Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/IEG3qR5A3x1AF6HlnrGqjnrXWpc.roa
File:                     IEG3qR5A3x1AF6HlnrGqjnrXWpc.roa (raw, json)
Hash identifier:          L2xw7M5JHYy1V2IZmTZ698Ee51UugmeMJkIQZ3GRopQ=
Subject key identifier:   20:41:B7:A9:1E:40:DF:1D:40:17:A1:E5:9E:B1:AA:8E:7A:D7:5A:97
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       0199D573774FFAF6A3662D4DBD4F8F9114ED
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/IEG3qR5A3x1AF6HlnrGqjnrXWpc.roa
Signing time:             Sat 11 Oct 2025 22:45:38 +0000
ROA not before:           Sat 11 Oct 2025 22:45:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        212.100.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d5:73:77:4f:fa:f6:a3:66:2d:4d:bd:4f:8f:91:14:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Oct 11 22:45:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2041b7a91e40df1d4017a1e59eb1aa8e7ad75a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a4:a1:d5:7b:14:2e:f3:6e:2f:79:2e:79:9d:
                    f2:49:4b:db:b8:65:b0:08:3c:a0:e5:1d:aa:db:44:
                    b7:03:de:34:88:c5:5b:6f:e6:98:a8:c7:69:ee:66:
                    c9:67:36:a5:6e:dc:87:14:82:27:0b:c4:df:06:4c:
                    08:fc:a1:c7:0f:0f:b0:13:c9:60:99:1e:79:74:cc:
                    f7:f5:5c:df:0e:22:43:cc:09:81:65:20:f5:16:21:
                    47:8b:fd:3d:b9:5d:85:34:1f:0c:15:25:2b:7e:92:
                    31:73:7d:7b:96:f3:1e:16:6d:39:a9:2a:b3:52:42:
                    b1:1d:c9:a5:18:87:8d:38:60:37:88:8a:0e:71:c2:
                    2c:da:ce:af:37:23:50:74:91:c8:fa:dd:8f:9b:02:
                    16:bb:ef:e1:b2:33:c2:ce:ca:49:e1:c9:66:48:58:
                    db:22:b1:c5:76:ad:39:83:e3:c9:c2:21:80:87:3d:
                    c2:14:14:6c:20:71:1e:93:75:a0:8d:71:f6:7e:0d:
                    ae:95:3d:db:2d:57:67:68:27:6b:b2:27:31:5e:7d:
                    33:8d:8c:cb:8f:c7:9f:c2:1e:b7:58:62:94:92:e4:
                    b8:28:28:ad:64:dd:37:8f:3f:c6:12:5a:ae:07:53:
                    11:56:91:a3:41:87:d7:cf:4a:dd:89:07:9b:c8:6d:
                    e8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:41:B7:A9:1E:40:DF:1D:40:17:A1:E5:9E:B1:AA:8E:7A:D7:5A:97
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/IEG3qR5A3x1AF6HlnrGqjnrXWpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:47:b7:42:c0:62:a5:59:43:73:eb:6d:c0:df:7e:c3:5c:74:
         e0:57:dc:3a:36:01:5a:3a:6c:90:5e:e6:71:34:3a:0b:11:f0:
         24:f8:3f:4c:f3:5a:06:75:97:74:40:33:20:83:f6:d6:cd:f1:
         37:7c:45:fa:b1:61:d0:f5:2b:fc:3e:5c:dd:df:7c:42:cb:5f:
         c2:cf:22:cf:8e:63:61:4e:42:e3:df:86:7c:f7:19:91:bd:a0:
         36:b1:55:30:a3:c4:22:62:59:f4:a5:ac:15:91:2e:78:ea:be:
         5c:c6:9b:43:f6:4f:e2:96:53:2c:7b:95:e2:ab:25:e0:9d:63:
         5e:8e:9b:e6:4b:cb:e6:28:95:74:ac:39:7f:b0:e3:7d:e0:d0:
         72:53:01:7f:8d:25:94:09:0c:78:64:2f:8d:2e:57:7c:34:64:
         69:f4:6a:aa:ff:1c:df:64:cd:2a:d0:86:49:69:dd:37:32:e7:
         dc:db:5b:e4:a5:00:fc:ae:ac:81:a4:09:c6:33:d9:3f:2b:09:
         07:51:fd:d4:57:d4:87:7b:8e:37:ee:47:9e:e6:d1:a3:c6:ee:
         f8:db:a2:1f:72:d2:d2:2c:70:cc:95:89:64:d9:a2:ee:11:f2:
         3d:42:a4:5a:f0:47:b2:31:30:15:f6:38:e7:7d:38:43:7b:0d:
         eb:ca:2f:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnVc3dP+vajZi1NvU+PkRTtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUxMDExMjI0NTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQxYjdhOTFlNDBkZjFkNDAxN2ExZTU5ZWIxYWE4ZTdhZDc1YTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqSh1XsULvNuL3kueZ3ySUvbuGWw
CDyg5R2q20S3A940iMVbb+aYqMdp7mbJZzalbtyHFIInC8TfBkwI/KHHDw+wE8lg
mR55dMz39VzfDiJDzAmBZSD1FiFHi/09uV2FNB8MFSUrfpIxc317lvMeFm05qSqz
UkKxHcmlGIeNOGA3iIoOccIs2s6vNyNQdJHI+t2PmwIWu+/hsjPCzspJ4clmSFjb
IrHFdq05g+PJwiGAhz3CFBRsIHEek3WgjXH2fg2ulT3bLVdnaCdrsicxXn0zjYzL
j8efwh63WGKUkuS4KCitZN03jz/GElquB1MRVpGjQYfXz0rdiQebyG3onwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBBt6keQN8dQBeh5Z6xqo5611qXMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvSUVHM3FSNUEzeDFBRjZIbG5yR3FqbnJYV3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSvMA0G
CSqGSIb3DQEBCwUAA4IBAQAIR7dCwGKlWUNz623A337DXHTgV9w6NgFaOmyQXuZx
NDoLEfAk+D9M81oGdZd0QDMgg/bWzfE3fEX6sWHQ9Sv8Plzd33xCy1/CzyLPjmNh
TkLj34Z89xmRvaA2sVUwo8QiYln0pawVkS546r5cxptD9k/illMse5XiqyXgnWNe
jpvmS8vmKJV0rDl/sON94NByUwF/jSWUCQx4ZC+NLld8NGRp9Gqq/xzfZM0q0IZJ
ad03Mufc21vkpQD8rqyBpAnGM9k/KwkHUf3UV9SHe4437kee5tGjxu7426IfctLS
LHDMlYlk2aLuEfI9QqRa8EeyMTAV9jjnfThDew3ryi9c
-----END CERTIFICATE-----