Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/ut1Nne2Ba8bGtR5mH0w_QwSlHBM.roa
File:                     ut1Nne2Ba8bGtR5mH0w_QwSlHBM.roa (raw, json)
Hash identifier:          Gg65/fwVBhVjNJ4bzyekp0p5ExsVV0g06NZ8shu9LeI=
Subject key identifier:   BA:DD:4D:9D:ED:81:6B:C6:C6:B5:1E:66:1F:4C:3F:43:04:A5:1C:13
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019E594029A7887A43584CF80A8C3F1212B9
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/ut1Nne2Ba8bGtR5mH0w_QwSlHBM.roa
Signing time:             Sun 24 May 2026 09:10:37 +0000
ROA not before:           Sun 24 May 2026 09:10:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        212.100.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:59:40:29:a7:88:7a:43:58:4c:f8:0a:8c:3f:12:12:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: May 24 09:10:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=badd4d9ded816bc6c6b51e661f4c3f4304a51c13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:79:19:6e:fd:a3:8c:66:df:26:4d:42:c7:e5:
                    17:75:85:92:20:e9:1a:2d:6f:4c:f4:71:11:7d:b8:
                    6d:26:aa:39:ff:c1:f0:81:9b:39:e7:22:12:30:4b:
                    e5:89:e4:1a:36:93:ab:5a:3f:55:34:ba:ca:77:ef:
                    f5:19:07:e3:cb:3a:db:29:1b:75:7e:d5:ab:51:66:
                    9f:1e:fb:dc:be:54:5b:4c:e3:5f:84:47:c9:32:23:
                    fa:c3:ec:d8:18:3f:17:cc:0f:f3:89:97:09:57:0b:
                    9d:89:c8:87:bd:a3:a3:5d:89:7d:7f:91:34:c3:7e:
                    1b:4b:8f:08:32:9f:ee:34:36:d2:d6:67:74:83:18:
                    33:25:07:45:4c:36:58:bb:c0:8c:1e:6c:3b:b8:1f:
                    63:e9:c0:97:b7:45:4f:a0:b6:ea:a7:a8:1c:d5:b1:
                    4d:e9:6b:d5:b9:0b:e4:86:73:19:15:f7:9a:b3:85:
                    a2:8c:c1:dd:8e:e3:ac:70:d1:51:12:3e:f5:76:c7:
                    17:4b:a2:2b:36:39:ae:b4:54:eb:f2:32:99:bf:9c:
                    c6:4b:a9:21:41:76:89:b2:dd:71:17:cb:a7:a5:e7:
                    5b:f7:09:7a:fb:18:6b:e7:cd:b2:f2:c6:d2:1e:63:
                    b9:3a:c1:04:1c:95:d0:4e:23:e7:5c:ce:d2:20:39:
                    e1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:DD:4D:9D:ED:81:6B:C6:C6:B5:1E:66:1F:4C:3F:43:04:A5:1C:13
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/ut1Nne2Ba8bGtR5mH0w_QwSlHBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:d9:15:fd:d4:f3:d8:80:36:fb:12:03:50:eb:7e:14:b4:4f:
         32:16:ea:27:2a:32:07:7b:07:e2:30:e1:e4:d7:cf:2e:92:3c:
         4f:62:14:4a:ca:62:05:50:6d:85:b8:b5:67:c1:a9:ac:45:73:
         72:7a:ec:ec:ca:2f:ea:78:24:ab:87:c5:72:3c:44:b2:39:28:
         96:c0:4a:a6:81:02:7a:7e:13:fe:6f:47:eb:e1:4c:b6:ab:92:
         b1:e5:32:52:02:17:99:25:86:f7:26:fb:33:c0:96:42:5a:03:
         36:ef:68:3e:97:31:bc:ab:5b:e7:76:aa:47:6f:65:fe:b7:8a:
         61:b8:30:cb:bd:db:65:40:d8:c0:0e:8c:d3:26:8d:af:cd:f0:
         d7:7a:32:81:60:9d:26:6f:7e:ed:77:3b:7e:fe:6b:53:d4:39:
         54:d4:28:2a:a8:43:ee:f9:3b:9e:13:7b:22:cd:a7:57:92:fa:
         22:fd:29:85:c7:ae:0c:d2:8c:91:57:50:45:16:50:ff:c4:9c:
         67:12:a0:87:25:7c:6e:26:ea:97:56:29:ac:7a:b8:df:26:89:
         d6:71:5e:13:11:c0:3d:e6:2d:09:30:bf:38:82:df:bb:ed:e9:
         15:72:36:e4:20:f0:53:f6:03:ad:53:ac:0a:99:37:f0:3d:a7:
         8c:87:a3:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5ZQCmniHpDWEz4Cow/EhK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwNTI0MDkxMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWRkNGQ5ZGVkODE2YmM2YzZiNTFlNjYxZjRjM2Y0MzA0YTUxYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3kZbv2jjGbfJk1Cx+UXdYWSIOka
LW9M9HERfbhtJqo5/8HwgZs55yISMEvlieQaNpOrWj9VNLrKd+/1GQfjyzrbKRt1
ftWrUWafHvvcvlRbTONfhEfJMiP6w+zYGD8XzA/ziZcJVwudiciHvaOjXYl9f5E0
w34bS48IMp/uNDbS1md0gxgzJQdFTDZYu8CMHmw7uB9j6cCXt0VPoLbqp6gc1bFN
6WvVuQvkhnMZFfeas4WijMHdjuOscNFREj71dscXS6IrNjmutFTr8jKZv5zGS6kh
QXaJst1xF8unpedb9wl6+xhr582y8sbSHmO5OsEEHJXQTiPnXM7SIDnhgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrdTZ3tgWvGxrUeZh9MP0MEpRwTMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvdXQxTm5lMkJhOGJHdFI1bUgwd19Rd1NsSEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSxMA0G
CSqGSIb3DQEBCwUAA4IBAQBw2RX91PPYgDb7EgNQ634UtE8yFuonKjIHewfiMOHk
188ukjxPYhRKymIFUG2FuLVnwamsRXNyeuzsyi/qeCSrh8VyPESyOSiWwEqmgQJ6
fhP+b0fr4Uy2q5Kx5TJSAheZJYb3JvszwJZCWgM272g+lzG8q1vndqpHb2X+t4ph
uDDLvdtlQNjADozTJo2vzfDXejKBYJ0mb37tdzt+/mtT1DlU1CgqqEPu+TueE3si
zadXkvoi/SmFx64M0oyRV1BFFlD/xJxnEqCHJXxuJuqXVimserjfJonWcV4TEcA9
5i0JML84gt+77ekVcjbkIPBT9gOtU6wKmTfwPaeMh6OL
-----END CERTIFICATE-----