Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/6sL8srkMQXdp-LnJ914uZzys8aA.roa
File:                     6sL8srkMQXdp-LnJ914uZzys8aA.roa (raw, json)
Hash identifier:          ohi3KHwZabZNjgGahmUaYk7UicZMzrqutIn82tOF5yY=
Subject key identifier:   EA:C2:FC:B2:B9:0C:41:77:69:F8:B9:C9:F7:5E:2E:67:3C:AC:F1:A0
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       01995715E11DF2CD6576867992DA4584A8F7
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/6sL8srkMQXdp-LnJ914uZzys8aA.roa
Signing time:             Wed 17 Sep 2025 09:51:15 +0000
ROA not before:           Wed 17 Sep 2025 09:51:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        212.100.169.0/24 maxlen: 24
                          212.100.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:15:e1:1d:f2:cd:65:76:86:79:92:da:45:84:a8:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Sep 17 09:51:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eac2fcb2b90c417769f8b9c9f75e2e673cacf1a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:8e:96:96:79:2c:76:83:ec:13:a8:99:05:6e:
                    95:f4:cd:81:6c:ba:0e:e8:6b:22:bd:1e:24:1d:98:
                    ed:34:e4:83:6f:71:02:28:10:c6:69:dc:74:94:6e:
                    43:47:56:19:b8:fe:f7:94:f8:41:d0:72:f6:c1:06:
                    e3:f2:9a:14:73:52:14:95:4b:db:62:17:2b:31:f6:
                    ab:c0:5a:33:95:d1:18:d2:64:6f:84:52:fd:89:cc:
                    f4:ed:27:e9:4d:2a:48:57:91:bc:d8:98:1b:be:d7:
                    9e:36:99:1d:b2:3b:64:90:7d:21:7b:dc:4e:5a:11:
                    f8:d0:8f:81:f0:ed:a1:39:2e:d1:e3:f7:f8:4b:ff:
                    a9:3b:9d:9b:a4:27:df:58:f8:14:13:98:e5:2c:6a:
                    85:69:18:34:07:c0:45:93:73:33:df:ca:a0:8e:12:
                    d6:64:e8:27:60:17:2a:5e:84:ad:ad:81:77:e9:c6:
                    7a:49:74:30:a3:08:b6:97:5b:df:c7:b1:d8:26:76:
                    6e:0e:9f:4b:1b:62:c9:45:91:37:e4:00:fa:50:11:
                    ab:4f:06:d9:a4:62:02:59:79:8b:cb:81:fd:c2:f4:
                    eb:c8:7c:ba:e2:ef:5a:eb:70:8a:f2:3e:a4:4d:af:
                    21:21:4b:35:8a:46:97:ec:1e:47:89:fa:bf:73:be:
                    67:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C2:FC:B2:B9:0C:41:77:69:F8:B9:C9:F7:5E:2E:67:3C:AC:F1:A0
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/6sL8srkMQXdp-LnJ914uZzys8aA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.169.0/24
                  212.100.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:78:8d:64:a4:97:ac:c3:13:0f:45:e5:1e:02:37:28:03:9f:
         d8:3b:7c:4d:d3:6f:d4:77:69:14:e8:c5:74:89:33:81:90:91:
         1f:34:cd:06:70:82:a4:e9:a5:b4:21:c6:ec:bb:20:83:69:14:
         11:75:88:c3:f0:cf:c3:4d:91:aa:22:0e:56:97:ab:11:fc:05:
         a4:4f:1f:55:a9:ae:cd:61:1e:7f:0f:e4:7d:32:ff:ae:65:ab:
         72:64:69:b2:04:80:23:11:18:8d:e7:e8:71:c9:3b:96:94:e3:
         c9:25:1e:f9:43:cf:db:8c:02:53:39:54:c8:54:1d:c6:ef:37:
         ba:c2:aa:85:30:92:5f:f6:5b:e2:40:d7:b8:c7:6a:79:df:36:
         cf:a1:e5:e2:d7:67:f2:9c:be:52:2f:bf:48:e0:7d:53:26:1d:
         6e:39:5d:f7:2c:c0:d1:10:6f:26:5c:a6:e2:0f:79:99:7e:e7:
         c1:ef:99:61:67:aa:8e:c2:af:32:91:8a:73:f1:0a:8d:e6:e4:
         85:5b:94:1e:f8:cd:d8:4c:e7:5c:4a:ba:0f:82:c9:cc:fc:67:
         95:a5:60:c3:cb:ca:22:0a:4a:d8:a1:f0:eb:2e:c3:ca:e1:ee:
         a2:32:f3:30:d7:73:91:ed:26:b2:1c:8f:58:5a:89:69:61:73:
         14:79:a0:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlXFeEd8s1ldoZ5ktpFhKj3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwOTE3MDk1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWMyZmNiMmI5MGM0MTc3NjlmOGI5YzlmNzVlMmU2NzNjYWNmMWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Y6WlnksdoPsE6iZBW6V9M2BbLoO
6GsivR4kHZjtNOSDb3ECKBDGadx0lG5DR1YZuP73lPhB0HL2wQbj8poUc1IUlUvb
YhcrMfarwFozldEY0mRvhFL9icz07SfpTSpIV5G82JgbvteeNpkdsjtkkH0he9xO
WhH40I+B8O2hOS7R4/f4S/+pO52bpCffWPgUE5jlLGqFaRg0B8BFk3Mz38qgjhLW
ZOgnYBcqXoStrYF36cZ6SXQwowi2l1vfx7HYJnZuDp9LG2LJRZE35AD6UBGrTwbZ
pGICWXmLy4H9wvTryHy64u9a63CK8j6kTa8hIUs1ikaX7B5Hifq/c75nhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOrC/LK5DEF3afi5yfdeLmc8rPGgMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvNnNMOHNya01RWGRwLUxuSjkxNHVaenlzOGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1GSpAwQA
1GS9MA0GCSqGSIb3DQEBCwUAA4IBAQCSeI1kpJeswxMPReUeAjcoA5/YO3xN02/U
d2kU6MV0iTOBkJEfNM0GcIKk6aW0IcbsuyCDaRQRdYjD8M/DTZGqIg5Wl6sR/AWk
Tx9Vqa7NYR5/D+R9Mv+uZatyZGmyBIAjERiN5+hxyTuWlOPJJR75Q8/bjAJTOVTI
VB3G7ze6wqqFMJJf9lviQNe4x2p53zbPoeXi12fynL5SL79I4H1TJh1uOV33LMDR
EG8mXKbiD3mZfufB75lhZ6qOwq8ykYpz8QqN5uSFW5Qe+M3YTOdcSroPgsnM/GeV
pWDDy8oiCkrYofDrLsPK4e6iMvMw13OR7SayHI9YWolpYXMUeaDq
-----END CERTIFICATE-----