Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/vQIQ0hujisLLaE0FdKyN-US-jgc.roa
File:                     vQIQ0hujisLLaE0FdKyN-US-jgc.roa (raw, json)
Hash identifier:          HcBf/lSh/0W+uCeeNUF1qjopHzD07ezacPSk6j+nXRw=
Subject key identifier:   BD:02:10:D2:1B:A3:8A:C2:CB:68:4D:05:74:AC:8D:F9:44:BE:8E:07
Certificate issuer:       /CN=988ce6e4ee09ef66658286451790969d7cffe9b9
Certificate serial:       019C944AF7710A727FF6442818E535E9702F
Authority key identifier: 98:8C:E6:E4:EE:09:EF:66:65:82:86:45:17:90:96:9D:7C:FF:E9:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mIzm5O4J72ZlgoZFF5CWnXz_6bk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/vQIQ0hujisLLaE0FdKyN-US-jgc.roa
Signing time:             Wed 25 Feb 2026 10:14:26 +0000
ROA not before:           Wed 25 Feb 2026 10:14:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50810
IP address blocks:        153.51.0.0/19 maxlen: 19
                          153.51.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/mIzm5O4J72ZlgoZFF5CWnXz_6bk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/mIzm5O4J72ZlgoZFF5CWnXz_6bk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mIzm5O4J72ZlgoZFF5CWnXz_6bk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:94:4a:f7:71:0a:72:7f:f6:44:28:18:e5:35:e9:70:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=988ce6e4ee09ef66658286451790969d7cffe9b9
        Validity
            Not Before: Feb 25 10:14:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd0210d21ba38ac2cb684d0574ac8df944be8e07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9a:bd:e4:f8:a0:94:4e:71:d3:63:fd:13:87:
                    e4:bc:06:63:78:b6:27:fb:f3:a8:74:e4:b3:19:68:
                    2c:f1:12:0d:f7:6e:fa:fb:d1:61:8e:97:44:e1:d7:
                    eb:90:74:3b:e3:74:d3:c7:72:b8:60:2f:3f:df:8b:
                    bb:86:b4:fa:0b:9b:45:0a:98:4b:fb:eb:7c:d5:3a:
                    76:52:f7:89:c2:5e:40:d8:d0:75:37:a3:3e:c2:50:
                    bd:8c:db:c5:f6:2e:9e:4c:e2:5e:ce:4d:61:a9:75:
                    e7:0e:68:7d:72:f6:57:ac:6d:32:6a:7e:ea:a7:24:
                    4d:f4:bc:d4:44:8c:78:c2:68:e6:a1:82:fa:d3:96:
                    2f:fd:b9:20:d0:46:34:fe:21:08:4d:52:88:90:15:
                    a0:e4:47:ac:77:0c:15:bd:8e:26:2a:2f:9a:2c:e4:
                    32:30:cc:80:36:37:6d:15:6e:70:84:e3:56:5d:9b:
                    b4:10:5f:4a:b6:ac:64:64:40:08:61:2c:f6:89:22:
                    16:09:a9:59:1a:83:3a:dc:b9:16:dd:97:61:f8:86:
                    2b:3f:a6:c4:63:f0:cf:51:b9:9d:e4:0a:66:4b:a9:
                    69:12:a6:f8:5a:b6:28:b3:4b:97:14:20:8e:db:ef:
                    aa:3d:47:76:dc:89:7e:8c:5b:f9:19:06:61:e6:77:
                    c7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:02:10:D2:1B:A3:8A:C2:CB:68:4D:05:74:AC:8D:F9:44:BE:8E:07
            X509v3 Authority Key Identifier:
