Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/AMjUNTOhnzREU8Jo1dm48smZP8I.roa
File:                     AMjUNTOhnzREU8Jo1dm48smZP8I.roa (raw, json)
Hash identifier:          zBT+5qzWj4dFZbdGDNdO3nHKN+CwepKtHTyn5tswDu8=
Subject key identifier:   00:C8:D4:35:33:A1:9F:34:44:53:C2:68:D5:D9:B8:F2:C9:99:3F:C2
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       01990F23B3009604634442A3BC5DCBD28A5B
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/AMjUNTOhnzREU8Jo1dm48smZP8I.roa
Signing time:             Wed 03 Sep 2025 10:33:41 +0000
ROA not before:           Wed 03 Sep 2025 10:33:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207805
IP address blocks:        212.100.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:23:b3:00:96:04:63:44:42:a3:bc:5d:cb:d2:8a:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Sep  3 10:33:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00c8d43533a19f344453c268d5d9b8f2c9993fc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ee:61:ed:7a:a9:57:b0:bf:87:46:5a:7b:4c:
                    ca:78:9b:e5:77:f2:40:ab:94:f1:51:b4:44:e5:8c:
                    df:10:5d:1a:70:91:03:d6:e8:c4:f3:69:8b:f3:51:
                    56:01:7f:cb:53:2e:f3:8f:53:7e:86:a4:27:00:37:
                    c2:c4:f6:44:1f:c6:e8:0b:c2:16:ed:42:f9:eb:9c:
                    2d:7f:da:b4:50:a1:81:ef:7b:16:13:ad:25:f6:e2:
                    59:d8:f7:45:f9:fc:d0:66:3b:17:fb:df:bd:87:72:
                    83:12:3c:f1:9f:62:dd:cd:da:69:45:0f:07:6e:fe:
                    fc:fc:29:8f:35:d8:a7:81:84:37:08:4d:81:b8:bf:
                    fd:81:37:f6:c0:76:6c:3a:7f:84:76:de:f2:3f:7a:
                    31:83:ac:f3:26:1b:66:f9:0e:3a:fc:ec:09:80:ef:
                    dc:31:0b:22:81:c5:91:94:fb:03:b5:6e:93:82:8d:
                    5f:52:b4:41:50:06:ac:b7:bb:27:c6:3f:09:9f:42:
                    25:3a:3f:1a:0d:26:14:65:d5:81:25:e1:17:f7:71:
                    ea:4a:09:0a:5a:30:6a:37:2f:66:04:38:2e:56:25:
                    bd:38:99:a2:13:26:8a:c6:dc:55:8a:a7:fb:7c:b4:
                    f7:25:71:74:1e:b2:04:58:66:70:5f:cd:81:75:20:
                    a4:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:C8:D4:35:33:A1:9F:34:44:53:C2:68:D5:D9:B8:F2:C9:99:3F:C2
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/AMjUNTOhnzREU8Jo1dm48smZP8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:70:e8:7b:39:1a:cb:99:1e:bf:b3:4f:87:52:5b:b4:3a:7c:
         8d:78:8b:00:6a:3f:86:64:d3:9e:03:2c:ca:43:02:82:63:45:
         9a:df:7e:12:f9:f6:94:49:19:21:cb:c2:fe:20:51:d4:26:86:
         00:f6:d0:41:9e:7c:60:80:20:af:2f:eb:9b:c9:a1:40:8c:f5:
         7b:77:bf:bf:3e:10:8b:4c:81:06:19:98:e1:ec:61:93:65:e7:
         06:a7:58:8c:73:b5:fd:4d:e4:68:33:ef:c5:f2:2f:73:30:63:
         77:14:5e:de:7b:d1:7f:80:ac:86:8f:83:ea:32:04:a3:87:f2:
         76:de:9c:a0:12:b1:37:9a:17:5b:5d:e5:6e:3f:ee:e9:60:f8:
         cb:85:48:11:60:9b:fd:ea:93:32:cc:81:f7:e7:d0:9a:4f:78:
         c8:98:f4:b8:53:d7:ca:97:ba:ef:22:b1:30:53:7e:ab:f6:37:
         5c:30:97:80:75:7c:53:a8:78:0b:e7:34:d0:06:ef:d5:c9:04:
         5f:06:14:88:d1:c0:bc:84:f5:8a:a1:24:cf:c6:f2:a0:2b:ff:
         e2:97:7b:d1:25:15:5c:ab:b9:ec:53:cc:2b:67:ee:90:2a:f3:
         b8:5d:41:8d:25:61:c6:91:fa:9b:50:c1:d6:31:83:ae:6f:70:
         e6:ab:c9:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkPI7MAlgRjREKjvF3L0opbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwOTAzMTAzMzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGM4ZDQzNTMzYTE5ZjM0NDQ1M2MyNjhkNWQ5YjhmMmM5OTkzZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsO5h7XqpV7C/h0Zae0zKeJvld/JA
q5TxUbRE5YzfEF0acJED1ujE82mL81FWAX/LUy7zj1N+hqQnADfCxPZEH8boC8IW
7UL565wtf9q0UKGB73sWE60l9uJZ2PdF+fzQZjsX+9+9h3KDEjzxn2LdzdppRQ8H
bv78/CmPNdingYQ3CE2BuL/9gTf2wHZsOn+Edt7yP3oxg6zzJhtm+Q46/OwJgO/c
MQsigcWRlPsDtW6Tgo1fUrRBUAast7snxj8Jn0IlOj8aDSYUZdWBJeEX93HqSgkK
WjBqNy9mBDguViW9OJmiEyaKxtxViqf7fLT3JXF0HrIEWGZwX82BdSCkpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADI1DUzoZ80RFPCaNXZuPLJmT/CMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvQU1qVU5UT2huelJFVThKbzFkbTQ4c21aUDhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GS5MA0G
CSqGSIb3DQEBCwUAA4IBAQA6cOh7ORrLmR6/s0+HUlu0OnyNeIsAaj+GZNOeAyzK
QwKCY0Wa334S+faUSRkhy8L+IFHUJoYA9tBBnnxggCCvL+ubyaFAjPV7d7+/PhCL
TIEGGZjh7GGTZecGp1iMc7X9TeRoM+/F8i9zMGN3FF7ee9F/gKyGj4PqMgSjh/J2
3pygErE3mhdbXeVuP+7pYPjLhUgRYJv96pMyzIH359CaT3jImPS4U9fKl7rvIrEw
U36r9jdcMJeAdXxTqHgL5zTQBu/VyQRfBhSI0cC8hPWKoSTPxvKgK//il3vRJRVc
q7nsU8wrZ+6QKvO4XUGNJWHGkfqbUMHWMYOub3Dmq8le
-----END CERTIFICATE-----