Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/e5069b-1cad-45a4-a619-c24ff682f7ad/1/51DxBzbPYOuEQqlZJUoSRh-Wl5I.roa
File:                     51DxBzbPYOuEQqlZJUoSRh-Wl5I.roa (raw, json)
Hash identifier:          lBHR4lK/3PjDa1VfYWpiWC2S5K6Z0gRbqmU6RgprrP4=
Subject key identifier:   E7:50:F1:07:36:CF:60:EB:84:42:A9:59:25:4A:12:46:1F:96:97:92
Certificate issuer:       /CN=79a3b2c3622df9e87982ea8350978a6c9875a7c8
Certificate serial:       019CD20122380E8EBDEAA06C427897C4EC42
Authority key identifier: 79:A3:B2:C3:62:2D:F9:E8:79:82:EA:83:50:97:8A:6C:98:75:A7:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaOyw2It-eh5guqDUJeKbJh1p8g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/e5069b-1cad-45a4-a619-c24ff682f7ad/1/51DxBzbPYOuEQqlZJUoSRh-Wl5I.roa
Signing time:             Mon 09 Mar 2026 09:50:15 +0000
ROA not before:           Mon 09 Mar 2026 09:50:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203674
IP address blocks:        194.187.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/e5069b-1cad-45a4-a619-c24ff682f7ad/1/eaOyw2It-eh5guqDUJeKbJh1p8g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/e5069b-1cad-45a4-a619-c24ff682f7ad/1/eaOyw2It-eh5guqDUJeKbJh1p8g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eaOyw2It-eh5guqDUJeKbJh1p8g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 12:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:01:22:38:0e:8e:bd:ea:a0:6c:42:78:97:c4:ec:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a3b2c3622df9e87982ea8350978a6c9875a7c8
        Validity
            Not Before: Mar  9 09:50:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e750f10736cf60eb8442a959254a12461f969792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3a:b8:82:9d:e0:da:70:3d:dd:0d:e9:ba:7d:
                    54:0d:a9:e7:9f:3c:5e:f3:25:4c:54:a8:c8:4d:25:
                    4f:f1:8a:0f:07:da:15:41:ee:dc:36:60:df:74:a5:
                    cc:bd:8a:aa:95:4d:74:d1:b1:96:3b:dd:eb:60:e4:
                    62:67:36:26:ab:46:aa:e6:6f:7e:ea:a5:52:24:a2:
                    86:ab:3d:49:a1:a3:c7:17:99:68:de:81:94:24:d5:
                    dd:a6:81:5b:f4:0d:fd:a3:08:91:9d:3d:12:7e:bf:
                    f9:46:19:1a:b2:2a:ba:e4:2d:49:0a:56:ea:1b:8d:
                    25:17:7a:56:e3:36:c9:1b:1d:1d:ed:91:3c:ef:75:
                    6c:14:53:0d:3c:bd:fb:64:31:b4:2a:3f:90:20:01:
                    74:eb:62:da:68:e0:f8:e2:66:c1:d7:8a:e2:fc:8e:
                    de:ee:f2:4d:cd:29:de:d5:79:a1:bd:8d:29:22:60:
                    fc:fd:d4:af:74:ae:9e:bf:11:f3:2e:27:6b:1a:f1:
                    6f:45:f5:78:1a:00:8f:2b:08:fe:f1:80:14:66:81:
                    e5:2c:c1:27:58:89:11:62:93:7d:19:8f:03:02:dc:
                    73:80:54:b4:49:44:b7:6a:42:44:43:cc:0a:9f:55:
                    27:16:7f:ed:5a:21:6c:5f:0d:0e:9c:27:eb:8e:ce:
                    45:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:50:F1:07:36:CF:60:EB:84:42:A9:59:25:4A:12:46:1F:96:97:92
            X509v3 Authority Key Identifier:
