Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/XE02NZ7cs5gcBiEgp1t5eVDLDFo.roa
File:                     XE02NZ7cs5gcBiEgp1t5eVDLDFo.roa (raw, json)
Hash identifier:          kfZgjRyxeRbZqiAf7Y3WaC8aF4/f1MDEJ1quVFwvGIw=
Subject key identifier:   5C:4D:36:35:9E:DC:B3:98:1C:06:21:20:A7:5B:79:79:50:CB:0C:5A
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019CAD8084DCDDE6A5BBEC04F8829B1508D8
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/XE02NZ7cs5gcBiEgp1t5eVDLDFo.roa
Signing time:             Mon 02 Mar 2026 07:43:26 +0000
ROA not before:           Mon 02 Mar 2026 07:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        212.100.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:80:84:dc:dd:e6:a5:bb:ec:04:f8:82:9b:15:08:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Mar  2 07:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c4d36359edcb3981c062120a75b797950cb0c5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a1:1c:e8:62:3d:3e:21:9d:e9:e2:24:e1:6a:
                    1a:10:bb:83:40:69:12:62:ea:9f:41:46:a9:7a:30:
                    02:45:26:4a:16:01:4d:c9:15:cc:25:62:c8:e4:63:
                    f8:f0:74:3c:a6:20:2f:5e:56:d7:2b:a6:2e:cd:56:
                    a3:4e:9c:24:3c:ea:28:c7:b1:16:cb:17:ac:52:ce:
                    b8:4d:85:63:e1:80:6a:fe:8a:27:f6:f8:83:48:2d:
                    9e:f6:1c:81:fb:2c:df:40:a8:07:7b:58:ea:5c:4d:
                    f3:af:64:c1:f5:59:21:4f:77:96:c7:08:bb:6d:ee:
                    36:6e:70:85:28:0f:e4:1f:2f:2a:d6:d2:54:6b:cb:
                    3f:e8:b4:1f:9b:98:b5:79:84:f1:9a:69:30:0d:76:
                    1d:11:9f:c7:63:40:31:52:2b:34:fb:4f:b7:ab:24:
                    93:7c:59:c8:29:c9:b5:59:32:02:bd:b8:0f:98:56:
                    12:ca:e4:1b:cf:3f:d8:d4:0c:ba:be:d1:0f:87:49:
                    2b:35:70:b4:d5:19:d4:b9:66:d4:d1:90:4f:4c:92:
                    5c:5c:72:07:3a:33:20:ec:a7:09:7a:dd:64:35:5b:
                    7d:99:50:70:51:97:76:25:71:24:ed:d1:86:e0:d8:
                    5a:91:6f:0a:0b:cc:ee:f3:dc:38:fa:ea:23:5f:92:
                    68:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:4D:36:35:9E:DC:B3:98:1C:06:21:20:A7:5B:79:79:50:CB:0C:5A
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/XE02NZ7cs5gcBiEgp1t5eVDLDFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:48:2e:19:df:85:20:ea:7e:f6:a6:57:cd:62:28:5e:34:35:
         0a:62:11:db:79:f5:2e:6b:92:a1:33:54:26:80:a3:14:87:02:
         96:e5:b2:24:1f:e1:1a:99:a4:e3:86:eb:0c:57:cf:65:9d:30:
         7f:34:40:de:e5:3d:9a:21:93:99:b2:3a:75:3e:4c:b0:33:9c:
         c7:0d:89:36:32:a0:97:b5:53:e3:a3:9a:e3:a1:b6:d7:84:90:
         05:8c:3c:04:ee:4d:e8:ce:7e:61:3b:50:c7:7f:87:69:0f:0d:
         c3:15:ec:46:85:bc:47:c6:c3:06:2b:68:aa:75:86:85:f3:15:
         a3:62:e6:bd:ee:51:c8:1e:f7:ec:0d:54:34:9b:86:6e:e8:a8:
         45:65:0e:02:ed:46:89:9e:ac:de:6f:19:6f:3c:43:55:6a:eb:
         10:92:a1:11:aa:4e:80:a2:c4:27:c6:92:ab:23:0d:e0:80:1d:
         a5:c7:5f:cb:90:2b:de:34:d4:24:fe:76:57:c6:22:6f:d3:15:
         8a:d8:c9:d4:cc:40:28:33:24:54:20:68:72:59:d0:6b:56:76:
         7e:ba:78:cb:8b:5a:2f:c7:ad:3a:2e:55:05:7e:15:0b:2e:23:
         ed:05:54:bb:f2:5d:3b:aa:35:d8:33:85:15:52:d1:db:79:67:
         04:02:18:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZytgITc3ealu+wE+IKbFQjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwMzAyMDc0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzRkMzYzNTllZGNiMzk4MWMwNjIxMjBhNzViNzk3OTUwY2IwYzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKEc6GI9PiGd6eIk4WoaELuDQGkS
YuqfQUapejACRSZKFgFNyRXMJWLI5GP48HQ8piAvXlbXK6YuzVajTpwkPOoox7EW
yxesUs64TYVj4YBq/oon9viDSC2e9hyB+yzfQKgHe1jqXE3zr2TB9VkhT3eWxwi7
be42bnCFKA/kHy8q1tJUa8s/6LQfm5i1eYTxmmkwDXYdEZ/HY0AxUis0+0+3qyST
fFnIKcm1WTICvbgPmFYSyuQbzz/Y1Ay6vtEPh0krNXC01RnUuWbU0ZBPTJJcXHIH
OjMg7KcJet1kNVt9mVBwUZd2JXEk7dGG4NhakW8KC8zu89w4+uojX5JopQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxNNjWe3LOYHAYhIKdbeXlQywxaMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvWEUwMk5aN2NzNWdjQmlFZ3AxdDVlVkRMREZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSlMA0G
CSqGSIb3DQEBCwUAA4IBAQChSC4Z34Ug6n72plfNYiheNDUKYhHbefUua5KhM1Qm
gKMUhwKW5bIkH+EamaTjhusMV89lnTB/NEDe5T2aIZOZsjp1PkywM5zHDYk2MqCX
tVPjo5rjobbXhJAFjDwE7k3ozn5hO1DHf4dpDw3DFexGhbxHxsMGK2iqdYaF8xWj
Yua97lHIHvfsDVQ0m4Zu6KhFZQ4C7UaJnqzebxlvPENVausQkqERqk6AosQnxpKr
Iw3ggB2lx1/LkCveNNQk/nZXxiJv0xWK2MnUzEAoMyRUIGhyWdBrVnZ+unjLi1ov
x606LlUFfhULLiPtBVS78l07qjXYM4UVUtHbeWcEAhg5
-----END CERTIFICATE-----