Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/WxLhQW-BYYj1MCIdzCtRB1evZGI.roa
File:                     WxLhQW-BYYj1MCIdzCtRB1evZGI.roa (raw, json)
Hash identifier:          487fbb0witkUDry4Pl1JzYBOvcJK9C5a1Rd+loszMwM=
Subject key identifier:   5B:12:E1:41:6F:81:61:88:F5:30:22:1D:CC:2B:51:07:57:AF:64:62
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019C50E02678448931A36A39B575E146510C
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/WxLhQW-BYYj1MCIdzCtRB1evZGI.roa
Signing time:             Thu 12 Feb 2026 08:03:13 +0000
ROA not before:           Thu 12 Feb 2026 08:03:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135402
IP address blocks:        212.100.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:50:e0:26:78:44:89:31:a3:6a:39:b5:75:e1:46:51:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Feb 12 08:03:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b12e1416f816188f530221dcc2b510757af6462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:da:f4:a9:e7:e6:b1:e3:a8:a5:e6:b9:b7:e0:
                    65:e3:bd:e5:e6:50:fb:d6:55:ba:23:cd:9a:f8:4b:
                    77:b5:79:01:41:ff:00:86:f2:df:49:5c:4b:55:13:
                    10:23:72:60:d4:c1:11:bc:a8:9f:f6:01:96:fe:8e:
                    97:ff:c2:20:d2:a0:af:de:b0:aa:3b:13:f4:7f:3b:
                    83:ff:53:6f:b5:2a:56:2e:a4:67:19:16:f7:a2:18:
                    67:0d:a3:f8:2b:3f:d5:f2:ec:37:60:17:8a:fd:74:
                    94:38:98:7e:de:1a:22:17:6e:1f:d8:9b:60:14:3e:
                    b6:24:eb:a3:ab:ed:0b:e1:5a:e8:6b:12:80:d2:19:
                    7a:cd:ce:1e:e2:b5:66:47:c6:67:75:94:62:82:08:
                    ee:82:fa:0b:13:53:f5:d1:31:e6:8d:15:d6:30:35:
                    f4:ad:47:4b:9a:31:41:02:8c:63:00:48:15:58:91:
                    9f:1f:f6:eb:a7:03:78:d3:84:63:a3:52:fd:a9:70:
                    da:a4:95:db:3f:b6:0d:6c:fd:76:1f:c6:f4:ef:40:
                    05:9c:cd:d7:a2:54:e0:31:93:63:1c:30:ff:b4:5a:
                    24:44:8e:8e:1f:02:e3:9f:23:8b:de:e8:f4:44:04:
                    8f:bd:d1:62:40:cd:a3:30:5e:11:c7:54:57:2a:62:
                    a3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:12:E1:41:6F:81:61:88:F5:30:22:1D:CC:2B:51:07:57:AF:64:62
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/WxLhQW-BYYj1MCIdzCtRB1evZGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:29:cd:ad:8b:2f:95:a9:64:73:6a:cb:73:69:0a:90:f3:e7:
         8a:8f:9d:df:3a:32:f4:7d:0d:e9:45:c2:80:a3:2b:39:06:ee:
         51:73:10:c1:81:84:96:9d:40:a6:9e:fd:e6:db:4f:fe:8f:e4:
         1f:e0:c3:d1:99:af:67:75:cf:c2:a9:9a:cf:ba:81:62:b5:44:
         fa:f4:23:50:9e:ab:92:1d:57:9c:89:02:fb:dd:09:53:f8:c1:
         a0:9c:59:d7:5e:6e:78:ea:ed:c8:1d:c3:5e:25:c8:78:83:8a:
         0c:80:f0:bd:c2:3c:2c:3a:4a:90:d2:7c:d2:00:35:d1:2b:b4:
         9a:00:cb:02:a0:c2:8d:62:05:c1:de:0d:77:ba:dd:2d:8d:7a:
         4a:bb:33:41:ae:64:0d:26:ec:83:57:72:32:8b:2f:d0:f5:fa:
         ed:42:41:e3:08:1a:52:7d:bb:5a:3d:b2:ce:2d:70:1a:d3:91:
         41:53:2a:0c:46:d1:f6:8a:b0:0d:f1:30:2c:2c:45:a7:3e:9e:
         11:d8:4c:c1:9e:89:e6:21:2c:99:40:36:63:bc:3a:b3:ba:0f:
         74:28:9d:85:ea:5e:43:ba:59:74:20:0e:c2:ae:2c:46:38:43:
         3f:33:26:d7:01:8d:f1:10:73:97:16:56:1b:92:28:ae:f1:4b:
         2c:7d:d7:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxQ4CZ4RIkxo2o5tXXhRlEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwMjEyMDgwMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjEyZTE0MTZmODE2MTg4ZjUzMDIyMWRjYzJiNTEwNzU3YWY2NDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5dr0qefmseOopea5t+Bl473l5lD7
1lW6I82a+Et3tXkBQf8AhvLfSVxLVRMQI3Jg1MERvKif9gGW/o6X/8Ig0qCv3rCq
OxP0fzuD/1NvtSpWLqRnGRb3ohhnDaP4Kz/V8uw3YBeK/XSUOJh+3hoiF24f2Jtg
FD62JOujq+0L4VroaxKA0hl6zc4e4rVmR8ZndZRiggjugvoLE1P10THmjRXWMDX0
rUdLmjFBAoxjAEgVWJGfH/brpwN404Rjo1L9qXDapJXbP7YNbP12H8b070AFnM3X
olTgMZNjHDD/tFokRI6OHwLjnyOL3uj0RASPvdFiQM2jMF4Rx1RXKmKjpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsS4UFvgWGI9TAiHcwrUQdXr2RiMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvV3hMaFFXLUJZWWoxTUNJZHpDdFJCMWV2WkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GS7MA0G
CSqGSIb3DQEBCwUAA4IBAQBVKc2tiy+VqWRzastzaQqQ8+eKj53fOjL0fQ3pRcKA
oys5Bu5RcxDBgYSWnUCmnv3m20/+j+Qf4MPRma9ndc/CqZrPuoFitUT69CNQnquS
HVeciQL73QlT+MGgnFnXXm546u3IHcNeJch4g4oMgPC9wjwsOkqQ0nzSADXRK7Sa
AMsCoMKNYgXB3g13ut0tjXpKuzNBrmQNJuyDV3Iyiy/Q9frtQkHjCBpSfbtaPbLO
LXAa05FBUyoMRtH2irAN8TAsLEWnPp4R2EzBnonmISyZQDZjvDqzug90KJ2F6l5D
ull0IA7CrixGOEM/MybXAY3xEHOXFlYbkiiu8UssfdcD
-----END CERTIFICATE-----