Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/7MYms7RIOoUO2o285IfZbjWVePI.roa
File:                     7MYms7RIOoUO2o285IfZbjWVePI.roa (raw, json)
Hash identifier:          yO2Sj8XRd0zshIE7s3ZciOp7WY+fc2AkNg79N4X3TaQ=
Subject key identifier:   EC:C6:26:B3:B4:48:3A:85:0E:DA:8D:BC:E4:87:D9:6E:35:95:78:F2
Certificate issuer:       /CN=51cf732a8a7439e9280f23ef57849814af195ae0
Certificate serial:       019A6F1EC06A043793320CFA9CE37C7A7F86
Authority key identifier: 51:CF:73:2A:8A:74:39:E9:28:0F:23:EF:57:84:98:14:AF:19:5A:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uc9zKop0OekoDyPvV4SYFK8ZWuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/7MYms7RIOoUO2o285IfZbjWVePI.roa
Signing time:             Mon 10 Nov 2025 18:54:37 +0000
ROA not before:           Mon 10 Nov 2025 18:54:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216405
IP address blocks:        212.74.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/Uc9zKop0OekoDyPvV4SYFK8ZWuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/Uc9zKop0OekoDyPvV4SYFK8ZWuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uc9zKop0OekoDyPvV4SYFK8ZWuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6f:1e:c0:6a:04:37:93:32:0c:fa:9c:e3:7c:7a:7f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51cf732a8a7439e9280f23ef57849814af195ae0
        Validity
            Not Before: Nov 10 18:54:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecc626b3b4483a850eda8dbce487d96e359578f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a5:b6:84:1a:3f:88:11:c5:1c:e5:0c:93:11:
                    eb:4f:31:1b:16:c8:a0:16:23:cc:6c:7f:71:4b:d4:
                    99:ac:a9:74:dd:80:3a:c4:17:5f:26:37:6f:2c:d9:
                    27:42:c5:af:8f:61:5c:a4:80:3d:7c:c6:e1:95:68:
                    8c:2c:f4:04:1b:09:72:df:5c:2e:6e:55:96:d1:37:
                    01:fe:03:ef:4d:c8:93:cf:8d:e9:dd:42:fb:fb:6c:
                    30:22:e9:17:2b:a1:17:7c:40:30:02:8d:39:2c:c3:
                    b4:41:56:97:4d:41:14:cc:8e:c9:eb:19:c8:21:aa:
                    6a:d5:14:fb:f0:4c:00:51:88:4c:9d:66:fd:2c:13:
                    7b:c5:ca:c1:b1:7f:7e:71:33:4f:02:92:c1:31:9a:
                    20:9d:14:47:f4:d0:4e:cb:e9:f0:c9:73:4c:98:27:
                    ec:f9:57:24:d3:ca:81:3b:1e:f6:2b:32:4a:97:b9:
                    d6:b2:c0:4f:0d:0b:e5:14:c2:f6:4b:5f:e6:b6:9f:
                    a4:ff:47:2d:59:8c:f0:42:42:5e:8a:47:a6:42:8c:
                    b7:3b:76:4a:81:f0:87:a0:c5:fb:20:f2:47:de:4a:
                    3e:f0:b7:4d:e3:64:9d:c7:e2:f5:88:a9:5c:cd:31:
                    b7:11:14:73:89:98:d8:bd:eb:3e:df:9a:ab:b4:8b:
                    33:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:C6:26:B3:B4:48:3A:85:0E:DA:8D:BC:E4:87:D9:6E:35:95:78:F2
            X509v3 Authority Key Identifier:
