Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/2CUChmUOOT29mGMWY66DWvJh2WQ.roa
File:                     2CUChmUOOT29mGMWY66DWvJh2WQ.roa (raw, json)
Hash identifier:          zU1VWPSaWCzOeazo96kB3sWhetiBsHBnhrLCkL6ZTdA=
Subject key identifier:   D8:25:02:86:65:0E:39:3D:BD:98:63:16:63:AE:83:5A:F2:61:D9:64
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       019E4A12A7140F85BBFAFF6828B4380D4C1A
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/2CUChmUOOT29mGMWY66DWvJh2WQ.roa
Signing time:             Thu 21 May 2026 10:26:36 +0000
ROA not before:           Thu 21 May 2026 10:26:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399955
IP address blocks:        92.51.32.0/22 maxlen: 22
                          92.51.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:12:a7:14:0f:85:bb:fa:ff:68:28:b4:38:0d:4c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: May 21 10:26:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8250286650e393dbd98631663ae835af261d964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8c:fc:96:7b:fb:ae:83:d7:d5:f9:73:80:7c:
                    b9:4a:e6:3d:19:d6:d2:e5:69:f5:96:80:49:d4:82:
                    fa:1d:d5:13:61:eb:46:86:9c:c2:ca:b9:5c:8c:54:
                    73:f8:cc:5c:92:31:64:fe:2c:63:65:7f:74:2f:56:
                    a1:8f:de:50:e4:7c:82:b1:f7:69:13:a2:b2:e0:ea:
                    b3:c1:a0:68:7b:25:c6:61:96:bc:ee:ea:84:5a:23:
                    ab:d1:55:2a:ff:0f:dc:ce:8a:7c:9d:57:5a:32:f8:
                    e3:a9:d3:f6:cf:7f:3e:38:18:84:b9:36:54:36:1a:
                    06:8e:02:a9:9f:e1:f2:9e:f5:a3:3c:88:85:3c:e0:
                    92:e3:0f:dc:ff:90:6d:50:6a:41:36:05:45:5e:46:
                    6c:42:29:3f:13:64:cf:ae:29:34:c7:ae:a9:a0:77:
                    1c:ef:b6:61:49:d4:45:b5:bb:bc:9c:17:ea:e0:f4:
                    ec:02:24:ae:6b:50:b9:53:4b:c7:a3:4a:c8:43:4c:
                    90:d6:a8:3a:37:03:41:fe:69:4b:7b:e4:f5:6c:02:
                    41:f5:20:db:9f:37:c3:a4:d8:da:c8:7d:93:69:bf:
                    60:ae:c7:3a:d4:42:d3:68:8a:0c:6f:90:de:c0:64:
                    d1:d2:d8:56:d0:3b:24:d4:d5:ac:98:ce:fb:36:46:
                    09:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:25:02:86:65:0E:39:3D:BD:98:63:16:63:AE:83:5A:F2:61:D9:64
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/2CUChmUOOT29mGMWY66DWvJh2WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.32.0/22
                  92.51.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:c5:b1:28:d4:42:cf:3c:ac:36:34:e5:f0:78:bb:e2:64:4e:
         fb:c2:a5:eb:8f:6b:25:af:80:79:98:7c:3c:4a:67:c7:4e:23:
         d6:70:72:2a:5b:45:0f:b8:89:10:c9:04:06:10:5b:d6:bf:55:
         76:f5:8c:f5:d0:d7:2c:a8:63:e7:9f:67:24:32:95:89:bb:6e:
         7f:d1:18:65:ed:36:f6:89:c0:d9:79:a5:b1:6a:d1:f6:66:ff:
         1e:1c:28:01:9c:c6:33:30:8a:4c:de:80:e2:06:f5:a9:36:5f:
         98:79:eb:07:bc:82:05:05:e1:e0:81:47:10:fe:b9:78:21:dc:
         dc:d3:3f:29:ae:bd:4f:95:21:9c:25:2b:ef:77:21:ae:a5:33:
         45:c7:86:28:17:93:9b:ca:85:dd:24:dd:06:a4:e8:d7:94:50:
         ec:ab:ab:d9:ca:cb:20:1b:7d:74:1b:32:8d:4f:7b:91:ef:ad:
         90:5b:d9:a5:ca:13:91:b2:a7:a9:03:b1:2d:61:f3:fe:20:17:
         d2:b2:3a:c6:de:15:c1:0b:4d:2c:ef:3f:cc:34:0d:a5:fa:15:
         56:29:21:02:78:12:af:a2:51:04:d8:f6:e6:7b:13:ff:d1:59:
         a5:e2:15:2e:03:99:ca:d6:cf:e0:31:2b:db:72:07:23:68:4b:
         9e:99:0a:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5KEqcUD4W7+v9oKLQ4DUwaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjYwNTIxMTAyNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODI1MDI4NjY1MGUzOTNkYmQ5ODYzMTY2M2FlODM1YWYyNjFkOTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4z8lnv7roPX1flzgHy5SuY9GdbS
5Wn1loBJ1IL6HdUTYetGhpzCyrlcjFRz+MxckjFk/ixjZX90L1ahj95Q5HyCsfdp
E6Ky4OqzwaBoeyXGYZa87uqEWiOr0VUq/w/czop8nVdaMvjjqdP2z38+OBiEuTZU
NhoGjgKpn+HynvWjPIiFPOCS4w/c/5BtUGpBNgVFXkZsQik/E2TPrik0x66poHcc
77ZhSdRFtbu8nBfq4PTsAiSua1C5U0vHo0rIQ0yQ1qg6NwNB/mlLe+T1bAJB9SDb
nzfDpNjayH2Tab9grsc61ELTaIoMb5DewGTR0thW0Dsk1NWsmM77NkYJ5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNglAoZlDjk9vZhjFmOug1ryYdlkMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvMkNVQ2htVU9PVDI5bUdNV1k2NkRXdkpoMldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXDMgAwQC
XDMoMA0GCSqGSIb3DQEBCwUAA4IBAQCxxbEo1ELPPKw2NOXweLviZE77wqXrj2sl
r4B5mHw8SmfHTiPWcHIqW0UPuIkQyQQGEFvWv1V29Yz10NcsqGPnn2ckMpWJu25/
0Rhl7Tb2icDZeaWxatH2Zv8eHCgBnMYzMIpM3oDiBvWpNl+YeesHvIIFBeHggUcQ
/rl4Idzc0z8prr1PlSGcJSvvdyGupTNFx4YoF5ObyoXdJN0GpOjXlFDsq6vZyssg
G310GzKNT3uR762QW9mlyhORsqepA7EtYfP+IBfSsjrG3hXBC00s7z/MNA2l+hVW
KSECeBKvolEE2PbmexP/0Vml4hUuA5nK1s/gMSvbcgcjaEuemQqJ
-----END CERTIFICATE-----