Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/d-14htBhhAlf_xSuiKtHZf6WmRk.roa
File:                     d-14htBhhAlf_xSuiKtHZf6WmRk.roa (raw, json)
Hash identifier:          cqHRvPYdv3LBMd0RWa77rt34cxIxuuQOmfWA6TvwK+Q=
Subject key identifier:   77:ED:78:86:D0:61:84:09:5F:FF:14:AE:88:AB:47:65:FE:96:99:19
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D57E124CD7A44D360C2AB3DD8C738DD26
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/d-14htBhhAlf_xSuiKtHZf6WmRk.roa
Signing time:             Sat 04 Apr 2026 09:44:26 +0000
ROA not before:           Sat 04 Apr 2026 09:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402315
IP address blocks:        212.134.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:57:e1:24:cd:7a:44:d3:60:c2:ab:3d:d8:c7:38:dd:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr  4 09:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=77ed7886d06184095fff14ae88ab4765fe969919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5d:2d:24:4d:1a:f0:f6:d4:03:78:d3:bd:fe:
                    b4:27:46:9b:b4:84:67:01:8c:78:ee:a2:70:55:e8:
                    17:c2:1d:ac:4f:e0:0f:44:5d:0d:d9:78:71:37:d3:
                    d9:77:80:3c:33:cc:c4:83:3d:22:ea:df:24:a6:d1:
                    00:75:ec:fb:ef:a8:42:b6:e4:7c:ee:f7:ef:63:7a:
                    b8:7f:34:89:44:1a:ac:51:2f:e3:67:0a:b5:6e:46:
                    6c:c5:b1:bb:62:77:ff:fb:9b:30:0b:f8:3f:cd:60:
                    dd:94:fe:57:11:93:18:a7:07:c0:53:04:0a:4a:25:
                    01:ab:86:ae:ee:f8:d4:e8:81:a3:44:de:b4:3b:89:
                    a1:1d:11:56:66:a9:b1:d6:4f:f7:5c:aa:ab:98:82:
                    6c:ee:0c:ce:33:8f:2b:88:a1:bd:8e:5e:b5:51:c8:
                    28:db:f7:6d:dc:c2:48:37:18:d5:1f:fe:46:f3:2d:
                    53:ee:74:95:93:80:d5:8f:85:64:27:94:f7:54:14:
                    75:ed:41:cc:51:9e:78:03:91:92:d8:46:01:5e:bb:
                    02:1b:49:61:96:05:f0:4f:5c:d5:08:1b:f8:ed:58:
                    b9:b8:8c:c3:4c:56:3d:1b:26:db:65:fe:b4:ac:d1:
                    29:5d:00:83:7e:e2:36:15:e1:7c:d4:0a:f8:a4:fc:
                    9d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:ED:78:86:D0:61:84:09:5F:FF:14:AE:88:AB:47:65:FE:96:99:19
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/d-14htBhhAlf_xSuiKtHZf6WmRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:8b:ee:cf:fc:c7:23:65:c5:18:f0:0f:6c:e7:6d:72:40:b6:
         de:e5:be:27:88:4c:3d:ce:75:65:c7:3c:ba:78:80:45:37:85:
         27:58:86:7d:8f:fc:3c:52:b4:98:b7:fd:3a:2f:7f:1e:fb:fa:
         8d:1a:da:03:0b:e1:73:27:3f:55:42:ef:9f:cc:d4:df:a5:6a:
         9d:5b:b3:78:68:92:0c:b8:92:b5:8b:e9:27:1c:62:bf:43:5c:
         18:20:e6:bb:ea:07:13:41:5d:00:4e:57:ce:34:d2:59:02:11:
         57:82:91:db:78:79:6e:07:c9:dc:c6:dd:06:8b:51:a0:ad:c9:
         48:58:45:9c:6b:09:35:2d:19:45:81:8a:01:58:b5:10:69:3c:
         05:86:da:16:da:f6:bc:8a:79:06:50:09:d5:8b:80:ec:d1:a7:
         73:23:cd:9c:53:cf:7a:da:1b:13:b2:0e:12:ba:a1:f1:f1:4f:
         35:1b:43:03:07:f0:ec:36:02:c3:b3:e3:f2:97:91:25:d1:5b:
         8f:99:78:e8:5f:b7:08:f4:b5:fd:b5:96:6e:16:89:1c:1e:61:
         43:ae:13:c0:7c:70:bb:33:f3:50:3c:44:e4:1c:7c:a9:3c:2d:
         a4:dd:fc:a3:59:71:25:15:75:30:8f:6c:85:fc:1b:de:b5:63:
         0e:23:bc:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1X4STNekTTYMKrPdjHON0mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDA0MDk0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2VkNzg4NmQwNjE4NDA5NWZmZjE0YWU4OGFiNDc2NWZlOTY5OTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsV0tJE0a8PbUA3jTvf60J0abtIRn
AYx47qJwVegXwh2sT+APRF0N2XhxN9PZd4A8M8zEgz0i6t8kptEAdez776hCtuR8
7vfvY3q4fzSJRBqsUS/jZwq1bkZsxbG7Ynf/+5swC/g/zWDdlP5XEZMYpwfAUwQK
SiUBq4au7vjU6IGjRN60O4mhHRFWZqmx1k/3XKqrmIJs7gzOM48riKG9jl61Ucgo
2/dt3MJINxjVH/5G8y1T7nSVk4DVj4VkJ5T3VBR17UHMUZ54A5GS2EYBXrsCG0lh
lgXwT1zVCBv47Vi5uIzDTFY9GybbZf60rNEpXQCDfuI2FeF81Ar4pPydUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfteIbQYYQJX/8UroirR2X+lpkZMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvZC0xNGh0QmhoQWxmX3hTdWlLdEhaZjZXbVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IaCMA0G
CSqGSIb3DQEBCwUAA4IBAQBoi+7P/McjZcUY8A9s521yQLbe5b4niEw9znVlxzy6
eIBFN4UnWIZ9j/w8UrSYt/06L38e+/qNGtoDC+FzJz9VQu+fzNTfpWqdW7N4aJIM
uJK1i+knHGK/Q1wYIOa76gcTQV0ATlfONNJZAhFXgpHbeHluB8ncxt0Gi1GgrclI
WEWcawk1LRlFgYoBWLUQaTwFhtoW2va8inkGUAnVi4Ds0adzI82cU8962hsTsg4S
uqHx8U81G0MDB/DsNgLDs+Pyl5El0VuPmXjoX7cI9LX9tZZuFokcHmFDrhPAfHC7
M/NQPETkHHypPC2k3fyjWXElFXUwj2yF/BvetWMOI7w9
-----END CERTIFICATE-----