Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/jw95TNaWEfbfxUVGKIqUD1oU-wg.roa
File:                     jw95TNaWEfbfxUVGKIqUD1oU-wg.roa (raw, json)
Hash identifier:          Rx1rRVMvGICWefkuxzzp9oTFgm+3Ajz6DhW5U7IiNBM=
Subject key identifier:   8F:0F:79:4C:D6:96:11:F6:DF:C5:45:46:28:8A:94:0F:5A:14:FB:08
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019C5FE1B4997CA364BBC8B582034978A6AC
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/jw95TNaWEfbfxUVGKIqUD1oU-wg.roa
Signing time:             Sun 15 Feb 2026 05:59:13 +0000
ROA not before:           Sun 15 Feb 2026 05:59:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     23532
IP address blocks:        212.134.42.0/24 maxlen: 24
                          212.134.43.0/24 maxlen: 24
                          212.134.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5f:e1:b4:99:7c:a3:64:bb:c8:b5:82:03:49:78:a6:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Feb 15 05:59:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f0f794cd69611f6dfc54546288a940f5a14fb08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cf:1a:fe:5e:09:a3:62:fc:f7:0d:04:3d:4e:
                    eb:9f:47:5e:46:42:fc:3c:92:c6:88:c9:c6:41:1f:
                    bb:ad:26:40:01:84:bc:53:96:6b:f4:0b:0d:ed:87:
                    a2:26:77:33:4c:00:a1:7e:04:a0:4a:ca:ce:4e:a5:
                    b9:89:c7:1e:99:f1:1f:8e:7d:f8:d3:0b:97:be:5d:
                    32:92:7d:4f:10:c8:c8:9e:09:1f:f4:bf:bc:74:aa:
                    34:0f:7a:cb:55:0e:c5:6f:91:f3:d6:b5:89:39:5c:
                    e6:a8:89:33:e1:19:23:25:46:6d:07:1d:f2:e5:f3:
                    7b:29:b2:bb:40:fe:a3:ea:09:b4:13:be:0b:d2:8c:
                    01:cd:b4:bf:20:4f:23:3d:8d:a8:56:5d:95:38:15:
                    83:e1:f7:ff:ac:ef:3c:86:4c:79:86:c5:89:5f:82:
                    56:5c:b9:00:6a:a5:fc:f1:aa:09:d2:79:74:e9:e9:
                    ec:e6:c0:2b:56:44:9f:f2:8b:53:6c:93:43:74:f4:
                    b5:ad:2d:b7:6b:92:65:87:a1:92:e7:d4:23:6b:38:
                    94:25:16:66:ee:49:63:71:46:9f:6a:3d:70:57:90:
                    66:e8:2e:17:1e:dc:19:7b:5e:4a:f5:0b:ed:e8:28:
                    77:d6:01:6f:76:d0:5d:d1:fd:dc:e0:50:ba:18:c8:
                    f4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:0F:79:4C:D6:96:11:F6:DF:C5:45:46:28:8A:94:0F:5A:14:FB:08
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/jw95TNaWEfbfxUVGKIqUD1oU-wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.42.0/23
                  212.134.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:1a:38:d4:f0:24:b3:43:04:fd:52:79:58:a2:e9:0f:fe:a1:
         af:91:a2:9d:22:0d:1a:1b:8e:18:59:a2:50:bd:82:f8:6b:f0:
         07:a1:15:11:34:6d:cd:33:d1:33:53:c4:97:13:bf:05:78:5b:
         03:96:77:01:13:91:3f:5a:26:99:f1:63:3c:cf:91:27:da:97:
         db:55:4e:4f:74:e9:c5:82:2a:19:92:b7:42:55:57:c0:0c:7e:
         99:c3:00:31:e1:98:a3:94:29:88:13:ed:9e:90:fb:88:e9:6c:
         cf:03:88:db:68:ae:3f:c8:73:61:25:0f:db:17:d5:92:33:1b:
         fc:54:78:a4:35:9d:cb:e7:f3:d0:72:f2:c0:ad:56:4d:d7:c1:
         23:48:71:07:e3:44:71:05:8d:56:0e:eb:f1:7c:29:b4:9a:c1:
         8e:de:bc:9a:d6:06:f0:76:1a:b2:bd:9d:a5:e5:83:e0:06:d8:
         c0:70:f3:7e:ee:61:10:9a:02:d5:40:a6:7b:23:20:2d:33:a3:
         1c:c5:df:c5:07:85:aa:2a:96:64:2d:c7:fb:32:b8:25:19:b9:
         70:92:6d:aa:00:57:4f:37:14:76:cb:35:f8:77:05:1d:23:c6:
         dc:6b:ad:3c:f6:dc:dc:9f:81:0e:ea:69:7e:1a:ca:8e:01:8b:
         5f:ad:80:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxf4bSZfKNku8i1ggNJeKasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMjE1MDU1OTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjBmNzk0Y2Q2OTYxMWY2ZGZjNTQ1NDYyODhhOTQwZjVhMTRmYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM8a/l4Jo2L89w0EPU7rn0deRkL8
PJLGiMnGQR+7rSZAAYS8U5Zr9AsN7YeiJnczTAChfgSgSsrOTqW5iccemfEfjn34
0wuXvl0ykn1PEMjIngkf9L+8dKo0D3rLVQ7Fb5Hz1rWJOVzmqIkz4RkjJUZtBx3y
5fN7KbK7QP6j6gm0E74L0owBzbS/IE8jPY2oVl2VOBWD4ff/rO88hkx5hsWJX4JW
XLkAaqX88aoJ0nl06ens5sArVkSf8otTbJNDdPS1rS23a5Jlh6GS59QjaziUJRZm
7kljcUafaj1wV5Bm6C4XHtwZe15K9Qvt6Ch31gFvdtBd0f3c4FC6GMj0GQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI8PeUzWlhH238VFRiiKlA9aFPsIMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvanc5NVROYVdFZmJmeFVWR0tJcVVEMW9VLXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQB1IYqAwQA
1IYxMA0GCSqGSIb3DQEBCwUAA4IBAQAcGjjU8CSzQwT9UnlYoukP/qGvkaKdIg0a
G44YWaJQvYL4a/AHoRURNG3NM9EzU8SXE78FeFsDlncBE5E/WiaZ8WM8z5En2pfb
VU5PdOnFgioZkrdCVVfADH6ZwwAx4ZijlCmIE+2ekPuI6WzPA4jbaK4/yHNhJQ/b
F9WSMxv8VHikNZ3L5/PQcvLArVZN18EjSHEH40RxBY1WDuvxfCm0msGO3rya1gbw
dhqyvZ2l5YPgBtjAcPN+7mEQmgLVQKZ7IyAtM6Mcxd/FB4WqKpZkLcf7MrglGblw
km2qAFdPNxR2yzX4dwUdI8bca6089tzcn4EO6ml+GsqOAYtfrYBW
-----END CERTIFICATE-----