                keyid:51:CF:73:2A:8A:74:39:E9:28:0F:23:EF:57:84:98:14:AF:19:5A:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uc9zKop0OekoDyPvV4SYFK8ZWuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/7MYms7RIOoUO2o285IfZbjWVePI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/Uc9zKop0OekoDyPvV4SYFK8ZWuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:e1:dd:ff:e9:3e:e0:7d:be:92:c6:d8:a7:b4:ca:92:18:2e:
         1a:fd:77:34:eb:ec:54:6f:0e:5c:4a:64:41:57:64:71:94:59:
         75:74:e5:c0:4d:e1:4b:72:9d:6a:e6:e7:86:68:9b:8d:cd:aa:
         a4:dd:d6:6d:a9:4f:ca:c1:82:bf:22:3d:94:2d:aa:23:16:61:
         f0:77:c6:11:4e:2c:9f:2c:24:97:a7:78:fe:a9:5f:a8:17:66:
         a9:c4:ee:cd:e9:71:cc:d2:df:b5:da:d1:6d:c0:b0:dc:00:99:
         66:ff:0e:11:29:42:6f:61:43:0b:bf:6b:36:92:36:ba:fb:41:
         a0:cc:e8:eb:f8:80:d9:b8:84:f8:ff:a0:e3:0b:e6:fe:da:e3:
         aa:ff:6d:40:30:5c:f3:95:25:c6:28:c6:f8:a6:25:4f:db:69:
         69:7a:68:a8:4d:8e:a7:cf:bb:9f:7f:e7:4a:d8:a2:bf:40:8b:
         93:62:84:bf:4e:68:ae:a6:b9:f9:9f:82:1c:2c:29:4c:b4:18:
         8b:bc:2d:4f:6e:18:58:aa:6f:a6:a0:aa:bb:69:cf:4a:cd:e0:
         16:d5:87:6e:ef:5c:25:88:8f:8b:3c:f4:1b:13:04:ac:6c:1f:
         2d:f3:df:38:08:b4:b8:5a:f4:47:c0:98:d8:d9:9b:27:2e:da:
         5f:d1:f9:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpvHsBqBDeTMgz6nON8en+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxY2Y3MzJhOGE3NDM5ZTkyODBmMjNlZjU3ODQ5ODE0YWYx
OTVhZTAwHhcNMjUxMTEwMTg1NDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2M2MjZiM2I0NDgzYTg1MGVkYThkYmNlNDg3ZDk2ZTM1OTU3OGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraW2hBo/iBHFHOUMkxHrTzEbFsig
FiPMbH9xS9SZrKl03YA6xBdfJjdvLNknQsWvj2FcpIA9fMbhlWiMLPQEGwly31wu
blWW0TcB/gPvTciTz43p3UL7+2wwIukXK6EXfEAwAo05LMO0QVaXTUEUzI7J6xnI
Iapq1RT78EwAUYhMnWb9LBN7xcrBsX9+cTNPApLBMZognRRH9NBOy+nwyXNMmCfs
+Vck08qBOx72KzJKl7nWssBPDQvlFML2S1/mtp+k/0ctWYzwQkJeikemQoy3O3ZK
gfCHoMX7IPJH3ko+8LdN42Sdx+L1iKlczTG3ERRziZjYves+35qrtIszowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzGJrO0SDqFDtqNvOSH2W41lXjyMB8GA1UdIwQY
MBaAFFHPcyqKdDnpKA8j71eEmBSvGVrgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWM5ektvcDBPZWtvRHlQdlY0U1lGSzhaV3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy85YTY2MzgtYzhmZC00M2NmLWIxYzQt
YjA3MWM3ZWZkOTE1LzEvN01ZbXM3UklPb1VPMm8yODVJZlpialdWZVBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy85YTY2MzgtYzhmZC00M2NmLWIxYzQtYjA3MWM3ZWZkOTE1
LzEvVWM5ektvcDBPZWtvRHlQdlY0U1lGSzhaV3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EohMA0G
CSqGSIb3DQEBCwUAA4IBAQBW4d3/6T7gfb6SxtintMqSGC4a/Xc06+xUbw5cSmRB
V2RxlFl1dOXATeFLcp1q5ueGaJuNzaqk3dZtqU/KwYK/Ij2ULaojFmHwd8YRTiyf
LCSXp3j+qV+oF2apxO7N6XHM0t+12tFtwLDcAJlm/w4RKUJvYUMLv2s2kja6+0Gg
zOjr+IDZuIT4/6DjC+b+2uOq/21AMFzzlSXGKMb4piVP22lpemioTY6nz7uff+dK
2KK/QIuTYoS/Tmiuprn5n4IcLClMtBiLvC1PbhhYqm+moKq7ac9KzeAW1Ydu71wl
iI+LPPQbEwSsbB8t8984CLS4WvRHwJjY2ZsnLtpf0fmF
-----END CERTIFICATE-----