Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/707158-d1e2-4fcb-81cb-5979d00486fe/1/1pc-CjhLBbFwVf4bOXj3j1DWnIQ.roa
File:                     1pc-CjhLBbFwVf4bOXj3j1DWnIQ.roa (raw, json)
Hash identifier:          wh1zSA0tpiguUcPRs8vZ6i/k/SdwkoQBM6h8IpNKfLM=
Subject key identifier:   D6:97:3E:0A:38:4B:05:B1:70:55:FE:1B:39:78:F7:8F:50:D6:9C:84
Certificate issuer:       /CN=dcc50a2b974349948b04ee389b2a99d1754fb464
Certificate serial:       019E3FD494A5B8FDCCB242E62D44C396C22B
Authority key identifier: DC:C5:0A:2B:97:43:49:94:8B:04:EE:38:9B:2A:99:D1:75:4F:B4:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3MUKK5dDSZSLBO44myqZ0XVPtGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/707158-d1e2-4fcb-81cb-5979d00486fe/1/1pc-CjhLBbFwVf4bOXj3j1DWnIQ.roa
Signing time:             Tue 19 May 2026 10:42:36 +0000
ROA not before:           Tue 19 May 2026 10:42:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197516
IP address blocks:        212.102.122.0/24 maxlen: 24
                          2a12:64c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/707158-d1e2-4fcb-81cb-5979d00486fe/1/3MUKK5dDSZSLBO44myqZ0XVPtGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/707158-d1e2-4fcb-81cb-5979d00486fe/1/3MUKK5dDSZSLBO44myqZ0XVPtGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3MUKK5dDSZSLBO44myqZ0XVPtGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 May 2026 07:48:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:d4:94:a5:b8:fd:cc:b2:42:e6:2d:44:c3:96:c2:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcc50a2b974349948b04ee389b2a99d1754fb464
        Validity
            Not Before: May 19 10:42:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6973e0a384b05b17055fe1b3978f78f50d69c84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:40:89:d5:58:b6:d6:0e:13:69:41:47:36:c7:
                    98:4f:fd:0f:c1:7b:c5:c0:2d:79:b2:a9:25:ea:a7:
                    7d:c0:fa:95:45:10:18:80:1c:bc:43:16:42:89:14:
                    f1:6a:68:a2:50:c4:39:51:f4:4b:4c:ed:b3:31:d5:
                    44:19:86:a6:82:0a:a3:0d:1b:ad:0b:00:e5:fb:53:
                    07:ec:18:f9:6d:ca:24:08:08:32:8a:ce:75:6e:e5:
                    f2:89:11:d0:e2:5c:57:a0:a5:a5:18:c0:a7:32:da:
                    b1:f4:82:d3:89:fd:e3:8e:ce:1c:d4:4e:9c:a2:c6:
                    dd:13:ce:fb:2c:61:2e:77:84:5d:50:db:62:d2:fc:
                    3f:20:07:60:47:da:96:f8:df:e9:9d:0b:61:52:c0:
                    02:22:83:90:38:50:90:cf:de:b0:fa:d1:22:ac:48:
                    ae:2d:15:74:17:9f:ad:f9:cf:bc:65:2c:fc:ff:65:
                    8d:30:37:19:7e:f2:3c:83:93:da:ed:cf:1b:37:60:
                    21:92:dd:7e:66:7b:86:b5:c6:5e:7f:44:39:ea:49:
                    66:ae:97:40:14:01:eb:9f:a6:a7:3f:7b:1f:8b:c2:
                    60:45:38:94:40:23:f8:e2:3f:a1:e4:46:87:1b:f0:
                    77:82:46:cc:63:2e:f5:6d:22:b7:a9:5c:33:c9:4c:
                    38:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:97:3E:0A:38:4B:05:B1:70:55:FE:1B:39:78:F7:8F:50:D6:9C:84
            X509v3 Authority Key Identifier:
