8:53:3a:7a:62:90:ac:4d:d5:b9:b8:93:
                    43:39:62:1e:af:75:31:6d:ae:e7:5d:9f:7a:72:72:
                    ba:ba:28:9f:65:f4:13:2d:aa:ab:85:ef:7f:a6:61:
                    2a:d6:4a:3b:2a:80:ea:d2:e9:52:95:6d:22:47:97:
                    7b:e5:98:fe:e1:ff:5b:2a:6d:4c:51:e8:ee:c2:bf:
                    c1:c8:8f:18:87:3c:70:cd:7c:8b:2e:aa:45:85:c7:
                    28:21:d2:9f:3b:e5:02:25:f2:3d:87:02:97:27:58:
                    e0:d5:4f:d8:cf:cc:70:c7:df:52:2b:82:1d:b6:1b:
                    d2:3a:a0:0b:43:b3:5b:29:77:23:48:05:c7:6e:45:
                    e5:3c:a3:dc:ef:24:1f:2f:3d:66:8d:a9:2a:f0:99:
                    8a:22:2a:2f:30:e3:33:d5:ce:c6:b3:db:d4:9f:7b:
                    bb:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:1C:54:EE:D5:0B:9F:F2:DB:08:49:AD:28:42:8C:EF:05:DF:25:5E
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/_hxU7tULn_LbCEmtKEKM7wXfJV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.24.0/24
                  212.135.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:c4:e8:1c:37:04:d9:21:14:76:82:61:83:7c:ba:51:1a:93:
         e4:87:89:fe:1a:40:ad:fe:1e:c4:f9:67:1b:26:a8:ad:6b:86:
         79:48:5f:81:78:53:82:9d:07:0b:b2:54:4a:4c:6e:0e:9d:4f:
         0c:10:6d:17:7f:f0:c8:d1:b7:a0:9b:2a:04:4b:29:be:cd:84:
         91:9a:77:cf:11:1f:e5:c1:16:54:03:92:2c:f1:a1:4c:4a:56:
         d8:50:f1:ad:ad:5a:f6:49:4b:65:9b:5a:70:d5:7a:fb:49:48:
         14:e3:a6:ea:f0:82:45:15:07:c0:8a:fe:23:ce:38:40:d4:18:
         21:97:6a:5a:17:95:3e:51:6f:e8:3e:89:b0:df:b3:a5:91:98:
         bb:f3:8f:6c:74:91:b1:eb:06:27:df:cc:71:a8:c4:13:8c:c2:
         12:28:b7:6d:ee:66:d5:ce:41:cf:a8:70:32:ab:e1:7b:52:4a:
         46:d3:ea:15:65:b3:b1:de:21:b2:66:8f:b0:85:94:53:e8:76:
         1a:17:55:e6:a5:2d:ad:67:7b:f3:04:a3:79:8f:ec:75:47:b9:
         51:dc:25:0d:4d:9b:e6:33:60:03:be:35:56:c8:da:f3:55:7f:
         8d:f7:28:70:ed:fd:1e:14:56:66:34:6a:ac:f8:9a:37:78:94:
         3f:23:68:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2RjcTvj7x04a8zoxK/WnjyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDE1MTQzMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTFjNTRlZWQ1MGI5ZmYyZGIwODQ5YWQyODQyOGNlZjA1ZGYyNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3ZV1VPN0EpmDn+z+WF7e18LHz2r
J0qqXeqmuZ0h24aURigbjdUP/pCd1Yorz/9FvymwgAMEL3zs4FY9PRiB0UDTlcma
u9i4zNvzDKDUeScUqp9I0eILNiIoSeC4Uzp6YpCsTdW5uJNDOWIer3Uxba7nXZ96
cnK6uiifZfQTLaqrhe9/pmEq1ko7KoDq0ulSlW0iR5d75Zj+4f9bKm1MUejuwr/B
yI8YhzxwzXyLLqpFhccoIdKfO+UCJfI9hwKXJ1jg1U/Yz8xwx99SK4IdthvSOqAL
Q7NbKXcjSAXHbkXlPKPc7yQfLz1mjakq8JmKIiovMOMz1c7Gs9vUn3u75QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP4cVO7VC5/y2whJrShCjO8F3yVeMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvX2h4VTd0VUxuX0xiQ0VtdEtFS003d1hmSlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IYYAwQA
1IcQMA0GCSqGSIb3DQEBCwUAA4IBAQB/xOgcNwTZIRR2gmGDfLpRGpPkh4n+GkCt
/h7E+WcbJqita4Z5SF+BeFOCnQcLslRKTG4OnU8MEG0Xf/DI0begmyoESym+zYSR
mnfPER/lwRZUA5Is8aFMSlbYUPGtrVr2SUtlm1pw1Xr7SUgU46bq8IJFFQfAiv4j
zjhA1Bghl2paF5U+UW/oPomw37OlkZi7849sdJGx6wYn38xxqMQTjMISKLdt7mbV
zkHPqHAyq+F7UkpG0+oVZbOx3iGyZo+whZRT6HYaF1XmpS2tZ3vzBKN5j+x1R7lR
3CUNTZvmM2ADvjVWyNrzVX+N9yhw7f0eFFZmNGqs+Jo3eJQ/I2ib
-----END CERTIFICATE-----