Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/pvQ83sQTE6UnzGXxMq2p5BgevHU.roa
File:                     pvQ83sQTE6UnzGXxMq2p5BgevHU.roa (raw, json)
Hash identifier:          PJHPgjL7bhhagwtEVWOV7l15+R/5jE580b8xcIQXOB4=
Subject key identifier:   A6:F4:3C:DE:C4:13:13:A5:27:CC:65:F1:32:AD:A9:E4:18:1E:BC:75
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D9A3647935A707418F01E2A187DCC41F1
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/pvQ83sQTE6UnzGXxMq2p5BgevHU.roa
Signing time:             Fri 17 Apr 2026 06:52:21 +0000
ROA not before:           Fri 17 Apr 2026 06:52:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        212.134.22.0/24 maxlen: 24
                          212.134.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:36:47:93:5a:70:74:18:f0:1e:2a:18:7d:cc:41:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr 17 06:52:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6f43cdec41313a527cc65f132ada9e4181ebc75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:66:d7:91:dc:07:68:eb:2c:40:19:d3:92:75:
                    9f:7b:df:92:53:22:20:ca:19:69:6d:ac:a2:d5:f0:
                    1b:fb:12:c8:26:80:2a:62:69:e1:6b:42:ce:a1:30:
                    66:57:1b:26:47:4b:f8:1e:c3:15:ec:24:c2:f8:e5:
                    3f:3a:b2:d3:aa:36:65:1e:23:0d:85:24:52:d9:7c:
                    66:b9:e0:7f:88:c1:4f:d5:a1:56:55:b6:da:b5:cc:
                    0b:cb:dd:f7:b1:9b:0e:a6:26:97:20:4c:07:4e:ba:
                    28:53:67:1d:75:d5:fd:0d:32:65:69:16:f0:16:62:
                    10:78:21:01:43:13:3b:33:9a:af:e0:c3:f8:5e:44:
                    59:6f:31:6f:70:cb:e9:06:16:77:0c:6c:06:ee:73:
                    99:ed:99:95:6c:b9:cf:60:cd:db:4f:7b:af:86:a2:
                    23:93:64:ad:b3:49:ab:39:f0:98:e6:ed:bb:0a:6e:
                    7f:1c:e7:f0:68:5e:85:96:41:c9:b0:7e:59:d6:e6:
                    ce:51:11:09:da:c0:b6:58:9c:d8:b4:25:c9:10:0b:
                    bf:31:12:15:1a:97:d6:35:04:77:53:e6:4c:87:49:
                    48:35:d6:5d:78:f6:2f:a1:a8:50:47:13:36:b7:00:
                    6c:73:c3:dd:5d:b8:c1:19:2e:d1:1e:b9:0d:f4:87:
                    d0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:F4:3C:DE:C4:13:13:A5:27:CC:65:F1:32:AD:A9:E4:18:1E:BC:75
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/pvQ83sQTE6UnzGXxMq2p5BgevHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.22.0/24
                  212.134.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:40:ae:17:a0:62:6d:e3:6a:e7:f3:67:bb:0d:b1:bc:bf:99:
         4b:6d:ad:7e:aa:cf:f0:8d:a6:ef:ab:87:db:49:49:72:ed:91:
         52:0c:43:08:43:a0:0e:f4:68:a8:2d:60:76:b2:9d:21:e0:f7:
         9f:d2:d0:e2:8a:82:91:0b:2c:19:a2:94:cd:1d:2a:1f:30:a9:
         c7:50:71:8e:51:1b:cb:ec:fc:2b:86:bf:01:c3:75:89:44:fb:
         d2:88:79:3e:0d:00:f4:2d:67:4c:9d:c5:f8:bf:5a:f2:8d:81:
         21:5c:d8:39:4f:7c:c5:e0:18:8e:b3:2a:d9:bb:06:2d:87:41:
         af:d6:04:6d:87:21:58:6f:2e:24:ec:68:b0:f4:c1:81:80:52:
         b5:0e:1d:c2:3e:76:5c:fa:f8:3c:ee:52:5e:cd:8b:03:71:06:
         54:0a:22:d4:65:6f:e7:95:98:9d:c9:92:d6:e5:45:2c:84:72:
         90:43:51:ca:5f:f8:97:46:74:1b:38:8c:b0:f0:47:27:2b:61:
         98:b3:69:e0:c5:e6:ed:3b:55:7d:29:9f:33:c9:5d:ec:fc:d8:
         84:db:da:61:f6:db:f5:34:85:db:4a:72:e7:76:89:81:fd:5e:
         5d:da:fb:de:2d:0b:e3:2f:54:67:86:17:9d:af:78:b9:a7:d1:
         da:83:71:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2aNkeTWnB0GPAeKhh9zEHxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDE3MDY1MjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmY0M2NkZWM0MTMxM2E1MjdjYzY1ZjEzMmFkYTllNDE4MWViYzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGbXkdwHaOssQBnTknWfe9+SUyIg
yhlpbayi1fAb+xLIJoAqYmnha0LOoTBmVxsmR0v4HsMV7CTC+OU/OrLTqjZlHiMN
hSRS2XxmueB/iMFP1aFWVbbatcwLy933sZsOpiaXIEwHTrooU2cdddX9DTJlaRbw
FmIQeCEBQxM7M5qv4MP4XkRZbzFvcMvpBhZ3DGwG7nOZ7ZmVbLnPYM3bT3uvhqIj
k2Sts0mrOfCY5u27Cm5/HOfwaF6FlkHJsH5Z1ubOUREJ2sC2WJzYtCXJEAu/MRIV
GpfWNQR3U+ZMh0lINdZdePYvoahQRxM2twBsc8PdXbjBGS7RHrkN9IfQdQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKb0PN7EExOlJ8xl8TKtqeQYHrx1MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvcHZRODNzUVRFNlVuekdYeE1xMnA1QmdldkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IYWAwQA
1IZSMA0GCSqGSIb3DQEBCwUAA4IBAQAgQK4XoGJt42rn82e7DbG8v5lLba1+qs/w
jabvq4fbSUly7ZFSDEMIQ6AO9GioLWB2sp0h4Pef0tDiioKRCywZopTNHSofMKnH
UHGOURvL7Pwrhr8Bw3WJRPvSiHk+DQD0LWdMncX4v1ryjYEhXNg5T3zF4BiOsyrZ
uwYth0Gv1gRthyFYby4k7Giw9MGBgFK1Dh3CPnZc+vg87lJezYsDcQZUCiLUZW/n
lZidyZLW5UUshHKQQ1HKX/iXRnQbOIyw8EcnK2GYs2ngxebtO1V9KZ8zyV3s/NiE
29ph9tv1NIXbSnLndomB/V5d2vveLQvjL1Rnhhedr3i5p9Hag3Ee
-----END CERTIFICATE-----