Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fwY3fQ4QXDAiWaahn7cDqMHHPHU.roa
File:                     fwY3fQ4QXDAiWaahn7cDqMHHPHU.roa (raw, json)
Hash identifier:          EI5RyQtcSTbxQTBK+IXESk3BIbJmNtWzUHQrvQaaVt4=
Subject key identifier:   7F:06:37:7D:0E:10:5C:30:22:59:A6:A1:9F:B7:03:A8:C1:C7:3C:75
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E97D60F11D641C00553ED8CAF03CDF658
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fwY3fQ4QXDAiWaahn7cDqMHHPHU.roa
Signing time:             Fri 05 Jun 2026 12:50:48 +0000
ROA not before:           Fri 05 Jun 2026 12:50:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7979
IP address blocks:        212.74.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:d6:0f:11:d6:41:c0:05:53:ed:8c:af:03:cd:f6:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun  5 12:50:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f06377d0e105c302259a6a19fb703a8c1c73c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:04:7d:25:bd:c1:b7:67:cf:81:de:03:6a:c1:
                    8c:74:0d:93:00:8c:69:fd:10:60:f8:54:cf:1f:7b:
                    6d:e4:3e:91:59:3c:60:23:1b:34:e0:b3:97:8c:92:
                    d6:70:92:65:24:41:35:eb:0e:de:e2:e4:1e:1d:19:
                    b8:34:2a:66:ed:74:f7:be:03:62:d8:b1:61:3c:e4:
                    4f:0e:9a:24:79:d3:f0:1c:f4:98:9e:69:01:eb:ad:
                    f5:88:83:d6:0b:31:d8:8f:05:39:98:5d:f8:1a:99:
                    4e:e9:88:9e:83:12:04:c8:88:87:9c:50:d3:63:a1:
                    b9:94:97:c4:fc:13:06:70:03:55:2e:21:b2:83:9a:
                    17:b4:ea:e1:1e:2b:b8:f4:b7:ed:95:a8:88:ee:01:
                    52:71:92:21:57:7a:f6:2f:1e:ba:df:40:4c:df:b2:
                    08:9c:eb:af:73:bb:ef:74:59:2e:2c:cd:72:73:27:
                    90:b0:f6:ba:7e:ee:65:18:2f:39:88:ac:2e:fb:89:
                    61:c4:8e:e6:4c:94:72:55:60:a6:aa:81:3a:24:db:
                    21:3a:c6:5f:1f:4a:96:2c:b1:33:72:64:4b:82:59:
                    8f:b5:ab:3e:45:2a:52:94:2a:6e:d0:37:b6:31:67:
                    a4:d8:ad:e2:1c:c8:33:1c:85:70:ec:3c:6c:46:59:
                    11:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:06:37:7D:0E:10:5C:30:22:59:A6:A1:9F:B7:03:A8:C1:C7:3C:75
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fwY3fQ4QXDAiWaahn7cDqMHHPHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:96:d2:5b:8b:16:43:2d:e4:4c:88:63:23:e1:6b:0a:d6:02:
         49:14:fa:68:96:ce:82:fb:94:42:50:8c:6d:15:58:20:da:cc:
         06:d9:e9:8f:e9:b2:ca:a3:9b:e4:f3:27:de:29:c9:f1:1f:d3:
         b6:3b:2c:75:b3:dc:f0:1a:7b:e8:11:91:18:04:5a:82:e8:9e:
         0c:fb:69:7a:f8:da:2f:ca:c6:d5:52:5d:92:c1:f6:68:f8:3d:
         c0:90:40:9b:ed:d8:d8:01:f7:44:df:3b:d4:5d:07:10:81:9a:
         ec:3d:b9:f6:22:e4:06:05:7f:6b:26:68:57:d9:58:bb:00:b2:
         b2:66:cc:62:7c:25:0d:58:60:d0:56:60:72:3a:42:f0:6b:87:
         e0:f3:69:43:33:03:eb:60:d8:de:9e:30:87:36:58:66:17:7f:
         5d:4c:04:97:bd:23:e1:fb:f5:57:64:28:65:16:89:ee:fa:cc:
         e4:51:c6:45:24:cf:14:a5:f8:72:66:80:ec:ac:d9:9c:68:31:
         9c:0f:f9:42:e1:65:fe:c4:2d:0a:38:e5:eb:9c:48:a1:77:a9:
         22:f2:e7:0c:ec:c3:88:87:33:f0:f6:61:2b:49:8c:27:01:b9:
         ea:9f:5d:80:5c:b3:c5:2d:fa:0e:56:ff:35:f9:35:da:f0:36:
         f4:dc:a8:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6X1g8R1kHABVPtjK8DzfZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjA1MTI1MDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjA2Mzc3ZDBlMTA1YzMwMjI1OWE2YTE5ZmI3MDNhOGMxYzczYzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AR9Jb3Bt2fPgd4DasGMdA2TAIxp
/RBg+FTPH3tt5D6RWTxgIxs04LOXjJLWcJJlJEE16w7e4uQeHRm4NCpm7XT3vgNi
2LFhPORPDpokedPwHPSYnmkB6631iIPWCzHYjwU5mF34GplO6YiegxIEyIiHnFDT
Y6G5lJfE/BMGcANVLiGyg5oXtOrhHiu49LftlaiI7gFScZIhV3r2Lx6630BM37II
nOuvc7vvdFkuLM1ycyeQsPa6fu5lGC85iKwu+4lhxI7mTJRyVWCmqoE6JNshOsZf
H0qWLLEzcmRLglmPtas+RSpSlCpu0De2MWek2K3iHMgzHIVw7DxsRlkRUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8GN30OEFwwIlmmoZ+3A6jBxzx1MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvZndZM2ZRNFFYREFpV2FhaG43Y0RxTUhIUEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EoUMA0G
CSqGSIb3DQEBCwUAA4IBAQC0ltJbixZDLeRMiGMj4WsK1gJJFPpols6C+5RCUIxt
FVgg2swG2emP6bLKo5vk8yfeKcnxH9O2Oyx1s9zwGnvoEZEYBFqC6J4M+2l6+Nov
ysbVUl2SwfZo+D3AkECb7djYAfdE3zvUXQcQgZrsPbn2IuQGBX9rJmhX2Vi7ALKy
ZsxifCUNWGDQVmByOkLwa4fg82lDMwPrYNjenjCHNlhmF39dTASXvSPh+/VXZChl
Fonu+szkUcZFJM8UpfhyZoDsrNmcaDGcD/lC4WX+xC0KOOXrnEihd6ki8ucM7MOI
hzPw9mErSYwnAbnqn12AXLPFLfoOVv81+TXa8Db03Kg0
-----END CERTIFICATE-----