Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CY9QZGv8RdAlH3TZ0YgLqD70W2g.roa
File:                     CY9QZGv8RdAlH3TZ0YgLqD70W2g.roa (raw, json)
Hash identifier:          gLAWNkCjgSVifcDMyz9RhGXO8TdI4H9UhLus4YwxzH4=
Subject key identifier:   09:8F:50:64:6B:FC:45:D0:25:1F:74:D9:D1:88:0B:A8:3E:F4:5B:68
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D4E5DD8288AA434179F0DA45B1C198E26
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CY9QZGv8RdAlH3TZ0YgLqD70W2g.roa
Signing time:             Thu 02 Apr 2026 13:24:26 +0000
ROA not before:           Thu 02 Apr 2026 13:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214915
IP address blocks:        163.5.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4e:5d:d8:28:8a:a4:34:17:9f:0d:a4:5b:1c:19:8e:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr  2 13:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=098f50646bfc45d0251f74d9d1880ba83ef45b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:45:ba:82:94:ff:b2:8a:8f:8d:b1:f7:0c:40:
                    bb:c3:3a:f6:b7:74:32:1b:2c:fa:6d:90:45:da:d4:
                    c1:3a:a3:de:af:71:22:87:94:57:c1:ff:9d:08:ec:
                    74:93:b5:12:30:f6:c4:96:29:9b:48:83:77:3a:30:
                    e7:b7:97:8d:33:86:66:21:79:b1:c6:78:eb:df:cd:
                    5f:b9:89:4e:82:08:0a:f7:72:bb:ce:66:c9:ab:b8:
                    b7:77:19:05:8f:8b:93:fb:35:3f:dd:66:f0:03:55:
                    f4:0a:c1:47:de:0d:4f:88:4a:e3:2e:87:a5:e8:3a:
                    86:6b:bd:ff:b0:11:a5:9d:e4:c4:cc:57:c9:cd:91:
                    b4:f8:1d:a4:92:85:38:d9:c4:53:37:8b:11:bf:d7:
                    3e:1d:72:42:05:d1:7d:69:17:e0:1c:7b:fb:d1:2f:
                    8d:cd:2a:5d:6d:44:b3:fe:47:83:98:6c:1a:45:a7:
                    22:de:ea:66:25:ff:42:c5:eb:d9:9e:45:a0:25:c3:
                    f7:ec:33:54:7d:81:93:67:31:52:05:67:4f:17:c2:
                    30:3b:be:e2:98:98:67:13:44:fc:59:20:98:bd:ec:
                    b5:10:cc:a1:7a:b8:fa:be:88:e3:59:5c:03:8c:e7:
                    2d:af:12:b0:62:d5:df:41:45:44:1e:e7:74:16:94:
                    ad:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:8F:50:64:6B:FC:45:D0:25:1F:74:D9:D1:88:0B:A8:3E:F4:5B:68
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CY9QZGv8RdAlH3TZ0YgLqD70W2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:2f:70:09:1a:74:8e:01:0d:88:ab:1d:e1:28:0a:79:c1:e6:
         08:88:cc:cf:56:fb:8a:0b:6f:14:53:57:e5:99:60:22:0a:67:
         a8:85:42:c5:17:28:26:3a:7a:a7:9e:21:87:99:1a:14:45:04:
         72:ac:12:69:88:7e:95:dc:52:ed:15:33:b9:43:a4:9b:47:5d:
         b0:b8:c8:4f:4b:8b:dd:6f:35:61:46:41:7b:46:3f:b3:0e:77:
         03:e0:dd:18:9c:1e:0b:9b:9b:7f:2e:82:21:11:61:52:58:57:
         4d:2e:87:e1:f8:bf:25:86:48:3f:96:e8:95:06:8f:21:0f:ce:
         c4:89:24:aa:20:ef:95:c3:47:a8:e2:e5:c2:41:8c:67:1e:ea:
         2f:1e:5e:1d:27:6c:ec:54:21:48:02:68:a2:10:c9:a6:0a:11:
         ad:3c:3f:43:55:d4:8a:20:2f:28:d4:08:6f:9a:f9:dd:11:dd:
         1a:51:50:6e:c8:25:c8:5e:bf:3f:4a:98:6b:14:08:5e:97:a9:
         73:3b:7c:a7:2d:ed:27:22:95:cf:7e:21:2b:33:aa:31:3d:f6:
         d8:13:1a:4b:5c:8c:2b:e4:4a:c4:18:c2:c1:69:63:ea:d5:b2:
         08:c6:c6:b4:7a:97:90:2c:9f:87:02:49:34:12:28:1a:84:33:
         1e:bb:5a:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1OXdgoiqQ0F58NpFscGY4mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDAyMTMyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOThmNTA2NDZiZmM0NWQwMjUxZjc0ZDlkMTg4MGJhODNlZjQ1YjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0W6gpT/soqPjbH3DEC7wzr2t3Qy
Gyz6bZBF2tTBOqPer3Eih5RXwf+dCOx0k7USMPbElimbSIN3OjDnt5eNM4ZmIXmx
xnjr381fuYlOgggK93K7zmbJq7i3dxkFj4uT+zU/3WbwA1X0CsFH3g1PiErjLoel
6DqGa73/sBGlneTEzFfJzZG0+B2kkoU42cRTN4sRv9c+HXJCBdF9aRfgHHv70S+N
zSpdbUSz/keDmGwaRaci3upmJf9CxevZnkWgJcP37DNUfYGTZzFSBWdPF8IwO77i
mJhnE0T8WSCYvey1EMyherj6vojjWVwDjOctrxKwYtXfQUVEHud0FpStdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmPUGRr/EXQJR902dGIC6g+9FtoMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQ1k5UVpHdjhSZEFsSDNUWjBZZ0xxRDcwVzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXtMA0G
CSqGSIb3DQEBCwUAA4IBAQAlL3AJGnSOAQ2Iqx3hKAp5weYIiMzPVvuKC28UU1fl
mWAiCmeohULFFygmOnqnniGHmRoURQRyrBJpiH6V3FLtFTO5Q6SbR12wuMhPS4vd
bzVhRkF7Rj+zDncD4N0YnB4Lm5t/LoIhEWFSWFdNLofh+L8lhkg/luiVBo8hD87E
iSSqIO+Vw0eo4uXCQYxnHuovHl4dJ2zsVCFIAmiiEMmmChGtPD9DVdSKIC8o1Ahv
mvndEd0aUVBuyCXIXr8/SphrFAhel6lzO3ynLe0nIpXPfiErM6oxPfbYExpLXIwr
5ErEGMLBaWPq1bIIxsa0epeQLJ+HAkk0EigahDMeu1qR
-----END CERTIFICATE-----