Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/I1VB30BkyExbsrjjCZwl3c3Gp2U.roa
File:                     I1VB30BkyExbsrjjCZwl3c3Gp2U.roa (raw, json)
Hash identifier:          uP/sRxpNyjBayRZABy7e2DCuUGGK9CiChAg8Q56N9T8=
Subject key identifier:   23:55:41:DF:40:64:C8:4C:5B:B2:B8:E3:09:9C:25:DD:CD:C6:A7:65
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019DEF284E8765446AC73703AE374B1AABE0
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/I1VB30BkyExbsrjjCZwl3c3Gp2U.roa
Signing time:             Sun 03 May 2026 18:44:49 +0000
ROA not before:           Sun 03 May 2026 18:44:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        212.100.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 15:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ef:28:4e:87:65:44:6a:c7:37:03:ae:37:4b:1a:ab:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: May  3 18:44:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=235541df4064c84c5bb2b8e3099c25ddcdc6a765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:61:f1:16:51:43:ed:18:a5:52:b0:b0:ba:e2:
                    ff:c3:c1:9f:b6:38:09:45:31:9c:34:4a:a6:68:31:
                    2d:1e:31:11:1e:8f:21:e2:17:85:2c:50:6a:4e:02:
                    3f:6a:d7:a5:a1:44:6c:39:8f:fe:15:70:7c:9c:e9:
                    d6:2d:29:3b:eb:23:28:b9:64:66:3f:48:5c:01:68:
                    c3:33:23:7f:97:e2:6b:15:2a:bf:52:9b:91:b6:de:
                    95:00:66:aa:2d:5e:70:8d:5c:59:7d:c7:8b:3f:48:
                    5e:75:ed:8f:4e:06:58:17:74:78:21:4f:3b:a1:f2:
                    20:91:27:9c:b5:bb:0d:df:4d:8c:91:cc:7f:35:d7:
                    48:f2:1d:83:e5:9b:18:f0:25:2e:e0:05:da:b2:c0:
                    20:b3:33:1b:22:45:12:2f:c6:35:46:fa:b9:ab:29:
                    76:9c:39:ba:cd:dd:67:b0:29:3c:7d:2c:41:dd:6f:
                    de:a6:43:1c:52:33:71:b9:88:06:2c:ea:37:bc:71:
                    f2:d4:2a:3b:a1:6b:c4:74:44:e5:44:f1:8e:31:f5:
                    32:78:17:71:53:73:32:81:ab:a3:d7:9e:8f:fb:e8:
                    d3:1c:41:49:06:67:83:78:ca:56:70:5d:c9:34:f1:
                    40:1c:23:6f:16:49:25:19:ab:07:a9:e4:44:5d:75:
                    9d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:55:41:DF:40:64:C8:4C:5B:B2:B8:E3:09:9C:25:DD:CD:C6:A7:65
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/I1VB30BkyExbsrjjCZwl3c3Gp2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:c0:f1:4c:7d:89:b0:f7:eb:41:65:8e:4d:f6:e6:e1:00:58:
         14:8a:dc:2e:1b:59:03:8f:6b:f9:55:28:70:92:fe:ad:03:32:
         fa:2d:7f:c6:2a:4c:87:2c:ef:b8:89:ed:33:90:bc:3e:ae:10:
         de:40:5b:bb:b0:38:03:02:87:46:6a:05:4f:ea:ce:95:74:17:
         a0:b7:43:fb:0b:b1:2b:b4:09:ab:b1:56:33:6f:ec:b7:58:27:
         b2:b0:98:c2:ea:3d:aa:93:3f:89:a2:48:44:5e:f8:db:96:dd:
         8f:8d:22:35:15:91:ac:84:34:54:3a:1a:7c:17:bc:6b:79:29:
         d8:f7:b2:9e:96:bd:b3:76:e4:71:4c:93:26:81:6e:91:ab:51:
         11:bf:ab:cd:03:fa:01:6f:0a:40:af:f3:9e:cd:9b:8a:f7:de:
         d9:bd:c3:10:c3:25:69:20:ee:5e:15:fc:c1:b4:76:d0:4d:4c:
         7a:23:d0:79:d3:65:7a:5e:9a:3e:12:80:93:58:e4:a9:32:9e:
         f9:43:50:b2:23:eb:f4:c4:e4:3d:d1:94:bf:2d:6c:66:a5:a6:
         25:0d:a5:0c:e9:7d:fe:d3:e5:f0:b3:97:ab:ca:51:fc:c2:a6:
         08:03:11:d2:21:6a:82:ec:f8:e8:c6:ad:25:00:63:c1:66:c2:
         df:8f:fd:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3vKE6HZURqxzcDrjdLGqvgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwNTAzMTg0NDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU1NDFkZjQwNjRjODRjNWJiMmI4ZTMwOTljMjVkZGNkYzZhNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWHxFlFD7RilUrCwuuL/w8GftjgJ
RTGcNEqmaDEtHjERHo8h4heFLFBqTgI/ateloURsOY/+FXB8nOnWLSk76yMouWRm
P0hcAWjDMyN/l+JrFSq/UpuRtt6VAGaqLV5wjVxZfceLP0hede2PTgZYF3R4IU87
ofIgkSectbsN302Mkcx/NddI8h2D5ZsY8CUu4AXassAgszMbIkUSL8Y1Rvq5qyl2
nDm6zd1nsCk8fSxB3W/epkMcUjNxuYgGLOo3vHHy1Co7oWvEdETlRPGOMfUyeBdx
U3Mygauj156P++jTHEFJBmeDeMpWcF3JNPFAHCNvFkklGasHqeREXXWdtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNVQd9AZMhMW7K44wmcJd3NxqdlMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvSTFWQjMwQmt5RXhic3JqakNad2wzYzNHcDJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSlMA0G
CSqGSIb3DQEBCwUAA4IBAQATwPFMfYmw9+tBZY5N9ubhAFgUitwuG1kDj2v5VShw
kv6tAzL6LX/GKkyHLO+4ie0zkLw+rhDeQFu7sDgDAodGagVP6s6VdBegt0P7C7Er
tAmrsVYzb+y3WCeysJjC6j2qkz+JokhEXvjblt2PjSI1FZGshDRUOhp8F7xreSnY
97Kelr2zduRxTJMmgW6Rq1ERv6vNA/oBbwpAr/OezZuK997ZvcMQwyVpIO5eFfzB
tHbQTUx6I9B502V6Xpo+EoCTWOSpMp75Q1CyI+v0xOQ90ZS/LWxmpaYlDaUM6X3+
0+Xws5erylH8wqYIAxHSIWqC7Pjoxq0lAGPBZsLfj/2u
-----END CERTIFICATE-----