Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/wQuW_pYlQhUlhxpMGjvGhk-E3Rs.roa
File:                     wQuW_pYlQhUlhxpMGjvGhk-E3Rs.roa (raw, json)
Hash identifier:          ETbmRHmUC7VEMkNQEHJOn+HgWBa12TwulXvbhp08CPQ=
Subject key identifier:   C1:0B:96:FE:96:25:42:15:25:87:1A:4C:1A:3B:C6:86:4F:84:DD:1B
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019D286B602BFCD15B7FD43ACCECE2F8A612
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/wQuW_pYlQhUlhxpMGjvGhk-E3Rs.roa
Signing time:             Thu 26 Mar 2026 04:33:38 +0000
ROA not before:           Thu 26 Mar 2026 04:33:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        212.100.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 04:33:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:28:6b:60:2b:fc:d1:5b:7f:d4:3a:cc:ec:e2:f8:a6:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Mar 26 04:33:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c10b96fe9625421525871a4c1a3bc6864f84dd1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d5:4d:b3:66:20:7a:b3:9d:83:05:26:84:55:
                    de:5d:c9:68:1f:eb:f8:c3:69:4e:c2:4e:b7:17:6d:
                    96:79:89:32:0a:fd:ae:e7:44:d7:7e:f2:9e:b2:77:
                    bd:b0:94:6e:47:23:c8:6f:cb:a4:d6:1d:88:21:fe:
                    93:a3:ca:d7:70:39:70:44:60:af:30:9f:ad:39:8d:
                    9b:38:66:7f:97:42:d2:f4:db:8d:b4:cd:97:ce:d3:
                    3f:dc:05:9b:fc:f7:d0:fd:55:1e:0e:20:a0:07:54:
                    ea:57:9b:8c:51:ef:1e:9e:fb:a1:b9:3e:22:c9:ea:
                    40:61:2b:bb:bd:93:26:87:00:1e:9e:09:4d:31:ea:
                    55:8e:2b:38:d7:3c:4e:eb:b0:1c:30:04:71:89:1b:
                    b9:df:00:21:fc:ec:60:67:b9:dd:68:e6:86:5a:69:
                    b8:c1:b7:1d:c9:61:8a:e6:4b:4c:7d:84:90:0d:f3:
                    74:36:07:01:7d:57:8c:c9:4c:ca:ff:b2:9f:9a:ac:
                    05:85:66:e8:53:5e:ba:62:27:ab:65:c7:f7:8c:df:
                    c4:19:9a:0c:76:6d:74:43:00:ae:67:9b:b4:2d:39:
                    23:86:cb:67:89:23:f1:74:c3:1a:d3:78:56:3f:df:
                    bd:02:e5:62:b0:3a:6e:55:25:a7:24:9d:9f:ca:c8:
                    8d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:0B:96:FE:96:25:42:15:25:87:1A:4C:1A:3B:C6:86:4F:84:DD:1B
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/wQuW_pYlQhUlhxpMGjvGhk-E3Rs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:be:ca:bf:4b:6c:6a:bb:c4:7b:71:03:1d:ed:84:fa:84:df:
         b5:0e:bc:4c:54:82:63:91:14:b4:52:ed:5c:7a:5a:93:10:84:
         94:99:65:87:49:1b:67:90:99:d3:99:2d:9f:89:b4:1a:b4:d5:
         a7:db:11:e1:d4:57:0c:8b:3d:e5:7e:90:d2:1b:13:b5:5e:ef:
         27:00:ed:99:68:e6:1d:fe:9d:72:86:7c:45:53:f3:d4:fb:28:
         c1:45:51:a6:5b:5c:0b:76:39:49:a1:3c:94:05:78:4a:ed:91:
         37:9d:4a:c6:80:38:0d:78:14:1b:3e:41:75:9b:34:09:3c:8b:
         8d:8b:03:61:3c:e4:d4:c9:d3:75:43:72:1b:65:68:1b:c1:06:
         f6:fc:bf:43:00:9f:40:78:96:18:1f:ed:f9:f7:5b:c7:6a:12:
         0a:bc:cf:2e:1f:18:a9:4b:71:aa:1f:83:8c:53:3d:78:ca:61:
         7a:c1:69:cf:3c:e1:e9:71:64:28:f2:31:4b:4d:b7:b1:fb:8a:
         60:d3:ba:a9:43:a5:9f:4b:93:76:57:66:f6:bf:04:cf:ca:50:
         5d:d9:c9:b2:bc:70:c2:4b:cf:26:7d:a5:f5:b8:62:1b:a6:05:
         e9:37:9f:f4:7c:1e:e0:08:c5:0d:bf:22:35:d7:57:de:a9:cf:
         4f:03:ab:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0oa2Ar/NFbf9Q6zOzi+KYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwMzI2MDQzMzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTBiOTZmZTk2MjU0MjE1MjU4NzFhNGMxYTNiYzY4NjRmODRkZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodVNs2YgerOdgwUmhFXeXcloH+v4
w2lOwk63F22WeYkyCv2u50TXfvKesne9sJRuRyPIb8uk1h2IIf6To8rXcDlwRGCv
MJ+tOY2bOGZ/l0LS9NuNtM2XztM/3AWb/PfQ/VUeDiCgB1TqV5uMUe8envuhuT4i
yepAYSu7vZMmhwAenglNMepVjis41zxO67AcMARxiRu53wAh/OxgZ7ndaOaGWmm4
wbcdyWGK5ktMfYSQDfN0NgcBfVeMyUzK/7KfmqwFhWboU166YierZcf3jN/EGZoM
dm10QwCuZ5u0LTkjhstniSPxdMMa03hWP9+9AuVisDpuVSWnJJ2fysiNnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMELlv6WJUIVJYcaTBo7xoZPhN0bMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvd1F1V19wWWxRaFVsaHhwTUdqdkdoay1FM1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSnMA0G
CSqGSIb3DQEBCwUAA4IBAQB9vsq/S2xqu8R7cQMd7YT6hN+1DrxMVIJjkRS0Uu1c
elqTEISUmWWHSRtnkJnTmS2fibQatNWn2xHh1FcMiz3lfpDSGxO1Xu8nAO2ZaOYd
/p1yhnxFU/PU+yjBRVGmW1wLdjlJoTyUBXhK7ZE3nUrGgDgNeBQbPkF1mzQJPIuN
iwNhPOTUydN1Q3IbZWgbwQb2/L9DAJ9AeJYYH+3591vHahIKvM8uHxipS3GqH4OM
Uz14ymF6wWnPPOHpcWQo8jFLTbex+4pg07qpQ6WfS5N2V2b2vwTPylBd2cmyvHDC
S88mfaX1uGIbpgXpN5/0fB7gCMUNvyI111feqc9PA6sP
-----END CERTIFICATE-----