Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/9W108j38u4fr4Vrek-QHOjy9cIE.roa
File:                     9W108j38u4fr4Vrek-QHOjy9cIE.roa (raw, json)
Hash identifier:          Rp3JbfnLo8VM9i/UO8F0IzOO3Kzb3WuLhnCBnSQMdCs=
Subject key identifier:   F5:6D:74:F2:3D:FC:BB:87:EB:E1:5A:DE:93:E4:07:3A:3C:BD:70:81
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       0197BF8D5EA14C769D3D1A2222270E7A35B8
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/9W108j38u4fr4Vrek-QHOjy9cIE.roa
Signing time:             Mon 30 Jun 2025 06:36:42 +0000
ROA not before:           Mon 30 Jun 2025 06:36:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        212.100.184.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 12:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:8d:5e:a1:4c:76:9d:3d:1a:22:22:27:0e:7a:35:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Jun 30 06:36:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f56d74f23dfcbb87ebe15ade93e4073a3cbd7081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:09:04:20:67:7a:7d:8c:32:d9:cd:7b:1a:d5:
                    6b:e8:54:48:2a:da:e8:5a:5f:85:c4:46:43:b8:a2:
                    e2:9f:b1:dc:91:91:97:81:ea:d0:a6:60:ed:fb:ce:
                    f3:3f:09:6b:93:84:69:f0:77:89:15:0e:65:4c:70:
                    10:5e:52:29:8b:a1:e9:a1:06:97:39:a4:46:f5:24:
                    54:fd:08:10:d9:59:68:9f:57:62:43:a1:1a:be:2b:
                    16:12:05:24:6e:dc:6e:f8:75:d6:26:aa:f4:1d:3a:
                    c7:36:4f:79:78:88:88:19:66:f6:42:a8:94:3c:87:
                    67:e8:64:b2:59:7d:d3:75:7b:c5:ec:fe:ce:ed:12:
                    3a:0a:f4:2b:04:68:fa:6e:3c:7b:eb:b5:5b:33:36:
                    fe:0f:fc:3d:7e:eb:d2:97:0c:39:5f:de:93:48:6c:
                    74:e4:27:64:26:b3:96:a6:3c:e9:f3:c5:17:6c:28:
                    b1:c5:9e:9e:03:cd:2f:b3:9a:1d:8e:3d:69:a0:7f:
                    0d:ff:ba:19:34:d5:23:88:6c:7c:8f:a5:4a:54:75:
                    01:ae:26:f1:93:8a:cf:a0:fd:ed:62:a7:97:65:3c:
                    7b:c8:08:a8:35:14:09:cd:5a:98:92:60:82:46:05:
                    89:9d:15:54:39:f7:16:9c:d3:6f:9e:70:d3:0f:c1:
                    d3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:6D:74:F2:3D:FC:BB:87:EB:E1:5A:DE:93:E4:07:3A:3C:BD:70:81
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/9W108j38u4fr4Vrek-QHOjy9cIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:23:8f:d6:fa:05:7d:4a:d1:f3:d0:e2:c5:70:91:ac:7d:a2:
         f2:8f:7f:72:7c:0b:cb:41:dd:c7:b8:a8:83:0d:ea:c1:71:5e:
         56:3a:d9:0f:4a:f3:85:16:8b:c5:35:a6:39:d0:dd:ba:3c:c5:
         f8:56:c1:e7:1d:1a:f3:51:ab:93:5b:6b:39:0a:0b:90:fc:10:
         81:97:54:82:be:12:eb:8a:be:11:48:77:d0:eb:58:45:27:c5:
         23:e2:24:a8:ce:f5:1b:93:04:b2:37:bf:eb:9f:b4:f2:d8:d7:
         29:9d:4b:50:cd:60:50:c2:ea:b0:02:d3:a3:08:63:a5:17:8e:
         f2:26:58:bc:7b:d6:c0:0c:53:6e:8b:dd:5e:67:be:55:60:74:
         47:0d:e3:94:4c:ec:d2:e7:fa:42:73:64:95:5b:96:3f:9d:a0:
         8b:6e:e8:cd:b4:59:f3:14:21:07:2e:01:d2:23:e8:6a:8e:8a:
         9b:21:11:e8:77:b9:74:c1:d1:0d:f7:a8:23:51:b4:d4:f4:7d:
         e7:37:d9:e7:6e:0e:2a:ad:c1:e3:fe:a9:64:0c:c4:e0:d6:d5:
         01:80:bc:dd:7b:7d:da:c2:56:12:75:24:44:4f:2d:5d:ba:69:
         27:13:0c:ed:8b:f6:69:b8:75:a6:93:a1:00:64:4a:dc:37:bf:
         f8:81:74:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe/jV6hTHadPRoiIicOejW4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwNjMwMDYzNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTZkNzRmMjNkZmNiYjg3ZWJlMTVhZGU5M2U0MDczYTNjYmQ3MDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgkEIGd6fYwy2c17GtVr6FRIKtro
Wl+FxEZDuKLin7HckZGXgerQpmDt+87zPwlrk4Rp8HeJFQ5lTHAQXlIpi6HpoQaX
OaRG9SRU/QgQ2Vlon1diQ6EavisWEgUkbtxu+HXWJqr0HTrHNk95eIiIGWb2QqiU
PIdn6GSyWX3TdXvF7P7O7RI6CvQrBGj6bjx767VbMzb+D/w9fuvSlww5X96TSGx0
5CdkJrOWpjzp88UXbCixxZ6eA80vs5odjj1poH8N/7oZNNUjiGx8j6VKVHUBribx
k4rPoP3tYqeXZTx7yAioNRQJzVqYkmCCRgWJnRVUOfcWnNNvnnDTD8HT4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVtdPI9/LuH6+Fa3pPkBzo8vXCBMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvOVcxMDhqMzh1NGZyNFZyZWstUUhPank5Y0lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1GS4MA0G
CSqGSIb3DQEBCwUAA4IBAQCLI4/W+gV9StHz0OLFcJGsfaLyj39yfAvLQd3HuKiD
DerBcV5WOtkPSvOFFovFNaY50N26PMX4VsHnHRrzUauTW2s5CguQ/BCBl1SCvhLr
ir4RSHfQ61hFJ8Uj4iSozvUbkwSyN7/rn7Ty2NcpnUtQzWBQwuqwAtOjCGOlF47y
Jli8e9bADFNui91eZ75VYHRHDeOUTOzS5/pCc2SVW5Y/naCLbujNtFnzFCEHLgHS
I+hqjoqbIRHod7l0wdEN96gjUbTU9H3nN9nnbg4qrcHj/qlkDMTg1tUBgLzde33a
wlYSdSRETy1dumknEwzti/ZpuHWmk6EAZErcN7/4gXTY
-----END CERTIFICATE-----