Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/wsZOwoOsdc0NnkfNMOcxcnaxMD4.roa
File:                     wsZOwoOsdc0NnkfNMOcxcnaxMD4.roa (raw, json)
Hash identifier:          Sr0CyBcqer+P31sY/d9ns2f/8WGtDhYvEA0md9PDl20=
Subject key identifier:   C2:C6:4E:C2:83:AC:75:CD:0D:9E:47:CD:30:E7:31:72:76:B1:30:3E
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019A2EAC6DC6C41A21A5620C4F96A9D2EA65
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/wsZOwoOsdc0NnkfNMOcxcnaxMD4.roa
Signing time:             Wed 29 Oct 2025 06:34:03 +0000
ROA not before:           Wed 29 Oct 2025 06:34:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206300
IP address blocks:        212.134.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2e:ac:6d:c6:c4:1a:21:a5:62:0c:4f:96:a9:d2:ea:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Oct 29 06:34:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2c64ec283ac75cd0d9e47cd30e7317276b1303e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:82:ce:1a:f6:42:be:0a:49:f6:54:2d:7d:df:
                    df:51:b7:82:38:5e:fa:fd:d2:1e:e3:a6:c0:7e:46:
                    df:db:cd:79:fa:83:a9:a5:79:46:36:a3:da:19:58:
                    92:08:f5:fb:01:6f:5c:ba:d9:22:a3:8f:f0:fd:e5:
                    5d:6e:2b:01:1a:03:83:bf:62:41:6e:94:ff:3f:c4:
                    2e:12:42:1c:3d:37:4e:4b:e9:2c:c3:6e:55:19:da:
                    b5:b2:5d:28:5d:b5:fc:6c:99:39:17:3f:95:41:6c:
                    6a:c3:b9:58:7a:7a:40:6e:a7:bf:df:e9:87:aa:93:
                    04:e5:bd:15:e0:2f:ed:d7:58:99:56:d9:fe:59:3d:
                    41:7d:39:7f:b2:0e:97:b5:0b:8b:d9:01:42:31:9c:
                    12:44:94:23:5b:95:7a:4e:a2:25:c1:5e:0a:f3:27:
                    6a:9b:3a:19:43:30:05:73:ee:78:8c:70:07:dc:86:
                    e7:6d:0d:46:63:58:a5:d7:a5:3e:5a:96:80:84:33:
                    ed:6d:51:f0:c7:74:35:bc:6d:a1:aa:48:74:35:26:
                    66:b1:87:22:a1:f7:40:6d:b1:73:8d:d1:73:63:cf:
                    33:f6:01:cc:76:79:71:8f:fc:44:f9:60:78:ed:17:
                    ac:ce:cb:5b:d3:64:bb:68:db:fa:60:98:b4:d0:32:
                    f1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C6:4E:C2:83:AC:75:CD:0D:9E:47:CD:30:E7:31:72:76:B1:30:3E
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/wsZOwoOsdc0NnkfNMOcxcnaxMD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:21:5d:78:8f:16:a2:7e:f3:d3:fc:d8:e8:fd:ca:49:d9:d6:
         3a:3c:29:ac:bd:48:4d:89:90:8b:42:cf:a6:a4:c3:9c:ab:2f:
         50:9d:27:60:1c:18:32:bc:0c:79:ab:63:f0:fb:8c:7a:c2:39:
         c9:89:b5:9b:c8:e2:40:4c:fa:7e:92:54:0f:f2:e1:50:67:a5:
         2d:ee:79:ab:70:83:01:6e:4d:b6:cc:ee:1c:33:71:e1:6b:b5:
         5b:dc:2e:fc:7b:9e:55:aa:7a:4b:cd:23:a4:3f:37:d2:f7:75:
         55:e6:4d:e9:49:8f:b3:b6:36:b3:8d:3d:ab:67:20:37:eb:70:
         a2:ee:0f:69:7c:59:d1:ee:17:66:e9:47:ec:46:49:0f:e2:4a:
         64:85:83:e4:7e:e8:cd:83:ef:fe:ed:38:2e:62:f4:cc:aa:5a:
         99:b3:55:cb:22:be:1f:a7:a1:ce:82:b5:d7:cf:e6:72:8f:9f:
         85:4b:b2:74:f2:5b:8b:74:86:eb:6f:d5:82:56:48:e1:fb:4d:
         fd:62:77:c5:2d:8d:88:f2:a5:76:e1:52:e3:d4:d4:1a:19:ae:
         a9:9e:4d:9f:8e:57:a0:4f:ff:9e:c9:98:16:80:5e:1b:06:91:
         13:aa:b7:f1:f3:00:40:25:7c:0e:13:3a:e1:c4:01:da:8b:6a:
         14:d5:e7:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZourG3GxBohpWIMT5ap0uplMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDI5MDYzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmM2NGVjMjgzYWM3NWNkMGQ5ZTQ3Y2QzMGU3MzE3Mjc2YjEzMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwILOGvZCvgpJ9lQtfd/fUbeCOF76
/dIe46bAfkbf2815+oOppXlGNqPaGViSCPX7AW9cutkio4/w/eVdbisBGgODv2JB
bpT/P8QuEkIcPTdOS+ksw25VGdq1sl0oXbX8bJk5Fz+VQWxqw7lYenpAbqe/3+mH
qpME5b0V4C/t11iZVtn+WT1BfTl/sg6XtQuL2QFCMZwSRJQjW5V6TqIlwV4K8ydq
mzoZQzAFc+54jHAH3IbnbQ1GY1il16U+WpaAhDPtbVHwx3Q1vG2hqkh0NSZmsYci
ofdAbbFzjdFzY88z9gHMdnlxj/xE+WB47Reszstb02S7aNv6YJi00DLxFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLGTsKDrHXNDZ5HzTDnMXJ2sTA+MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvd3NaT3dvT3NkYzBObmtmTk1PY3hjbmF4TUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IauMA0G
CSqGSIb3DQEBCwUAA4IBAQBKIV14jxaifvPT/Njo/cpJ2dY6PCmsvUhNiZCLQs+m
pMOcqy9QnSdgHBgyvAx5q2Pw+4x6wjnJibWbyOJATPp+klQP8uFQZ6Ut7nmrcIMB
bk22zO4cM3Hha7Vb3C78e55VqnpLzSOkPzfS93VV5k3pSY+ztjazjT2rZyA363Ci
7g9pfFnR7hdm6UfsRkkP4kpkhYPkfujNg+/+7TguYvTMqlqZs1XLIr4fp6HOgrXX
z+Zyj5+FS7J08luLdIbrb9WCVkjh+039YnfFLY2I8qV24VLj1NQaGa6pnk2fjleg
T/+eyZgWgF4bBpETqrfx8wBAJXwOEzrhxAHai2oU1eeJ
-----END CERTIFICATE-----