                keyid:DC:C5:0A:2B:97:43:49:94:8B:04:EE:38:9B:2A:99:D1:75:4F:B4:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3MUKK5dDSZSLBO44myqZ0XVPtGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/707158-d1e2-4fcb-81cb-5979d00486fe/1/1pc-CjhLBbFwVf4bOXj3j1DWnIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/707158-d1e2-4fcb-81cb-5979d00486fe/1/3MUKK5dDSZSLBO44myqZ0XVPtGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.122.0/24
                IPv6:
                  2a12:64c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:a9:49:a3:63:ec:a0:4a:9d:3f:d0:51:ef:b5:46:88:51:ce:
         82:9e:ca:4d:86:50:e3:16:9a:8b:14:46:26:a6:3c:2b:e0:a0:
         47:de:48:51:d5:ee:5c:9d:69:f7:ef:98:c6:c3:1d:86:75:2e:
         81:3a:cf:f3:60:9a:f2:03:9b:d5:8c:02:24:cc:30:eb:9f:8a:
         0b:f7:4e:9f:46:e8:0b:86:de:87:30:aa:08:21:41:1c:38:52:
         5d:2a:7e:c7:d3:93:bb:1f:38:f5:72:3a:7d:a5:62:0b:f8:08:
         ea:55:6e:96:3b:81:b5:3c:53:68:4c:1c:ad:49:1c:25:8b:c9:
         78:f3:ff:cc:51:f0:3c:46:a5:15:ce:41:df:3d:d8:c7:c8:ec:
         38:c1:a7:65:02:c3:98:61:c2:68:59:b0:02:18:b6:eb:a0:c5:
         c0:ac:a5:9a:09:4a:a4:96:e8:5d:32:96:f3:e3:50:22:80:2a:
         69:71:24:fd:64:8d:5f:69:2f:0e:40:15:28:e0:2e:6b:9b:0a:
         74:81:83:28:40:63:9e:a5:95:a1:4c:c6:d7:e4:69:98:56:de:
         ee:df:ff:0a:7e:28:81:39:aa:8a:f0:15:78:7f:f5:07:c2:6e:
         84:a0:5c:27:0c:fe:9d:8c:2d:e5:e3:ac:84:ee:85:5e:ed:c2:
         01:60:7f:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4/1JSluP3MskLmLUTDlsIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYzUwYTJiOTc0MzQ5OTQ4YjA0ZWUzODliMmE5OWQxNzU0
ZmI0NjQwHhcNMjYwNTE5MTA0MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjk3M2UwYTM4NGIwNWIxNzA1NWZlMWIzOTc4Zjc4ZjUwZDY5Yzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUCJ1Vi21g4TaUFHNseYT/0PwXvF
wC15sqkl6qd9wPqVRRAYgBy8QxZCiRTxamiiUMQ5UfRLTO2zMdVEGYamggqjDRut
CwDl+1MH7Bj5bcokCAgyis51buXyiRHQ4lxXoKWlGMCnMtqx9ILTif3jjs4c1E6c
osbdE877LGEud4RdUNti0vw/IAdgR9qW+N/pnQthUsACIoOQOFCQz96w+tEirEiu
LRV0F5+t+c+8ZSz8/2WNMDcZfvI8g5Pa7c8bN2Ahkt1+ZnuGtcZef0Q56klmrpdA
FAHrn6anP3sfi8JgRTiUQCP44j+h5EaHG/B3gkbMYy71bSK3qVwzyUw4FQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNaXPgo4SwWxcFX+Gzl4949Q1pyEMB8GA1UdIwQY
MBaAFNzFCiuXQ0mUiwTuOJsqmdF1T7RkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM01VS0s1ZERTWlNMQk80NG15cVowWFZQdEdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi83MDcxNTgtZDFlMi00ZmNiLTgxY2It
NTk3OWQwMDQ4NmZlLzEvMXBjLUNqaExCYkZ3VmY0Yk9YajNqMURXbklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi83MDcxNTgtZDFlMi00ZmNiLTgxY2ItNTk3OWQwMDQ4NmZl
LzEvM01VS0s1ZERTWlNMQk80NG15cVowWFZQdEdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1GZ6MA0E
AgACMAcDBQMqEmTAMA0GCSqGSIb3DQEBCwUAA4IBAQABqUmjY+ygSp0/0FHvtUaI
Uc6CnspNhlDjFpqLFEYmpjwr4KBH3khR1e5cnWn375jGwx2GdS6BOs/zYJryA5vV
jAIkzDDrn4oL906fRugLht6HMKoIIUEcOFJdKn7H05O7Hzj1cjp9pWIL+AjqVW6W
O4G1PFNoTBytSRwli8l48//MUfA8RqUVzkHfPdjHyOw4wadlAsOYYcJoWbACGLbr
oMXArKWaCUqkluhdMpbz41AigCppcST9ZI1faS8OQBUo4C5rmwp0gYMoQGOepZWh
TMbX5GmYVt7u3/8KfiiBOaqK8BV4f/UHwm6EoFwnDP6djC3l46yE7oVe7cIBYH/A
-----END CERTIFICATE-----