Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/TLEa3wCwO1t-1JL9YarUBvTLUWg.roa
File:                     TLEa3wCwO1t-1JL9YarUBvTLUWg.roa (raw, json)
Hash identifier:          bh29VzLkRnbq5JpBJxNAjIHlb9Jwta1NcqlqV0xj/v0=
Subject key identifier:   4C:B1:1A:DF:00:B0:3B:5B:7E:D4:92:FD:61:AA:D4:06:F4:CB:51:68
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       01991B497975E557492167289AB7A7CA12BB
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/TLEa3wCwO1t-1JL9YarUBvTLUWg.roa
Signing time:             Fri 05 Sep 2025 19:10:23 +0000
ROA not before:           Fri 05 Sep 2025 19:10:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215262
IP address blocks:        212.100.172.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1b:49:79:75:e5:57:49:21:67:28:9a:b7:a7:ca:12:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Sep  5 19:10:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cb11adf00b03b5b7ed492fd61aad406f4cb5168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:77:8a:23:7a:70:da:65:4d:0c:ae:67:bb:a1:
                    83:4b:03:08:77:23:0b:b8:d9:28:bf:82:f3:d0:55:
                    e4:30:da:43:d7:de:d6:54:cd:a3:de:2d:fc:73:58:
                    0f:cd:34:fd:65:92:81:fe:d0:ae:92:c6:ca:71:f6:
                    38:59:f2:e9:5e:df:f9:72:f3:78:44:f3:52:80:fb:
                    3e:cc:92:6a:0d:dd:aa:d8:76:eb:18:31:85:11:ba:
                    f5:38:3b:53:b1:d7:b7:24:6d:31:b1:8e:c3:aa:87:
                    c3:12:61:8b:6f:a9:2b:3d:75:c2:2e:48:f5:53:99:
                    f0:e8:84:e4:ba:97:bc:4b:7b:0e:95:d3:7d:94:09:
                    1e:18:b2:51:fd:3c:de:f5:47:9b:9e:ec:9b:ef:cd:
                    72:e9:17:4e:ec:94:18:6a:33:19:f9:13:a5:02:11:
                    50:29:aa:fa:9d:81:51:f6:25:93:a2:ac:07:61:f6:
                    50:6b:a2:1a:25:44:df:15:c6:ef:f6:45:dc:32:d5:
                    3c:5a:4b:c6:e4:95:f8:d2:c5:d1:54:61:84:7c:7b:
                    a0:e4:ad:26:48:7a:eb:39:bd:85:f7:8c:96:87:c7:
                    76:a5:53:d5:02:e2:06:9e:80:88:d4:b0:22:4b:73:
                    15:4e:89:05:13:22:f6:95:1c:cf:d3:f0:29:14:97:
                    43:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B1:1A:DF:00:B0:3B:5B:7E:D4:92:FD:61:AA:D4:06:F4:CB:51:68
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/TLEa3wCwO1t-1JL9YarUBvTLUWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bc:4e:7f:77:89:a7:8c:80:b9:7b:4c:35:16:66:79:8d:f6:e4:
         f7:05:cf:05:21:0a:96:63:14:2c:5e:cb:f1:db:8c:c7:38:2f:
         0c:d0:c8:8a:2b:19:be:e4:f1:e3:32:94:25:f2:f7:47:73:a7:
         77:94:65:bc:de:dc:de:31:d0:17:42:bc:75:f5:5a:2c:b9:41:
         3c:e7:e2:c7:65:6a:8b:ec:f6:0e:7c:53:d5:6a:51:40:d9:80:
         5e:67:8c:47:0a:36:1a:eb:0a:f8:d0:aa:53:5a:3e:b3:0a:b0:
         80:9f:9e:3b:02:37:b3:aa:e4:e3:0d:e4:74:71:72:4b:a5:2d:
         ff:0c:d3:67:55:30:c6:69:2f:42:9e:02:b9:21:a8:52:3c:c4:
         7e:df:e6:b7:99:fb:78:0a:28:1b:81:fb:1d:01:07:48:59:3d:
         45:e3:08:5b:be:1d:15:40:aa:1c:53:b7:0f:b3:1b:eb:bc:24:
         33:c0:fc:12:ea:ca:49:84:86:2d:95:96:be:77:e3:97:47:79:
         92:d1:06:23:7a:48:c6:09:b4:9a:b9:7a:5f:3c:b4:0c:ce:ef:
         21:cc:8d:09:59:6e:88:e7:c7:9c:a5:37:22:61:6b:b7:f7:ec:
         64:17:bc:07:b0:86:38:55:45:d3:0e:fc:b3:cf:b3:66:04:74:
         79:5a:82:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkbSXl15VdJIWcomrenyhK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwOTA1MTkxMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2IxMWFkZjAwYjAzYjViN2VkNDkyZmQ2MWFhZDQwNmY0Y2I1MTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXeKI3pw2mVNDK5nu6GDSwMIdyML
uNkov4Lz0FXkMNpD197WVM2j3i38c1gPzTT9ZZKB/tCuksbKcfY4WfLpXt/5cvN4
RPNSgPs+zJJqDd2q2HbrGDGFEbr1ODtTsde3JG0xsY7DqofDEmGLb6krPXXCLkj1
U5nw6ITkupe8S3sOldN9lAkeGLJR/Tze9Uebnuyb781y6RdO7JQYajMZ+ROlAhFQ
Kar6nYFR9iWToqwHYfZQa6IaJUTfFcbv9kXcMtU8WkvG5JX40sXRVGGEfHug5K0m
SHrrOb2F94yWh8d2pVPVAuIGnoCI1LAiS3MVTokFEyL2lRzP0/ApFJdDJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyxGt8AsDtbftSS/WGq1Ab0y1FoMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvVExFYTN3Q3dPMXQtMUpMOVlhclVCdlRMVVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1GSsMA0G
CSqGSIb3DQEBCwUAA4IBAQC8Tn93iaeMgLl7TDUWZnmN9uT3Bc8FIQqWYxQsXsvx
24zHOC8M0MiKKxm+5PHjMpQl8vdHc6d3lGW83tzeMdAXQrx19VosuUE85+LHZWqL
7PYOfFPValFA2YBeZ4xHCjYa6wr40KpTWj6zCrCAn547AjezquTjDeR0cXJLpS3/
DNNnVTDGaS9CngK5IahSPMR+3+a3mft4CigbgfsdAQdIWT1F4whbvh0VQKocU7cP
sxvrvCQzwPwS6spJhIYtlZa+d+OXR3mS0QYjekjGCbSauXpfPLQMzu8hzI0JWW6I
58ecpTciYWu39+xkF7wHsIY4VUXTDvyzz7NmBHR5WoJk
-----END CERTIFICATE-----