Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GZf_h_n7LcJ9WlDRs4kABJYYboo.roa
File:                     GZf_h_n7LcJ9WlDRs4kABJYYboo.roa (raw, json)
Hash identifier:          KZxSnyJzNrAWugOKKxsZAY0Uo/W9U3APH5TrvC2HiB4=
Subject key identifier:   19:97:FF:87:F9:FB:2D:C2:7D:5A:50:D1:B3:89:00:04:96:18:6E:8A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01985BED8659C136D732F04F1A9BAB24FA00
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GZf_h_n7LcJ9WlDRs4kABJYYboo.roa
Signing time:             Wed 30 Jul 2025 15:22:29 +0000
ROA not before:           Wed 30 Jul 2025 15:22:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        163.5.51.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24
                          163.5.173.0/24 maxlen: 24
                          163.5.231.0/24 maxlen: 24
                          163.5.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5b:ed:86:59:c1:36:d7:32:f0:4f:1a:9b:ab:24:fa:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 30 15:22:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1997ff87f9fb2dc27d5a50d1b389000496186e8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d3:9e:f4:f6:20:9a:17:b9:7f:7e:5e:c7:4b:
                    1b:fd:2a:1b:de:a5:9a:a6:89:a3:05:a7:cc:b4:cb:
                    09:d4:fe:cc:3b:3c:4f:13:ab:86:b5:91:73:1c:1e:
                    85:d3:e8:24:be:74:94:66:a4:0b:7f:03:91:5d:09:
                    6d:de:ef:14:c1:2c:cb:93:f0:30:42:53:b0:58:bb:
                    5e:41:8d:d0:95:5d:55:48:f8:f3:fb:66:de:c2:b7:
                    07:bd:ad:e0:fe:c1:2d:bc:62:1d:58:5b:aa:12:af:
                    38:f4:b6:0e:aa:0f:50:5f:36:79:54:fe:d2:93:6f:
                    3f:0e:dd:32:02:03:5f:90:44:29:f8:2e:51:d9:42:
                    78:7f:e8:84:4f:28:b5:10:ec:80:37:54:1a:28:db:
                    48:74:2f:03:2f:62:b3:32:de:fe:b4:f7:83:9c:d9:
                    e2:2f:df:f2:23:24:b9:9b:35:c6:01:e4:1d:b7:66:
                    92:17:ee:08:92:91:86:a1:d7:a9:e2:6b:b3:cf:58:
                    58:55:b3:ef:f1:fc:29:5c:a9:2a:47:45:05:df:02:
                    59:fe:c0:dc:8f:68:e2:7a:86:15:4a:e9:d2:0e:5d:
                    40:81:66:bf:db:2a:b9:64:8a:ae:dd:a1:27:8e:b6:
                    5a:7a:1b:55:f3:d7:e2:55:eb:69:e5:fe:30:cc:8b:
                    1e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:97:FF:87:F9:FB:2D:C2:7D:5A:50:D1:B3:89:00:04:96:18:6E:8A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GZf_h_n7LcJ9WlDRs4kABJYYboo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.51.0/24
                  163.5.134.0/24
                  163.5.173.0/24
                  163.5.231.0/24
                  163.5.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:e8:3f:ee:8b:d7:ce:6f:10:ae:e0:52:6e:8f:bc:47:c0:b9:
         11:ac:7c:51:18:01:c4:e7:cf:09:f7:e4:a6:39:c7:4d:9a:08:
         d6:fd:77:44:27:ce:4d:4f:0d:c4:e2:79:ad:cb:bb:65:23:3c:
         70:8f:ca:af:51:31:5c:57:40:d8:9f:0d:82:19:14:3c:bd:72:
         e3:ef:17:ff:6d:8c:a1:99:ac:e0:c6:46:8b:c8:e0:b2:ad:a3:
         8e:a9:4d:59:54:2b:28:b1:57:cc:fc:42:2d:1a:27:0d:41:2d:
         68:f3:d3:b8:eb:ae:ad:ea:4d:c2:88:0e:b4:a7:43:51:59:f5:
         bd:24:3d:92:07:2a:79:f7:fb:15:e8:f4:85:db:fd:e6:e2:c4:
         d5:81:70:ef:2b:6f:20:01:ab:e4:19:4f:7a:f1:99:87:00:b9:
         cc:35:12:aa:b0:dd:b5:65:ef:a4:05:4c:64:87:64:8d:df:9b:
         ef:45:3e:8f:12:39:b1:c9:8b:d1:16:92:15:ca:15:e5:12:91:
         0e:61:e4:5a:b6:0c:34:a0:d3:84:89:c8:72:25:21:19:40:6c:
         ab:9b:60:73:43:3d:3e:c4:03:9f:bb:49:97:c7:87:c0:9b:c2:
         b8:51:8e:0b:cc:0a:6b:fc:65:6a:0a:86:79:28:6a:00:89:3a:
         70:99:80:be
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZhb7YZZwTbXMvBPGpurJPoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNzMwMTUyMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTk3ZmY4N2Y5ZmIyZGMyN2Q1YTUwZDFiMzg5MDAwNDk2MTg2ZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9Oe9PYgmhe5f35ex0sb/Sob3qWa
pomjBafMtMsJ1P7MOzxPE6uGtZFzHB6F0+gkvnSUZqQLfwORXQlt3u8UwSzLk/Aw
QlOwWLteQY3QlV1VSPjz+2bewrcHva3g/sEtvGIdWFuqEq849LYOqg9QXzZ5VP7S
k28/Dt0yAgNfkEQp+C5R2UJ4f+iETyi1EOyAN1QaKNtIdC8DL2KzMt7+tPeDnNni
L9/yIyS5mzXGAeQdt2aSF+4IkpGGodep4muzz1hYVbPv8fwpXKkqR0UF3wJZ/sDc
j2jieoYVSunSDl1AgWa/2yq5ZIqu3aEnjrZaehtV89fiVetp5f4wzIsevwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBmX/4f5+y3CfVpQ0bOJAASWGG6KMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvR1pmX2hfbjdMY0o5V2xEUnM0a0FCSllZYm9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAowUzAwQA
owWGAwQAowWtAwQAowXnAwQAowX0MA0GCSqGSIb3DQEBCwUAA4IBAQCf6D/ui9fO
bxCu4FJuj7xHwLkRrHxRGAHE588J9+SmOcdNmgjW/XdEJ85NTw3E4nmty7tlIzxw
j8qvUTFcV0DYnw2CGRQ8vXLj7xf/bYyhmazgxkaLyOCyraOOqU1ZVCsosVfM/EIt
GicNQS1o89O4666t6k3CiA60p0NRWfW9JD2SByp59/sV6PSF2/3m4sTVgXDvK28g
AavkGU968ZmHALnMNRKqsN21Ze+kBUxkh2SN35vvRT6PEjmxyYvRFpIVyhXlEpEO
YeRatgw0oNOEichyJSEZQGyrm2BzQz0+xAOfu0mXx4fAm8K4UY4LzApr/GVqCoZ5
KGoAiTpwmYC+
-----END CERTIFICATE-----
Generated at Mon Aug 4 08:16:56 2025 by rpki-client