Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CymE1DQ4wWALS29oE7RMvErb21s.roa
File:                     CymE1DQ4wWALS29oE7RMvErb21s.roa (raw, json)
Hash identifier:          josLxjsm0AtewzFdEAryI6B/x5yrYHCJzPZtDisVn/c=
Subject key identifier:   0B:29:84:D4:34:38:C1:60:0B:4B:6F:68:13:B4:4C:BC:4A:DB:DB:5B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D2A882337A03F16062EA0266BD5A99189
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CymE1DQ4wWALS29oE7RMvErb21s.roa
Signing time:             Thu 26 Mar 2026 14:24:18 +0000
ROA not before:           Thu 26 Mar 2026 14:24:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214578
IP address blocks:        163.5.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:88:23:37:a0:3f:16:06:2e:a0:26:6b:d5:a9:91:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 26 14:24:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b2984d43438c1600b4b6f6813b44cbc4adbdb5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ec:03:8b:c5:5e:be:67:00:94:1f:6e:e3:cb:
                    08:da:29:f1:87:bd:bb:d4:12:1f:05:63:f9:47:dc:
                    49:05:88:4c:8c:ba:a7:76:99:0c:e9:85:fa:bc:93:
                    8f:4e:af:f5:db:03:b8:0c:ff:e5:e9:00:48:35:ca:
                    6e:ac:a6:3d:3e:2e:46:b8:94:59:51:bb:9f:45:b0:
                    3d:93:5b:9b:ef:28:b4:2c:99:46:ab:bb:02:f6:1f:
                    d3:44:9a:e9:a6:77:ef:ba:b6:cd:13:f3:0b:ae:39:
                    af:35:f2:d0:6c:64:5f:56:98:e3:b3:ec:da:33:da:
                    3f:9f:a0:1d:64:ad:53:76:c0:46:7b:cc:2e:50:4c:
                    6d:3e:d3:71:4a:e9:85:f0:94:f4:3a:da:d7:01:3b:
                    e3:1a:5e:77:02:49:f7:45:36:f7:73:07:08:5c:51:
                    08:a9:7c:6c:d1:51:4e:06:df:8b:8c:88:2a:e5:d4:
                    02:92:bc:49:73:71:d8:d2:00:f4:60:b3:02:d4:a1:
                    c8:31:15:f6:7c:05:15:4a:99:04:b9:d8:7f:b8:e8:
                    50:38:fc:29:0f:17:cb:ab:6b:ef:26:d1:ad:07:bd:
                    a1:45:38:cf:ad:7e:6e:9b:97:65:e3:27:ad:f6:d5:
                    eb:c8:92:83:da:51:c3:a8:e2:ab:a1:8a:cf:93:d0:
                    4e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:29:84:D4:34:38:C1:60:0B:4B:6F:68:13:B4:4C:BC:4A:DB:DB:5B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CymE1DQ4wWALS29oE7RMvErb21s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:c5:9a:bf:de:4a:08:4a:7b:5c:4e:37:a4:7d:1e:31:15:67:
         e8:6c:95:ba:ce:a8:ea:cf:2f:51:33:23:2e:93:f5:7d:02:fb:
         e2:90:6d:60:1a:b2:67:77:98:cd:4d:ab:9e:1e:af:0d:3f:29:
         d0:50:af:6f:bf:f2:ce:dc:f9:5f:c4:86:a3:2d:b3:8d:5c:1d:
         c1:bb:ec:56:06:bf:ad:9e:d9:c5:2a:61:f9:b4:c8:58:ea:f3:
         d4:93:94:49:3b:d6:cd:93:6a:ba:ee:8f:ca:4d:8f:52:8d:0e:
         32:24:5a:aa:f0:0e:a6:5a:35:d4:d1:22:b2:a4:26:5c:b6:e6:
         eb:d0:0c:d1:57:be:c0:d4:77:0b:a3:8c:ca:04:85:0f:7a:9f:
         d0:f7:86:f6:cc:08:11:e5:44:ba:9d:88:6d:86:9b:34:c8:fb:
         ea:ae:5f:d1:2c:0f:0c:b8:5d:80:89:71:4f:95:c1:47:8f:9d:
         ea:67:7f:59:af:39:21:c4:c8:ca:f5:9e:62:74:1e:d9:42:3e:
         5c:d6:88:0a:81:fc:4c:11:2c:c7:92:7c:47:b3:aa:65:db:06:
         32:10:a6:ce:c2:ae:77:d5:c9:9f:cb:49:31:d2:1b:21:ee:33:
         8e:9d:f0:ad:40:6d:10:60:78:49:88:56:ab:31:b3:3b:7b:4f:
         1f:a2:09:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0qiCM3oD8WBi6gJmvVqZGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzI2MTQyNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjI5ODRkNDM0MzhjMTYwMGI0YjZmNjgxM2I0NGNiYzRhZGJkYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxuwDi8VevmcAlB9u48sI2inxh727
1BIfBWP5R9xJBYhMjLqndpkM6YX6vJOPTq/12wO4DP/l6QBINcpurKY9Pi5GuJRZ
UbufRbA9k1ub7yi0LJlGq7sC9h/TRJrppnfvurbNE/MLrjmvNfLQbGRfVpjjs+za
M9o/n6AdZK1TdsBGe8wuUExtPtNxSumF8JT0OtrXATvjGl53Akn3RTb3cwcIXFEI
qXxs0VFOBt+LjIgq5dQCkrxJc3HY0gD0YLMC1KHIMRX2fAUVSpkEudh/uOhQOPwp
DxfLq2vvJtGtB72hRTjPrX5um5dl4yet9tXryJKD2lHDqOKroYrPk9BOdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsphNQ0OMFgC0tvaBO0TLxK29tbMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQ3ltRTFEUTR3V0FMUzI5b0U3Uk12RXJiMjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUfMA0G
CSqGSIb3DQEBCwUAA4IBAQAOxZq/3koISntcTjekfR4xFWfobJW6zqjqzy9RMyMu
k/V9AvvikG1gGrJnd5jNTaueHq8NPynQUK9vv/LO3PlfxIajLbONXB3Bu+xWBr+t
ntnFKmH5tMhY6vPUk5RJO9bNk2q67o/KTY9SjQ4yJFqq8A6mWjXU0SKypCZctubr
0AzRV77A1HcLo4zKBIUPep/Q94b2zAgR5US6nYhthps0yPvqrl/RLA8MuF2AiXFP
lcFHj53qZ39ZrzkhxMjK9Z5idB7ZQj5c1ogKgfxMESzHknxHs6pl2wYyEKbOwq53
1cmfy0kx0hsh7jOOnfCtQG0QYHhJiFarMbM7e08fognz
-----END CERTIFICATE-----