Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/wzhJK5U3O9PDeTtd1k-BLxWXobM.roa
File:                     wzhJK5U3O9PDeTtd1k-BLxWXobM.roa (raw, json)
Hash identifier:          ZuSr6xAnYHxQxeesFOaB8ccWViPwtKqJu5Tv72gdNP8=
Subject key identifier:   C3:38:49:2B:95:37:3B:D3:C3:79:3B:5D:D6:4F:81:2F:15:97:A1:B3
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D423981763B6D07080C7F135292A560B4
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/wzhJK5U3O9PDeTtd1k-BLxWXobM.roa
Signing time:             Tue 31 Mar 2026 04:49:18 +0000
ROA not before:           Tue 31 Mar 2026 04:49:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200105
IP address blocks:        212.134.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:42:39:81:76:3b:6d:07:08:0c:7f:13:52:92:a5:60:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Mar 31 04:49:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c338492b95373bd3c3793b5dd64f812f1597a1b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7a:f0:da:c1:6f:fc:89:a9:11:bd:3a:bb:90:
                    66:9d:a9:83:a1:c1:21:a2:86:57:77:48:97:00:a7:
                    f6:eb:a2:4d:03:81:b1:bb:cc:c5:e0:09:11:6e:28:
                    f3:e9:6f:10:ae:5b:95:de:d3:9a:05:88:74:dd:a9:
                    d6:db:dc:03:08:3b:7d:1c:08:e9:0d:ce:d1:71:c5:
                    26:2a:b9:2b:07:67:60:7e:14:fc:17:ce:fc:dd:c7:
                    30:09:77:ce:32:f6:4d:4b:ba:35:d2:92:32:56:a0:
                    7d:31:a0:26:c3:02:a4:8b:ac:6e:85:7b:f6:04:9f:
                    35:2c:82:48:32:b4:ef:88:99:f7:8c:a8:96:f6:d6:
                    0c:c3:d8:34:8c:e1:2b:a9:4d:7e:b8:39:48:6f:2d:
                    b1:4f:ae:6c:35:ad:d0:2d:6c:0f:62:16:ac:5e:a1:
                    5c:a6:0d:9b:e6:98:09:11:45:d0:cf:1e:ec:8b:6d:
                    3c:a5:a2:9c:03:7f:fd:8b:e7:af:1f:b7:ab:a4:81:
                    db:da:67:97:fc:6e:41:c1:56:e8:de:63:e1:86:95:
                    05:57:86:75:72:41:e1:74:cd:c2:88:39:e6:a8:7a:
                    07:68:2f:08:2c:95:2a:8f:a9:3f:f9:2f:de:9b:ff:
                    4a:47:fd:d3:c5:ff:74:89:ba:8b:3b:57:de:ad:cb:
                    66:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:38:49:2B:95:37:3B:D3:C3:79:3B:5D:D6:4F:81:2F:15:97:A1:B3
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/wzhJK5U3O9PDeTtd1k-BLxWXobM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:4a:bf:5e:3b:89:b8:e2:97:64:0c:95:a6:47:d3:43:39:c1:
         27:72:b9:d7:2b:fb:f5:2a:62:2b:81:e2:77:b9:99:db:1a:64:
         28:e6:f9:0d:fb:04:82:28:f5:d8:59:cb:8d:94:24:da:05:fe:
         d8:8d:53:90:44:86:76:d3:fa:3c:19:64:f7:f4:27:1c:38:53:
         85:10:a0:fa:5c:22:8b:fc:03:f0:05:15:12:9d:8d:5d:1d:6b:
         f9:23:78:eb:0a:c7:aa:bb:2e:c0:d8:ec:5f:80:97:0f:ef:f8:
         5d:8e:21:10:e2:bd:01:cb:2b:3f:4c:af:82:30:c6:73:78:59:
         96:d6:0b:cd:eb:2a:1d:be:c3:b1:92:9b:7f:ec:67:cc:eb:b2:
         51:e6:51:ff:b7:54:c0:71:f0:2e:a4:f0:56:45:e1:d7:09:d5:
         8e:36:25:c0:4b:6f:df:95:32:43:c2:7e:02:ad:2b:74:df:ff:
         f9:b4:21:41:93:a5:33:ba:1b:c3:cc:6d:38:52:93:b6:6e:9f:
         33:16:b8:f4:36:a2:61:f4:09:e1:76:05:0b:9a:4d:ed:51:8a:
         fb:f6:46:52:ff:35:39:94:3d:d9:8d:7f:6e:91:a2:b2:48:88:
         43:17:5e:11:41:a1:ac:9d:ff:df:b6:50:62:79:58:86:36:3a:
         e5:29:9f:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1COYF2O20HCAx/E1KSpWC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzMxMDQ0OTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzM4NDkyYjk1MzczYmQzYzM3OTNiNWRkNjRmODEyZjE1OTdhMWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHrw2sFv/ImpEb06u5BmnamDocEh
ooZXd0iXAKf266JNA4Gxu8zF4AkRbijz6W8QrluV3tOaBYh03anW29wDCDt9HAjp
Dc7RccUmKrkrB2dgfhT8F8783ccwCXfOMvZNS7o10pIyVqB9MaAmwwKki6xuhXv2
BJ81LIJIMrTviJn3jKiW9tYMw9g0jOErqU1+uDlIby2xT65sNa3QLWwPYhasXqFc
pg2b5pgJEUXQzx7si208paKcA3/9i+evH7erpIHb2meX/G5BwVbo3mPhhpUFV4Z1
ckHhdM3CiDnmqHoHaC8ILJUqj6k/+S/em/9KR/3Txf90ibqLO1ferctm/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMM4SSuVNzvTw3k7XdZPgS8Vl6GzMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvd3poSks1VTNPOVBEZVR0ZDFrLUJMeFdYb2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Ib8MA0G
CSqGSIb3DQEBCwUAA4IBAQCKSr9eO4m44pdkDJWmR9NDOcEncrnXK/v1KmIrgeJ3
uZnbGmQo5vkN+wSCKPXYWcuNlCTaBf7YjVOQRIZ20/o8GWT39CccOFOFEKD6XCKL
/APwBRUSnY1dHWv5I3jrCsequy7A2OxfgJcP7/hdjiEQ4r0Byys/TK+CMMZzeFmW
1gvN6yodvsOxkpt/7GfM67JR5lH/t1TAcfAupPBWReHXCdWONiXAS2/flTJDwn4C
rSt03//5tCFBk6UzuhvDzG04UpO2bp8zFrj0NqJh9AnhdgULmk3tUYr79kZS/zU5
lD3ZjX9ukaKySIhDF14RQaGsnf/ftlBieViGNjrlKZ/2
-----END CERTIFICATE-----