                keyid:98:8C:E6:E4:EE:09:EF:66:65:82:86:45:17:90:96:9D:7C:FF:E9:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mIzm5O4J72ZlgoZFF5CWnXz_6bk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/vQIQ0hujisLLaE0FdKyN-US-jgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/mIzm5O4J72ZlgoZFF5CWnXz_6bk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.51.0.0/19
                  153.51.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4d:9f:6e:23:cc:c4:ed:22:8f:a9:40:65:d4:d3:ad:05:94:25:
         07:ce:44:f3:7a:ff:ca:e5:8f:a3:b7:7d:62:26:30:11:83:8a:
         32:1f:ea:4e:0a:48:ff:ab:f3:3b:36:9b:06:8c:93:18:d3:47:
         80:a6:92:21:78:15:7f:a0:64:46:4f:c7:97:26:f1:fb:01:4b:
         86:6d:60:8c:47:d0:1c:1d:81:58:f2:53:3c:49:ee:22:45:a5:
         f2:d9:ab:cb:9e:d1:46:18:9c:0d:73:4c:5a:ba:c3:d9:d3:10:
         86:66:36:79:06:51:b7:ac:ed:14:28:60:ee:b5:42:8f:a1:e1:
         0e:69:de:06:3d:f6:27:67:b2:70:8c:55:c2:ee:bc:dc:a3:e8:
         3f:9a:93:93:92:cc:b8:a2:89:e4:ee:66:77:35:4a:1b:d2:30:
         8f:2b:c7:a4:2c:bc:0b:8f:ec:8e:bb:52:98:4c:6d:79:23:f9:
         69:3c:2d:b7:da:ff:04:4f:8b:cc:a8:27:c2:74:cc:f5:27:ee:
         86:12:b2:ff:1e:6a:f4:94:3e:b8:de:29:a8:92:d8:45:6d:7c:
         d6:cd:a2:9d:c5:fa:c9:0d:a2:a3:f9:86:fc:cb:41:e1:73:f4:
         ce:27:05:13:00:c3:5b:bd:d6:a7:ed:64:59:e8:7c:93:51:59:
         92:4d:45:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyUSvdxCnJ/9kQoGOU16XAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OGNlNmU0ZWUwOWVmNjY2NTgyODY0NTE3OTA5NjlkN2Nm
ZmU5YjkwHhcNMjYwMjI1MTAxNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDAyMTBkMjFiYTM4YWMyY2I2ODRkMDU3NGFjOGRmOTQ0YmU4ZTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJq95PiglE5x02P9E4fkvAZjeLYn
+/OodOSzGWgs8RIN9276+9FhjpdE4dfrkHQ743TTx3K4YC8/34u7hrT6C5tFCphL
++t81Tp2UveJwl5A2NB1N6M+wlC9jNvF9i6eTOJezk1hqXXnDmh9cvZXrG0yan7q
pyRN9LzURIx4wmjmoYL605Yv/bkg0EY0/iEITVKIkBWg5EesdwwVvY4mKi+aLOQy
MMyANjdtFW5whONWXZu0EF9KtqxkZEAIYSz2iSIWCalZGoM63LkW3Zdh+IYrP6bE
Y/DPUbmd5ApmS6lpEqb4WrYos0uXFCCO2++qPUd23Il+jFv5GQZh5nfHOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL0CENIbo4rCy2hNBXSsjflEvo4HMB8GA1UdIwQY
MBaAFJiM5uTuCe9mZYKGRReQlp18/+m5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUl6bTVPNEo3MlpsZ29aRkY1Q1duWHpfNmJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8xNTZmNDUtZGEyMy00ZTI1LWEwOGMt
MzY4N2MyZjdkODNlLzEvdlFJUTBodWppc0xMYUUwRmRLeU4tVVMtamdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8xNTZmNDUtZGEyMy00ZTI1LWEwOGMtMzY4N2MyZjdkODNl
LzEvbUl6bTVPNEo3MlpsZ29aRkY1Q1duWHpfNmJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFmTMAAwQF
mTOAMA0GCSqGSIb3DQEBCwUAA4IBAQBNn24jzMTtIo+pQGXU060FlCUHzkTzev/K
5Y+jt31iJjARg4oyH+pOCkj/q/M7NpsGjJMY00eAppIheBV/oGRGT8eXJvH7AUuG
bWCMR9AcHYFY8lM8Se4iRaXy2avLntFGGJwNc0xausPZ0xCGZjZ5BlG3rO0UKGDu
tUKPoeEOad4GPfYnZ7JwjFXC7rzco+g/mpOTksy4oonk7mZ3NUob0jCPK8ekLLwL
j+yOu1KYTG15I/lpPC232v8ET4vMqCfCdMz1J+6GErL/Hmr0lD643imokthFbXzW
zaKdxfrJDaKj+Yb8y0Hhc/TOJwUTAMNbvdan7WRZ6HyTUVmSTUWb
-----END CERTIFICATE-----