Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/lfcGZ7Zd2mpr_lQntvdaWJ2zu8M.roa
File:                     lfcGZ7Zd2mpr_lQntvdaWJ2zu8M.roa (raw, json)
Hash identifier:          UHawUyvd2k+0s5ilnpHGhVUpniI30Hfj0TIOdOhhyxM=
Subject key identifier:   95:F7:06:67:B6:5D:DA:6A:6B:FE:54:27:B6:F7:5A:58:9D:B3:BB:C3
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019898A45A80D35914033BEC31E8055C0DCD
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/lfcGZ7Zd2mpr_lQntvdaWJ2zu8M.roa
Signing time:             Mon 11 Aug 2025 10:19:24 +0000
ROA not before:           Mon 11 Aug 2025 10:19:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        212.100.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 08:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:a4:5a:80:d3:59:14:03:3b:ec:31:e8:05:5c:0d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Aug 11 10:19:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95f70667b65dda6a6bfe5427b6f75a589db3bbc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f4:30:de:4a:ba:94:fc:cc:96:2e:3b:ad:4f:
                    1c:b6:60:41:01:4a:8a:bb:76:4a:ab:4d:0e:97:a8:
                    88:d8:13:c4:75:ea:09:06:dd:ed:43:bc:81:73:c2:
                    3e:72:92:0e:27:b2:4c:72:c4:41:63:90:d1:98:dc:
                    dd:5f:c0:5d:be:1d:5e:6e:da:e3:ce:7a:66:ca:f6:
                    6d:84:f3:72:17:4e:0f:96:98:09:64:d9:e3:29:6d:
                    fc:f5:66:e8:af:cf:67:a8:10:dd:28:d5:bf:19:84:
                    fb:3a:f0:1c:a9:7a:8e:18:2b:a5:d7:94:87:75:c7:
                    8a:d5:24:99:9e:01:db:31:69:90:1e:a5:84:7d:d4:
                    de:8e:e7:02:86:00:73:ff:34:45:ef:23:d0:ac:92:
                    ce:db:8a:cd:c1:d5:4f:08:d3:15:4e:ed:1c:71:13:
                    66:3b:43:5c:bf:62:ca:35:86:6c:5d:0f:82:be:da:
                    bf:9c:39:58:5d:c4:19:1f:f6:b9:be:90:94:94:3f:
                    06:cb:8a:6a:81:ad:48:5b:24:0e:71:b1:95:21:58:
                    8a:2a:9a:05:9c:49:34:00:bd:de:2c:2f:0c:da:38:
                    76:8e:16:c1:83:22:c0:ef:08:66:17:06:7f:ff:ba:
                    99:e5:89:a0:32:98:70:1e:56:a1:ac:58:c5:42:a1:
                    21:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F7:06:67:B6:5D:DA:6A:6B:FE:54:27:B6:F7:5A:58:9D:B3:BB:C3
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/lfcGZ7Zd2mpr_lQntvdaWJ2zu8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:9b:d8:f4:e7:72:49:e6:13:28:b5:62:18:e1:2f:d1:e2:16:
         c2:7f:ef:ea:d5:29:aa:33:ad:b7:0c:6a:4f:43:8e:81:dd:ff:
         68:1b:d3:9a:f7:4a:02:15:ab:b0:72:b7:e9:b8:2d:20:46:ae:
         95:ff:02:92:52:93:c8:b4:2b:c7:c6:7d:78:03:a8:3f:9b:f1:
         99:95:3f:23:45:5b:98:bb:f7:b7:31:c1:4a:3f:6d:63:f8:47:
         af:1b:5e:5b:3b:e5:65:b1:0e:cc:50:17:9b:fe:69:f3:39:47:
         5f:98:b0:c4:64:68:6d:55:a4:85:4f:1b:72:b5:93:b6:54:87:
         03:1f:97:dd:ba:67:17:1f:95:5b:61:8a:76:60:ec:b0:bc:8c:
         97:61:32:66:49:0e:cb:33:da:ae:97:6e:da:7b:40:52:8b:f9:
         53:dc:c4:c0:4d:f3:71:5a:ce:80:4b:1c:3a:f2:aa:e4:f4:ce:
         f5:f2:8d:e7:3b:36:2f:49:6f:b8:18:87:0b:6a:cd:e4:7a:73:
         fc:86:f2:1f:61:ed:bd:c9:d0:15:d4:ae:4f:b8:78:f6:0c:02:
         a4:d6:f5:90:de:09:c1:d6:7b:2e:54:ad:1d:8b:2d:c8:69:7e:
         21:ac:15:db:a5:5a:1b:08:55:bb:92:05:70:b0:f7:5d:d3:17:
         02:09:89:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYpFqA01kUAzvsMegFXA3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwODExMTAxOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWY3MDY2N2I2NWRkYTZhNmJmZTU0MjdiNmY3NWE1ODlkYjNiYmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvQw3kq6lPzMli47rU8ctmBBAUqK
u3ZKq00Ol6iI2BPEdeoJBt3tQ7yBc8I+cpIOJ7JMcsRBY5DRmNzdX8Bdvh1ebtrj
znpmyvZthPNyF04PlpgJZNnjKW389Wbor89nqBDdKNW/GYT7OvAcqXqOGCul15SH
dceK1SSZngHbMWmQHqWEfdTejucChgBz/zRF7yPQrJLO24rNwdVPCNMVTu0ccRNm
O0Ncv2LKNYZsXQ+Cvtq/nDlYXcQZH/a5vpCUlD8Gy4pqga1IWyQOcbGVIViKKpoF
nEk0AL3eLC8M2jh2jhbBgyLA7whmFwZ//7qZ5YmgMphwHlahrFjFQqEhCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJX3Bme2Xdpqa/5UJ7b3Wlids7vDMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvbGZjR1o3WmQybXByX2xRbnR2ZGFXSjJ6dThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSrMA0G
CSqGSIb3DQEBCwUAA4IBAQAim9j053JJ5hMotWIY4S/R4hbCf+/q1SmqM623DGpP
Q46B3f9oG9Oa90oCFauwcrfpuC0gRq6V/wKSUpPItCvHxn14A6g/m/GZlT8jRVuY
u/e3McFKP21j+EevG15bO+VlsQ7MUBeb/mnzOUdfmLDEZGhtVaSFTxtytZO2VIcD
H5fdumcXH5VbYYp2YOywvIyXYTJmSQ7LM9qul27ae0BSi/lT3MTATfNxWs6ASxw6
8qrk9M718o3nOzYvSW+4GIcLas3kenP8hvIfYe29ydAV1K5PuHj2DAKk1vWQ3gnB
1nsuVK0diy3IaX4hrBXbpVobCFW7kgVwsPdd0xcCCYkI
-----END CERTIFICATE-----