Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/mFQb2zLIdf_n7vAW_tOigWd7bLY.roa
File:                     mFQb2zLIdf_n7vAW_tOigWd7bLY.roa (raw, json)
Hash identifier:          WSFPFfxp/6VwHtu0rDoCFS5OV8ru2PXGW/D81axbqLg=
Subject key identifier:   98:54:1B:DB:32:C8:75:FF:E7:EE:F0:16:FE:D3:A2:81:67:7B:6C:B6
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       0197BF8D5F2C32AE062E7A3EA961E49FAE0B
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/mFQb2zLIdf_n7vAW_tOigWd7bLY.roa
Signing time:             Mon 30 Jun 2025 06:36:42 +0000
ROA not before:           Mon 30 Jun 2025 06:36:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        212.100.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:8d:5f:2c:32:ae:06:2e:7a:3e:a9:61:e4:9f:ae:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Jun 30 06:36:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98541bdb32c875ffe7eef016fed3a281677b6cb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:92:6a:27:6d:ed:2f:45:f2:91:31:c1:a9:50:
                    e6:c3:f8:51:bb:f0:19:63:69:4c:ed:14:8a:c6:50:
                    d7:e1:6a:33:0e:d6:4a:c8:2d:e3:cb:5a:69:80:64:
                    a5:b5:67:26:3a:32:1a:6f:f8:9c:82:d7:77:57:da:
                    9a:79:31:79:33:43:d7:b7:8b:7f:b3:b1:30:2d:ad:
                    23:8a:b9:1f:bd:82:c3:c1:1b:7d:7a:85:38:bc:f1:
                    31:c7:de:c3:74:c6:a7:3e:cf:24:ca:fb:13:ef:0a:
                    a8:83:2f:cf:97:de:e1:5b:ec:37:4e:91:41:ac:82:
                    1a:04:34:fd:27:37:c3:5e:cc:5f:ec:0e:ec:83:30:
                    16:59:08:cf:19:57:13:14:a6:37:0d:3e:38:cc:89:
                    cd:08:c3:76:86:21:87:e8:9e:c7:ea:10:eb:86:80:
                    12:34:d1:b2:76:9a:52:cc:28:65:69:af:e9:96:ec:
                    91:0e:58:a9:26:23:a6:af:f9:8b:f8:5a:1b:fc:09:
                    69:72:5a:0f:95:66:a4:e7:5f:96:f5:5e:3f:65:f3:
                    fb:64:2c:53:c4:bd:a7:9e:25:48:43:f2:d0:a1:07:
                    4d:36:46:25:8a:6d:3d:6f:ab:e9:71:25:88:c7:b9:
                    5b:6e:ff:e7:b3:98:fe:9b:61:d5:20:05:b9:b4:dd:
                    29:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:54:1B:DB:32:C8:75:FF:E7:EE:F0:16:FE:D3:A2:81:67:7B:6C:B6
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/mFQb2zLIdf_n7vAW_tOigWd7bLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:01:40:c8:8d:c8:49:66:e9:ed:d8:7c:d2:2e:71:4b:3b:f0:
         05:13:6b:b3:ad:7b:af:38:a4:3a:ad:f3:37:bd:85:b0:7f:d8:
         4f:a0:c6:1d:34:90:3a:af:ce:f4:d2:43:6c:2f:3c:0d:00:65:
         48:c6:68:9e:3c:58:3c:10:a9:f0:7f:d0:0f:70:82:29:55:fd:
         ab:b6:4f:39:70:69:f6:ed:98:b5:85:17:47:78:6b:63:2a:4f:
         6a:17:b6:1e:0b:c1:db:d9:7b:9a:a3:67:3a:d3:8c:f0:83:e3:
         5a:3d:08:ad:a8:72:53:99:e1:3e:79:70:46:ee:08:8d:4a:df:
         28:6e:af:37:b2:38:d4:3c:9e:4f:8d:db:31:b0:c1:e1:01:b8:
         7e:c8:19:8e:13:3f:ae:fb:d9:6f:70:2f:69:f8:64:01:55:f3:
         71:04:d6:37:d1:92:6d:e2:43:fa:dc:8a:4d:f2:cd:c7:a1:a0:
         47:bd:5f:be:25:57:6c:c1:49:ae:de:a9:c0:8a:40:71:3b:e4:
         c6:d3:6a:5e:58:71:58:10:c3:6c:2f:b3:fb:8a:70:b0:88:70:
         f3:88:85:05:30:56:5a:cf:d0:af:e7:3d:c9:b5:ad:ea:db:4f:
         0c:38:49:0c:1a:9f:3f:43:25:5e:45:13:0d:12:5c:88:ab:a9:
         a6:5b:3f:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe/jV8sMq4GLno+qWHkn64LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwNjMwMDYzNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODU0MWJkYjMyYzg3NWZmZTdlZWYwMTZmZWQzYTI4MTY3N2I2Y2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5JqJ23tL0XykTHBqVDmw/hRu/AZ
Y2lM7RSKxlDX4WozDtZKyC3jy1ppgGSltWcmOjIab/icgtd3V9qaeTF5M0PXt4t/
s7EwLa0jirkfvYLDwRt9eoU4vPExx97DdManPs8kyvsT7wqogy/Pl97hW+w3TpFB
rIIaBDT9JzfDXsxf7A7sgzAWWQjPGVcTFKY3DT44zInNCMN2hiGH6J7H6hDrhoAS
NNGydppSzChlaa/pluyRDlipJiOmr/mL+Fob/AlpcloPlWak51+W9V4/ZfP7ZCxT
xL2nniVIQ/LQoQdNNkYlim09b6vpcSWIx7lbbv/ns5j+m2HVIAW5tN0pfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhUG9syyHX/5+7wFv7TooFne2y2MB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvbUZRYjJ6TElkZl9uN3ZBV190T2lnV2Q3YkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1GSwMA0G
CSqGSIb3DQEBCwUAA4IBAQAnAUDIjchJZunt2HzSLnFLO/AFE2uzrXuvOKQ6rfM3
vYWwf9hPoMYdNJA6r8700kNsLzwNAGVIxmiePFg8EKnwf9APcIIpVf2rtk85cGn2
7Zi1hRdHeGtjKk9qF7YeC8Hb2Xuao2c604zwg+NaPQitqHJTmeE+eXBG7giNSt8o
bq83sjjUPJ5PjdsxsMHhAbh+yBmOEz+u+9lvcC9p+GQBVfNxBNY30ZJt4kP63IpN
8s3HoaBHvV++JVdswUmu3qnAikBxO+TG02peWHFYEMNsL7P7inCwiHDziIUFMFZa
z9Cv5z3Jta3q208MOEkMGp8/QyVeRRMNElyIq6mmWz+f
-----END CERTIFICATE-----