Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/1-i5TRDPku6NeUdz2bRFMsPZIHUQ.roa
File:                     1-i5TRDPku6NeUdz2bRFMsPZIHUQ.roa (raw, json)
Hash identifier:          VQK5n0tcKEtnqAcxB7o2wJcalg9cjbbfvMYz3zPe7hA=
Subject key identifier:   FA:2E:53:44:33:E4:BB:A3:5E:51:DC:F6:6D:11:4C:B0:F6:48:1D:44
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       0197BF8E48D1034D802C5E04C668F3E9B1E3
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/1-i5TRDPku6NeUdz2bRFMsPZIHUQ.roa
Signing time:             Mon 30 Jun 2025 06:37:42 +0000
ROA not before:           Mon 30 Jun 2025 06:37:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        212.100.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:8e:48:d1:03:4d:80:2c:5e:04:c6:68:f3:e9:b1:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Jun 30 06:37:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa2e534433e4bba35e51dcf66d114cb0f6481d44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:0c:77:87:ed:bd:23:8e:ea:ac:c6:d4:61:66:
                    8e:e1:9d:7f:53:de:b0:bf:f7:ba:a9:e7:e9:f1:07:
                    8a:ff:74:e4:d3:12:b7:b1:c0:1b:4e:68:f6:45:f4:
                    7b:46:4e:d8:f4:ab:0e:96:1a:22:18:4a:76:1b:1f:
                    74:56:ab:63:c2:0d:98:23:de:b0:e2:22:e7:57:38:
                    5b:b8:23:17:9c:d8:d8:92:70:58:87:11:60:13:7e:
                    fb:45:f5:3a:4c:55:91:33:31:af:4a:5b:d6:e2:ff:
                    f1:20:41:3a:1f:e3:6c:26:c9:f4:72:7a:7c:be:b9:
                    d9:36:68:98:33:de:e0:c0:6b:8c:d2:95:9b:9a:77:
                    82:91:99:2a:d2:18:e5:5d:47:3a:1f:1e:18:07:2e:
                    5e:0e:84:a7:d2:79:be:5b:fa:11:fb:7b:34:c8:29:
                    ec:1d:09:f7:26:9f:98:e8:33:fb:1e:36:8b:c7:53:
                    0c:8f:de:de:ff:6e:b4:67:c6:fc:ec:fe:83:72:f4:
                    f0:5e:b2:2b:9d:58:c7:b5:c2:33:bd:2a:6b:4a:9c:
                    9a:69:2f:db:0b:e8:f3:22:8e:25:7a:28:2f:4a:9c:
                    b9:f2:43:c9:72:f5:49:3c:d4:7f:38:65:b5:6c:76:
                    8f:7c:d8:2c:6a:f6:1e:e9:70:a3:94:88:79:69:22:
                    51:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:2E:53:44:33:E4:BB:A3:5E:51:DC:F6:6D:11:4C:B0:F6:48:1D:44
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/1-i5TRDPku6NeUdz2bRFMsPZIHUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:7d:aa:cf:e3:9b:5a:d8:14:87:40:25:c0:67:f8:9e:54:da:
         f0:ac:de:f1:ac:02:c1:b9:89:88:32:7e:fe:7f:51:56:3f:c4:
         19:84:c0:1a:25:d7:51:f1:b0:2e:3a:bb:92:8a:61:98:fc:db:
         25:28:0f:05:01:b2:82:e1:ff:be:35:dc:40:42:b3:f4:62:e2:
         7c:9e:25:96:ea:a4:09:6c:34:25:0b:73:f1:52:1e:94:54:64:
         3b:20:2d:78:26:ed:31:e1:f6:84:5c:c5:e0:8b:7f:b6:c8:56:
         ee:18:d7:08:6c:22:7c:55:76:13:36:be:86:70:1a:ac:e4:24:
         a5:dc:38:4b:f5:db:ba:a2:e1:1c:7c:fa:49:7d:cc:83:ee:99:
         94:89:4b:44:13:e2:2c:ba:f3:d6:8a:f9:5a:54:00:cf:12:40:
         bc:ce:68:f5:df:e8:d8:f8:c2:74:09:dd:9f:88:6b:12:eb:e0:
         f1:b3:c4:7e:18:1b:13:5b:d7:44:77:40:6e:ee:95:48:7d:ec:
         f3:89:05:21:d0:0b:31:ab:62:46:0f:98:a2:47:41:8d:43:3b:
         b9:12:46:fd:66:3f:61:d8:7d:ff:9c:5f:38:80:6c:06:c2:d5:
         b0:b7:46:d6:c9:d9:4b:70:0e:2e:f5:db:09:d4:4f:d0:a8:40:
         e3:a4:0f:fe
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZe/jkjRA02ALF4Exmjz6bHjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwNjMwMDYzNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTJlNTM0NDMzZTRiYmEzNWU1MWRjZjY2ZDExNGNiMGY2NDgxZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6wx3h+29I47qrMbUYWaO4Z1/U96w
v/e6qefp8QeK/3Tk0xK3scAbTmj2RfR7Rk7Y9KsOlhoiGEp2Gx90Vqtjwg2YI96w
4iLnVzhbuCMXnNjYknBYhxFgE377RfU6TFWRMzGvSlvW4v/xIEE6H+NsJsn0cnp8
vrnZNmiYM97gwGuM0pWbmneCkZkq0hjlXUc6Hx4YBy5eDoSn0nm+W/oR+3s0yCns
HQn3Jp+Y6DP7HjaLx1MMj97e/260Z8b87P6DcvTwXrIrnVjHtcIzvSprSpyaaS/b
C+jzIo4leigvSpy58kPJcvVJPNR/OGW1bHaPfNgsavYe6XCjlIh5aSJRmQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPouU0Qz5LujXlHc9m0RTLD2SB1EMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvMS1pNVRSRFBrdTZOZVVkejJiUkZNc1BaSUhVUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2EvMjZjMDQ5LTQ3ZWUtNDg4Ni05ODQ0LTRhYjllOGFhMzI2
Mi8xL1ViU2JvTjJHRlJLR0dOVUJXY3NQTzE2ZTVpWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtRksDAN
BgkqhkiG9w0BAQsFAAOCAQEAYn2qz+ObWtgUh0AlwGf4nlTa8Kze8awCwbmJiDJ+
/n9RVj/EGYTAGiXXUfGwLjq7kophmPzbJSgPBQGyguH/vjXcQEKz9GLifJ4lluqk
CWw0JQtz8VIelFRkOyAteCbtMeH2hFzF4It/tshW7hjXCGwifFV2Eza+hnAarOQk
pdw4S/XbuqLhHHz6SX3Mg+6ZlIlLRBPiLLrz1or5WlQAzxJAvM5o9d/o2PjCdAnd
n4hrEuvg8bPEfhgbE1vXRHdAbu6VSH3s84kFIdALMatiRg+YokdBjUM7uRJG/WY/
Ydh9/5xfOIBsBsLVsLdG1snZS3AOLvXbCdRP0KhA46QP/g==
-----END CERTIFICATE-----