Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/A9a39XgLNreD6jCuPk2N9_yZJSI.roa
File:                     A9a39XgLNreD6jCuPk2N9_yZJSI.roa (raw, json)
Hash identifier:          yFrH7K4LO+J+VvdWgSDrGisbEkscTT9UDcQMArhnNvQ=
Subject key identifier:   03:D6:B7:F5:78:0B:36:B7:83:EA:30:AE:3E:4D:8D:F7:FC:99:25:22
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       0197BF8E49491BBB3FC3F865F29E45CC403B
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/A9a39XgLNreD6jCuPk2N9_yZJSI.roa
Signing time:             Mon 30 Jun 2025 06:37:42 +0000
ROA not before:           Mon 30 Jun 2025 06:37:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13347
IP address blocks:        212.100.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 22:13:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:8e:49:49:1b:bb:3f:c3:f8:65:f2:9e:45:cc:40:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Jun 30 06:37:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03d6b7f5780b36b783ea30ae3e4d8df7fc992522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:2c:cf:b0:3f:e4:f5:36:8f:87:60:5d:07:ea:
                    ba:f5:96:ae:33:9e:16:48:a9:08:36:53:2f:ae:6a:
                    0d:25:1c:0f:87:d1:66:7c:ca:bf:b5:57:15:33:4e:
                    34:a5:a7:2c:df:63:46:12:0c:9a:a8:23:59:52:42:
                    d3:45:47:f4:2f:91:9d:bb:9b:9b:4f:3f:f7:36:44:
                    4e:cf:30:a5:d8:d1:51:ad:e4:6a:49:ee:77:71:8a:
                    94:a9:63:2d:8f:e3:0d:2d:4d:7f:24:b6:5b:5f:2e:
                    99:cd:e3:ec:69:39:66:cf:e5:90:9a:3d:e0:7a:64:
                    d4:26:5c:b5:e6:4b:ba:49:a2:de:70:9a:9d:06:a3:
                    1e:cb:97:72:97:cf:40:d9:ba:80:ed:42:99:cb:85:
                    fc:d5:21:0a:e8:81:cb:31:fa:80:5b:69:9e:58:99:
                    42:e6:86:46:f3:85:02:9c:e5:e2:bc:89:54:cc:a5:
                    e0:64:fd:dc:35:29:98:34:63:7e:9a:eb:e2:8c:14:
                    aa:e8:a7:ce:e2:bd:bf:72:a2:3e:e0:a2:08:53:d1:
                    4e:d5:d1:2b:e9:09:95:be:aa:9c:fb:8f:4c:a1:35:
                    d9:cb:f2:a1:59:c5:a8:fc:98:4a:64:83:ce:7a:a9:
                    84:c6:15:1a:ae:46:91:7a:d1:65:fa:aa:c5:f1:47:
                    f4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:D6:B7:F5:78:0B:36:B7:83:EA:30:AE:3E:4D:8D:F7:FC:99:25:22
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/A9a39XgLNreD6jCuPk2N9_yZJSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:54:70:43:b4:8b:a5:70:da:f4:d7:d9:13:db:b7:bf:b7:9d:
         03:0b:58:55:ec:6b:62:d1:c3:c7:f0:5f:e2:e8:08:f3:ef:59:
         9d:2f:f6:32:d2:e2:eb:06:09:24:7c:cd:c1:08:1f:c8:9a:8e:
         24:91:2a:96:b5:14:55:c4:b1:eb:4d:3e:4b:71:7a:20:83:3f:
         da:e2:6c:72:3d:11:95:d9:56:c7:5d:ea:40:1b:a3:fb:b4:f9:
         f4:ed:a6:0d:7c:17:fa:2d:ab:0b:12:f9:18:67:5e:5a:ad:0e:
         44:8e:e1:dd:0b:f3:fb:d2:20:a8:85:6f:10:a2:9e:81:a4:83:
         e6:c3:27:36:da:53:f1:a9:99:e9:95:2c:a3:bf:65:bd:e4:be:
         24:2d:ec:8b:b7:c4:2a:06:f5:84:c6:d5:7e:b9:b1:9f:14:33:
         92:5b:96:23:e6:5e:75:0a:73:58:1c:7a:be:1d:0a:45:05:2e:
         58:67:9a:79:c6:86:37:47:50:aa:19:d0:22:3d:7b:70:ae:b8:
         41:93:ff:63:75:b0:bc:bd:fa:66:e6:6a:8d:1c:76:50:5c:80:
         9b:d2:f5:7d:74:57:ae:3c:f6:10:f5:c5:a4:47:ef:bd:f6:80:
         0c:ae:a0:a3:89:57:f2:9f:19:a3:ec:0f:08:b0:98:7f:8b:d2:
         1c:38:71:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe/jklJG7s/w/hl8p5FzEA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwNjMwMDYzNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Q2YjdmNTc4MGIzNmI3ODNlYTMwYWUzZTRkOGRmN2ZjOTkyNTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yzPsD/k9TaPh2BdB+q69ZauM54W
SKkINlMvrmoNJRwPh9FmfMq/tVcVM040pacs32NGEgyaqCNZUkLTRUf0L5Gdu5ub
Tz/3NkROzzCl2NFRreRqSe53cYqUqWMtj+MNLU1/JLZbXy6ZzePsaTlmz+WQmj3g
emTUJly15ku6SaLecJqdBqMey5dyl89A2bqA7UKZy4X81SEK6IHLMfqAW2meWJlC
5oZG84UCnOXivIlUzKXgZP3cNSmYNGN+muvijBSq6KfO4r2/cqI+4KIIU9FO1dEr
6QmVvqqc+49MoTXZy/KhWcWo/JhKZIPOeqmExhUarkaRetFl+qrF8Uf0SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPWt/V4Cza3g+owrj5Njff8mSUiMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvQTlhMzlYZ0xOcmVENmpDdVBrMk45X3laSlNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1GSwMA0G
CSqGSIb3DQEBCwUAA4IBAQAlVHBDtIulcNr019kT27e/t50DC1hV7Gti0cPH8F/i
6Ajz71mdL/Yy0uLrBgkkfM3BCB/Imo4kkSqWtRRVxLHrTT5LcXoggz/a4mxyPRGV
2VbHXepAG6P7tPn07aYNfBf6LasLEvkYZ15arQ5EjuHdC/P70iCohW8Qop6BpIPm
wyc22lPxqZnplSyjv2W95L4kLeyLt8QqBvWExtV+ubGfFDOSW5Yj5l51CnNYHHq+
HQpFBS5YZ5p5xoY3R1CqGdAiPXtwrrhBk/9jdbC8vfpm5mqNHHZQXICb0vV9dFeu
PPYQ9cWkR++99oAMrqCjiVfynxmj7A8IsJh/i9IcOHEl
-----END CERTIFICATE-----