Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/x77ckgBnyFjNyEr_z-PzyG8KyRo.roa
File:                     x77ckgBnyFjNyEr_z-PzyG8KyRo.roa (raw, json)
Hash identifier:          tyi/lTtGkxn6eIin2giJPjtV2rcAYKNSiCivHdTdGL0=
Subject key identifier:   C7:BE:DC:92:00:67:C8:58:CD:C8:4A:FF:CF:E3:F3:C8:6F:0A:C9:1A
Certificate issuer:       /CN=ec9c685cf6671cc656f92e764557a38378f2827c
Certificate serial:       019D1AD17DBDD63554F043BBB01AF61D0C7A
Authority key identifier: EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/x77ckgBnyFjNyEr_z-PzyG8KyRo.roa
Signing time:             Mon 23 Mar 2026 13:10:29 +0000
ROA not before:           Mon 23 Mar 2026 13:10:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        212.114.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:d1:7d:bd:d6:35:54:f0:43:bb:b0:1a:f6:1d:0c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9c685cf6671cc656f92e764557a38378f2827c
        Validity
            Not Before: Mar 23 13:10:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7bedc920067c858cdc84affcfe3f3c86f0ac91a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ba:69:1e:c4:1e:0b:ca:91:60:d2:15:b3:a6:
                    0f:29:95:e9:fd:44:53:f6:40:0a:17:f1:d5:97:b6:
                    13:cb:16:e4:cc:57:c5:e9:6f:a3:d0:69:81:6a:8a:
                    45:4d:6d:f8:69:77:8c:ae:9c:e9:21:a8:a8:94:b9:
                    ae:49:37:39:05:88:94:fa:53:ca:63:db:2f:b2:39:
                    98:68:de:66:9c:d7:ba:87:8f:39:e8:f2:ea:04:8d:
                    6b:2d:ca:ab:84:3e:f7:fc:a1:ba:c8:64:0b:7b:09:
                    76:c9:a1:2b:b5:ab:f0:2e:48:d6:9e:20:7a:ab:31:
                    91:4b:79:73:de:56:3c:51:da:7c:57:dc:b8:27:9c:
                    c7:56:a8:b1:17:68:66:47:60:ef:e2:38:a0:0f:90:
                    c3:e5:0e:21:14:dc:55:97:6e:47:df:25:b8:1e:be:
                    bf:8a:e6:cb:9f:59:04:bc:62:42:22:e3:56:c8:13:
                    8c:23:6f:c3:24:8a:ac:10:bf:fb:22:22:06:c1:6b:
                    53:50:08:31:66:1c:52:5d:52:c0:cc:da:eb:11:9d:
                    85:e1:ba:fd:ce:78:af:3b:c8:86:9a:10:9a:56:c6:
                    d5:b7:5f:f3:fe:8b:63:8a:e5:2f:a8:1a:8f:03:c7:
                    e1:a7:82:de:6d:a0:d1:da:be:7b:49:ea:27:21:c1:
                    e2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:BE:DC:92:00:67:C8:58:CD:C8:4A:FF:CF:E3:F3:C8:6F:0A:C9:1A
            X509v3 Authority Key Identifier:
                keyid:EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/x77ckgBnyFjNyEr_z-PzyG8KyRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:24:50:3c:a9:c2:1d:21:b0:f5:77:07:1f:f7:42:ad:61:5b:
         10:46:82:6e:8f:0d:e4:a6:08:eb:08:3a:be:20:53:99:76:b2:
         bf:81:f5:b9:cd:3f:e7:9a:9e:ca:5e:cb:f0:1c:84:c0:79:30:
         71:f6:41:fe:1b:fc:60:a7:cd:3f:89:96:fb:7e:4c:df:bb:dd:
         2a:49:8a:76:3a:16:52:53:7a:8f:5d:63:b5:98:24:22:c3:b1:
         57:2a:f6:b7:8f:7e:50:d3:73:7d:40:b5:32:e5:65:c0:6f:cb:
         57:1e:a1:d5:de:bd:17:51:aa:38:f1:47:5a:b5:02:3a:d8:30:
         f0:97:83:84:34:9a:de:60:b6:06:19:9d:fc:4e:12:af:b5:f5:
         37:c2:29:5d:06:64:71:b6:4b:ed:92:7f:fa:d1:e9:a5:6d:56:
         87:5e:76:67:f3:43:7e:0c:fa:ba:f8:44:26:72:9a:39:be:56:
         5d:52:d3:ff:29:8a:3e:79:4f:e3:58:bb:32:0e:57:55:d3:5b:
         67:50:e3:ce:73:e1:4f:ec:35:79:aa:33:0f:bb:8f:02:0d:ea:
         27:04:60:30:dd:f3:a4:f3:71:6b:c1:63:43:ae:83:34:fd:3a:
         72:5f:92:0a:c1:42:f4:1a:f1:b7:6b:c3:62:8d:01:3f:e4:73:
         83:a4:00:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0a0X291jVU8EO7sBr2HQx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWM2ODVjZjY2NzFjYzY1NmY5MmU3NjQ1NTdhMzgzNzhm
MjgyN2MwHhcNMjYwMzIzMTMxMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2JlZGM5MjAwNjdjODU4Y2RjODRhZmZjZmUzZjNjODZmMGFjOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbppHsQeC8qRYNIVs6YPKZXp/URT
9kAKF/HVl7YTyxbkzFfF6W+j0GmBaopFTW34aXeMrpzpIaiolLmuSTc5BYiU+lPK
Y9svsjmYaN5mnNe6h4856PLqBI1rLcqrhD73/KG6yGQLewl2yaErtavwLkjWniB6
qzGRS3lz3lY8Udp8V9y4J5zHVqixF2hmR2Dv4jigD5DD5Q4hFNxVl25H3yW4Hr6/
iubLn1kEvGJCIuNWyBOMI2/DJIqsEL/7IiIGwWtTUAgxZhxSXVLAzNrrEZ2F4br9
znivO8iGmhCaVsbVt1/z/otjiuUvqBqPA8fhp4LebaDR2r57SeonIcHihQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMe+3JIAZ8hYzchK/8/j88hvCskaMB8GA1UdIwQY
MBaAFOycaFz2ZxzGVvkudkVXo4N48oJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUt
YmFiNDhkYWI0Y2Q2LzEveDc3Y2tnQm55RmpOeUVyX3otUHp5RzhLeVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUtYmFiNDhkYWI0Y2Q2
LzEvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HIoMA0G
CSqGSIb3DQEBCwUAA4IBAQC2JFA8qcIdIbD1dwcf90KtYVsQRoJujw3kpgjrCDq+
IFOZdrK/gfW5zT/nmp7KXsvwHITAeTBx9kH+G/xgp80/iZb7fkzfu90qSYp2OhZS
U3qPXWO1mCQiw7FXKva3j35Q03N9QLUy5WXAb8tXHqHV3r0XUao48UdatQI62DDw
l4OENJreYLYGGZ38ThKvtfU3wildBmRxtkvtkn/60emlbVaHXnZn80N+DPq6+EQm
cpo5vlZdUtP/KYo+eU/jWLsyDldV01tnUOPOc+FP7DV5qjMPu48CDeonBGAw3fOk
83FrwWNDroM0/TpyX5IKwUL0GvG3a8NijQE/5HODpAAy
-----END CERTIFICATE-----