Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/jDw2Dd2UDl0Jpec8pWjhy1AZyY8.roa
File:                     jDw2Dd2UDl0Jpec8pWjhy1AZyY8.roa (raw, json)
Hash identifier:          QbnFTC2w+00ttHl88+nal3rrJ16xVKdLHwEi+w2YIYI=
Subject key identifier:   8C:3C:36:0D:DD:94:0E:5D:09:A5:E7:3C:A5:68:E1:CB:50:19:C9:8F
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019D52AEB0D088A6695507123EAB041255B0
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/jDw2Dd2UDl0Jpec8pWjhy1AZyY8.roa
Signing time:             Fri 03 Apr 2026 09:31:13 +0000
ROA not before:           Fri 03 Apr 2026 09:31:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        212.100.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 03:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:ae:b0:d0:88:a6:69:55:07:12:3e:ab:04:12:55:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Apr  3 09:31:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c3c360ddd940e5d09a5e73ca568e1cb5019c98f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6d:1e:83:30:96:96:40:08:b9:bc:d4:c0:48:
                    57:cd:97:1d:52:6f:9b:6a:d8:25:48:f7:4f:60:27:
                    8f:4e:05:09:14:02:34:10:6a:4d:1e:1e:e1:53:8e:
                    4c:9c:68:04:2c:96:9c:c5:61:61:c3:f4:0a:e2:8e:
                    e7:6f:6d:4d:06:06:1e:22:a0:65:56:a0:eb:6b:df:
                    d9:5c:ac:de:91:2f:c7:e9:8c:23:27:63:bd:1e:ba:
                    3d:fb:d6:4a:af:2d:b7:fc:93:9c:47:61:6a:95:50:
                    6f:c9:9c:e9:63:03:cc:51:c4:14:28:f7:d6:90:9c:
                    2e:15:bf:37:99:63:60:ce:c1:c7:6f:a8:c8:ab:5b:
                    f7:7f:d8:e3:4b:52:ff:0d:a4:cc:4d:d7:0d:d6:22:
                    01:96:5f:c8:a3:d0:9f:c4:67:11:87:dc:38:ce:96:
                    14:03:f0:d2:b6:31:4d:7c:02:31:b6:5d:a6:59:c4:
                    b5:9c:62:fb:ea:e1:04:74:f1:7a:c5:28:66:43:be:
                    41:0d:5e:9e:28:d6:c2:6f:88:4a:64:15:3a:83:9b:
                    ed:cc:53:a5:f3:65:ab:ed:d8:ef:d4:e3:56:a2:c2:
                    e3:d1:bf:6d:46:af:ce:2e:17:01:df:c3:3d:be:7c:
                    a1:cb:f6:3e:a3:bb:cd:64:0c:82:a7:c2:6f:ef:81:
                    7e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:3C:36:0D:DD:94:0E:5D:09:A5:E7:3C:A5:68:E1:CB:50:19:C9:8F
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/jDw2Dd2UDl0Jpec8pWjhy1AZyY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:de:cf:58:66:c6:7e:9b:9f:8f:96:db:cd:39:11:a7:d3:f6:
         4b:19:4e:d3:16:4e:55:11:9a:7c:9d:e6:f7:ff:1c:db:35:01:
         4e:8c:fd:a6:3a:87:58:6c:b4:26:a5:ce:85:80:23:ec:be:37:
         09:0e:8c:e3:90:59:6f:2d:56:f0:b5:80:54:9e:03:84:0b:33:
         f8:09:74:28:45:a6:ad:02:fb:e2:49:f3:b1:89:5a:22:b3:09:
         75:d0:91:b9:d5:58:03:cd:8d:8b:2d:6e:51:ea:0c:9b:7e:8b:
         0f:73:ac:d5:cf:a7:5e:71:8c:a3:4d:6e:a9:01:b5:3e:09:ea:
         52:43:f5:70:2c:26:41:a5:46:95:86:3f:d8:9d:9e:16:44:48:
         5c:81:9f:ec:f3:3e:05:77:b5:65:6c:52:9a:4f:89:f4:2d:53:
         75:30:c4:0f:91:55:79:84:ea:7a:89:0d:a1:b2:ad:f5:8a:27:
         d0:0a:11:12:44:bf:65:f3:fb:7d:c3:d8:31:1e:e5:07:6c:30:
         b8:d2:1d:60:b9:bf:f1:b7:01:18:70:16:1f:ab:c5:90:0a:c3:
         8a:55:0d:ba:24:71:fa:76:a9:ce:22:60:a5:51:ac:99:71:d6:
         c2:50:71:23:10:80:13:72:cc:80:f9:f3:e7:6f:d9:bd:85:63:
         45:ac:25:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1SrrDQiKZpVQcSPqsEElWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwNDAzMDkzMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzNjMzYwZGRkOTQwZTVkMDlhNWU3M2NhNTY4ZTFjYjUwMTljOThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnm0egzCWlkAIubzUwEhXzZcdUm+b
atglSPdPYCePTgUJFAI0EGpNHh7hU45MnGgELJacxWFhw/QK4o7nb21NBgYeIqBl
VqDra9/ZXKzekS/H6YwjJ2O9Hro9+9ZKry23/JOcR2FqlVBvyZzpYwPMUcQUKPfW
kJwuFb83mWNgzsHHb6jIq1v3f9jjS1L/DaTMTdcN1iIBll/Io9CfxGcRh9w4zpYU
A/DStjFNfAIxtl2mWcS1nGL76uEEdPF6xShmQ75BDV6eKNbCb4hKZBU6g5vtzFOl
82Wr7djv1ONWosLj0b9tRq/OLhcB38M9vnyhy/Y+o7vNZAyCp8Jv74F+kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIw8Ng3dlA5dCaXnPKVo4ctQGcmPMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvakR3MkRkMlVEbDBKcGVjOHBXamh5MUFaeVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSxMA0G
CSqGSIb3DQEBCwUAA4IBAQBu3s9YZsZ+m5+PltvNORGn0/ZLGU7TFk5VEZp8neb3
/xzbNQFOjP2mOodYbLQmpc6FgCPsvjcJDozjkFlvLVbwtYBUngOECzP4CXQoRaat
AvviSfOxiVoiswl10JG51VgDzY2LLW5R6gybfosPc6zVz6decYyjTW6pAbU+CepS
Q/VwLCZBpUaVhj/YnZ4WREhcgZ/s8z4Fd7VlbFKaT4n0LVN1MMQPkVV5hOp6iQ2h
sq31iifQChESRL9l8/t9w9gxHuUHbDC40h1gub/xtwEYcBYfq8WQCsOKVQ26JHH6
dqnOImClUayZcdbCUHEjEIATcsyA+fPnb9m9hWNFrCWE
-----END CERTIFICATE-----