Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/xaeAEbghzkiQkxHiB41YpmDN7Qc.roa
File:                     xaeAEbghzkiQkxHiB41YpmDN7Qc.roa (raw, json)
Hash identifier:          D1xdwZDXZaXDD8Sw/uTsr8lC/ODTZy9uAg5Ts1TdOUM=
Subject key identifier:   C5:A7:80:11:B8:21:CE:48:90:93:11:E2:07:8D:58:A6:60:CD:ED:07
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019D52AEB21A1DB76CC431CD9850726A1964
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/xaeAEbghzkiQkxHiB41YpmDN7Qc.roa
Signing time:             Fri 03 Apr 2026 09:31:13 +0000
ROA not before:           Fri 03 Apr 2026 09:31:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        212.134.88.0/24 maxlen: 24
                          212.135.242.0/24 maxlen: 24
                          212.135.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:ae:b2:1a:1d:b7:6c:c4:31:cd:98:50:72:6a:19:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Apr  3 09:31:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5a78011b821ce48909311e2078d58a660cded07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:8c:44:eb:df:03:63:18:e0:4e:8d:30:79:6f:
                    b4:92:ba:c3:2d:e0:0d:ca:37:35:59:92:08:0d:91:
                    c9:ea:a5:83:aa:f4:e9:73:a3:e0:0e:88:f9:08:b9:
                    08:85:07:0d:e5:25:57:45:16:9a:3f:ca:35:30:e3:
                    f0:c6:89:aa:f1:03:d3:a3:3e:21:c2:1b:35:c7:1b:
                    0d:c6:17:df:20:90:ba:63:5e:7d:88:b3:69:96:85:
                    f8:2a:34:b5:d6:23:52:28:93:e2:13:ea:f2:6c:a2:
                    09:ac:77:68:d0:06:81:f7:9b:47:28:0a:31:94:8a:
                    3f:2d:2f:26:09:fc:d6:aa:16:7f:b2:9e:68:fe:76:
                    df:69:b7:67:c4:25:6a:24:b2:ee:01:ce:77:79:d4:
                    82:fa:5b:71:2c:c1:c2:c2:58:ab:da:22:f7:92:af:
                    a3:66:56:9d:12:ca:d2:6b:a8:b6:3c:5b:03:a7:a4:
                    61:3b:d7:ed:fe:48:83:5a:6b:1c:cc:9d:a9:a9:00:
                    c9:fd:00:2f:c9:5e:db:81:f1:92:19:ae:6b:cf:20:
                    90:b4:0d:d6:af:d2:67:2c:a3:82:ac:1b:31:1d:6d:
                    f8:eb:07:78:8a:2d:40:53:cb:32:10:7c:bd:38:b7:
                    64:29:06:cd:d8:ea:18:df:50:35:ae:4b:55:0b:87:
                    91:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A7:80:11:B8:21:CE:48:90:93:11:E2:07:8D:58:A6:60:CD:ED:07
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/xaeAEbghzkiQkxHiB41YpmDN7Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.88.0/24
                  212.135.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:fd:fc:e4:16:3a:24:8b:1d:d3:8e:39:0c:d5:e7:fd:4d:56:
         26:5f:30:72:a9:30:ae:c2:a1:bd:4f:34:ce:23:8d:df:0d:6c:
         9e:6d:06:0b:1c:85:fb:2e:8b:35:3f:72:f1:69:0b:76:a5:3b:
         59:d4:55:d4:d9:f3:2c:39:0e:1b:26:c3:a1:27:5b:bb:26:0b:
         02:23:02:70:3d:a6:09:a2:8d:66:ad:4a:c7:2a:05:8a:83:81:
         63:d1:59:3a:94:ac:2e:5c:c8:cb:5b:ff:55:52:0e:0e:09:aa:
         44:20:e2:d8:ea:ec:a7:03:d9:11:f4:40:94:9e:fe:91:5b:b5:
         bc:72:36:ae:66:3e:c6:74:bd:17:3d:eb:38:92:42:40:55:19:
         ae:34:92:5b:44:67:d7:7d:7f:ea:17:6f:6e:7b:fd:d9:68:52:
         e4:5b:2e:af:9d:2c:74:ac:96:e0:f7:fa:18:05:4f:4d:af:67:
         09:27:89:37:c1:ea:2c:07:e7:bd:c3:94:08:98:61:17:33:1e:
         08:67:03:97:f4:22:ef:8e:7d:25:e9:4d:cc:8a:25:c3:9d:bd:
         84:ad:44:a5:0c:97:82:db:79:5a:f4:b1:4d:0c:ec:ea:e2:9d:
         ec:2d:2f:26:76:d8:f5:02:db:e2:99:c9:0a:b5:dc:bc:51:58:
         b2:1c:bc:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1SrrIaHbdsxDHNmFByahlkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDAzMDkzMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE3ODAxMWI4MjFjZTQ4OTA5MzExZTIwNzhkNThhNjYwY2RlZDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4YxE698DYxjgTo0weW+0krrDLeAN
yjc1WZIIDZHJ6qWDqvTpc6PgDoj5CLkIhQcN5SVXRRaaP8o1MOPwxomq8QPToz4h
whs1xxsNxhffIJC6Y159iLNploX4KjS11iNSKJPiE+rybKIJrHdo0AaB95tHKAox
lIo/LS8mCfzWqhZ/sp5o/nbfabdnxCVqJLLuAc53edSC+ltxLMHCwlir2iL3kq+j
ZladEsrSa6i2PFsDp6RhO9ft/kiDWmsczJ2pqQDJ/QAvyV7bgfGSGa5rzyCQtA3W
r9JnLKOCrBsxHW346wd4ii1AU8syEHy9OLdkKQbN2OoY31A1rktVC4eRqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMWngBG4Ic5IkJMR4geNWKZgze0HMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEveGFlQUViZ2h6a2lRa3hIaUI0MVlwbURON1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IZYAwQB
1IfyMA0GCSqGSIb3DQEBCwUAA4IBAQCM/fzkFjokix3TjjkM1ef9TVYmXzByqTCu
wqG9TzTOI43fDWyebQYLHIX7Los1P3LxaQt2pTtZ1FXU2fMsOQ4bJsOhJ1u7JgsC
IwJwPaYJoo1mrUrHKgWKg4Fj0Vk6lKwuXMjLW/9VUg4OCapEIOLY6uynA9kR9ECU
nv6RW7W8cjauZj7GdL0XPes4kkJAVRmuNJJbRGfXfX/qF29ue/3ZaFLkWy6vnSx0
rJbg9/oYBU9Nr2cJJ4k3weosB+e9w5QImGEXMx4IZwOX9CLvjn0l6U3MiiXDnb2E
rUSlDJeC23la9LFNDOzq4p3sLS8mdtj1AtvimckKtdy8UViyHLze
-----END CERTIFICATE-----