                keyid:79:A3:B2:C3:62:2D:F9:E8:79:82:EA:83:50:97:8A:6C:98:75:A7:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaOyw2It-eh5guqDUJeKbJh1p8g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e5069b-1cad-45a4-a619-c24ff682f7ad/1/51DxBzbPYOuEQqlZJUoSRh-Wl5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e5069b-1cad-45a4-a619-c24ff682f7ad/1/eaOyw2It-eh5guqDUJeKbJh1p8g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:70:e4:f3:16:46:2d:c6:0d:f2:5d:c5:1d:31:4f:11:65:26:
         b2:f2:6d:1d:c1:24:40:f9:e4:65:d5:e7:28:e1:47:fe:63:15:
         ed:92:19:41:bf:85:61:54:54:b5:7a:c5:45:e1:55:95:4f:1b:
         b0:f2:c4:90:52:95:f1:d3:76:9a:cb:53:a6:4e:47:3e:de:1e:
         8b:53:ae:47:fc:01:40:26:61:a2:fe:0b:fe:9e:5f:40:2b:69:
         2a:0f:b2:fe:04:db:95:4c:b1:55:ce:c0:a9:0f:e0:c8:94:6c:
         81:a8:50:e9:cd:fe:1a:58:52:96:fb:f9:af:e6:6d:63:5c:83:
         dc:20:21:73:85:0a:c2:ec:bc:3f:c0:25:39:72:77:1b:e4:45:
         d9:9a:3b:8e:47:f8:2e:cf:a2:01:48:bb:68:5c:60:e8:14:e1:
         c8:88:03:72:a9:1d:cb:76:c3:15:a0:6a:57:74:d2:5b:fc:a9:
         32:76:ca:ca:0c:a2:f3:34:f8:5f:39:ac:9c:fe:a9:3b:b7:2f:
         fd:7b:7c:da:b7:79:28:eb:e9:38:fe:71:58:9e:c4:9b:67:ed:
         d2:1d:76:96:d9:2e:10:98:d9:43:f8:0e:c3:88:3d:ec:d0:8f:
         71:0e:1d:22:85:55:8e:f1:bc:60:26:29:ad:c4:8d:e3:c8:a6:
         db:2d:4f:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzSASI4Do696qBsQniXxOxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTNiMmMzNjIyZGY5ZTg3OTgyZWE4MzUwOTc4YTZjOTg3
NWE3YzgwHhcNMjYwMzA5MDk1MDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzUwZjEwNzM2Y2Y2MGViODQ0MmE5NTkyNTRhMTI0NjFmOTY5NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Dq4gp3g2nA93Q3pun1UDannnzxe
8yVMVKjITSVP8YoPB9oVQe7cNmDfdKXMvYqqlU100bGWO93rYORiZzYmq0aq5m9+
6qVSJKKGqz1JoaPHF5lo3oGUJNXdpoFb9A39owiRnT0Sfr/5Rhkasiq65C1JClbq
G40lF3pW4zbJGx0d7ZE873VsFFMNPL37ZDG0Kj+QIAF062LaaOD44mbB14ri/I7e
7vJNzSne1XmhvY0pImD8/dSvdK6evxHzLidrGvFvRfV4GgCPKwj+8YAUZoHlLMEn
WIkRYpN9GY8DAtxzgFS0SUS3akJEQ8wKn1UnFn/tWiFsXw0OnCfrjs5FowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdQ8Qc2z2DrhEKpWSVKEkYflpeSMB8GA1UdIwQY
MBaAFHmjssNiLfnoeYLqg1CXimyYdafIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFPeXcySXQtZWg1Z3VxRFVKZUtiSmgxcDhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9lNTA2OWItMWNhZC00NWE0LWE2MTkt
YzI0ZmY2ODJmN2FkLzEvNTFEeEJ6YlBZT3VFUXFsWkpVb1NSaC1XbDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9lNTA2OWItMWNhZC00NWE0LWE2MTktYzI0ZmY2ODJmN2Fk
LzEvZWFPeXcySXQtZWg1Z3VxRFVKZUtiSmgxcDhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrvRMA0G
CSqGSIb3DQEBCwUAA4IBAQCmcOTzFkYtxg3yXcUdMU8RZSay8m0dwSRA+eRl1eco
4Uf+YxXtkhlBv4VhVFS1esVF4VWVTxuw8sSQUpXx03aay1OmTkc+3h6LU65H/AFA
JmGi/gv+nl9AK2kqD7L+BNuVTLFVzsCpD+DIlGyBqFDpzf4aWFKW+/mv5m1jXIPc
ICFzhQrC7Lw/wCU5cncb5EXZmjuOR/guz6IBSLtoXGDoFOHIiANyqR3LdsMVoGpX
dNJb/KkydsrKDKLzNPhfOayc/qk7ty/9e3zat3ko6+k4/nFYnsSbZ+3SHXaW2S4Q
mNlD+A7DiD3s0I9xDh0ihVWO8bxgJimtxI3jyKbbLU/c
-----END CERTIFICATE-----