Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/MrC7l8ymScqNNeJ1W_2BzzC-eY8.roa
File:                     MrC7l8ymScqNNeJ1W_2BzzC-eY8.roa (raw, json)
Hash identifier:          D301SsXMuB9wCYmddtesLX1lSZRfOccjIBMOT0O+sYA=
Subject key identifier:   32:B0:BB:97:CC:A6:49:CA:8D:35:E2:75:5B:FD:81:CF:30:BE:79:8F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D4E75A6C89FE5192A7AF4D684813DF856
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/MrC7l8ymScqNNeJ1W_2BzzC-eY8.roa
Signing time:             Thu 02 Apr 2026 13:50:26 +0000
ROA not before:           Thu 02 Apr 2026 13:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        163.5.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4e:75:a6:c8:9f:e5:19:2a:7a:f4:d6:84:81:3d:f8:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr  2 13:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32b0bb97cca649ca8d35e2755bfd81cf30be798f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:88:72:23:3c:26:61:08:24:08:75:07:2a:68:
                    5c:7b:81:70:88:7b:92:e8:62:00:ea:41:48:36:c9:
                    72:dc:29:da:a6:98:88:30:b1:67:f2:43:15:00:ed:
                    b6:fb:89:eb:62:f7:cb:7f:12:94:06:2c:36:a3:c2:
                    7f:6b:8e:fe:20:b2:1f:ca:65:26:b5:7b:6b:a2:6d:
                    df:6b:7a:59:6f:b0:a1:26:b7:bd:0d:75:6b:1d:d9:
                    f1:74:a2:6f:98:ab:2c:a6:cd:5e:11:fc:ea:2d:5d:
                    d2:f0:5f:65:2f:d1:58:44:b3:ea:4c:16:fa:43:d6:
                    cd:e1:eb:ca:16:d0:5b:41:23:c5:f9:96:cc:54:55:
                    28:ec:43:7d:bd:2e:89:95:47:88:fb:cc:4a:8f:42:
                    0a:f6:9f:89:13:f3:fe:2f:f0:d8:7c:e1:3e:9e:02:
                    fe:10:6c:18:63:43:41:9f:9d:ab:1b:2e:6d:a2:b1:
                    3f:a9:c2:40:63:33:16:8c:b6:da:c3:74:22:3e:22:
                    20:91:79:e6:a7:1d:e3:16:e7:7e:8f:e7:d6:20:0a:
                    26:c4:5f:9b:d9:9d:2d:03:b9:7c:5f:12:94:e0:bb:
                    10:0d:37:89:d0:95:63:dd:4c:72:09:0f:03:8f:e6:
                    ba:79:d8:06:fe:be:75:39:81:8e:c1:63:46:f1:f4:
                    b6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:B0:BB:97:CC:A6:49:CA:8D:35:E2:75:5B:FD:81:CF:30:BE:79:8F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/MrC7l8ymScqNNeJ1W_2BzzC-eY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:42:68:ff:fe:fd:36:f4:f2:a8:b0:bc:e9:16:42:44:18:d6:
         17:de:43:3e:6d:7a:6c:7a:f0:dd:d8:53:08:4e:2c:88:14:90:
         d8:fa:74:41:a2:9c:34:21:ae:e0:57:eb:1e:8c:c9:78:bf:0d:
         42:d9:1e:fc:04:b6:41:3d:d8:98:5e:6d:34:fe:85:02:ff:4d:
         71:ec:64:b7:63:58:a8:3c:61:e8:fa:87:69:db:03:14:c1:0c:
         89:f6:ff:20:0b:5d:8c:31:5a:86:1d:78:f9:dd:03:77:dc:be:
         33:5b:86:ef:41:d5:0e:e9:05:ad:83:3e:fc:50:31:0a:4f:98:
         2a:cc:70:a5:4f:88:af:9f:dd:02:0f:1e:b7:0a:6a:65:4c:b0:
         31:0b:a8:7d:a3:e7:9c:57:77:4e:d8:88:50:6f:a2:39:99:94:
         4f:12:e0:d1:39:b8:cb:5d:3f:e6:9e:45:f8:52:94:94:6b:3e:
         c6:4f:b8:0e:a5:a2:50:1d:34:16:ab:23:bb:3d:7f:39:3a:93:
         cf:b3:59:a1:7d:b8:53:8e:e8:21:22:56:c6:11:34:cb:00:b4:
         4b:5f:21:09:65:87:19:12:2f:cb:bf:20:b3:72:57:8e:c5:46:
         46:ca:c4:2e:9d:9c:e7:d3:13:13:6e:c2:93:bf:7d:f2:cc:7c:
         ed:cf:4f:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1OdabIn+UZKnr01oSBPfhWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDAyMTM1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmIwYmI5N2NjYTY0OWNhOGQzNWUyNzU1YmZkODFjZjMwYmU3OThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIhyIzwmYQgkCHUHKmhce4FwiHuS
6GIA6kFINsly3CnappiIMLFn8kMVAO22+4nrYvfLfxKUBiw2o8J/a47+ILIfymUm
tXtrom3fa3pZb7ChJre9DXVrHdnxdKJvmKssps1eEfzqLV3S8F9lL9FYRLPqTBb6
Q9bN4evKFtBbQSPF+ZbMVFUo7EN9vS6JlUeI+8xKj0IK9p+JE/P+L/DYfOE+ngL+
EGwYY0NBn52rGy5torE/qcJAYzMWjLbaw3QiPiIgkXnmpx3jFud+j+fWIAomxF+b
2Z0tA7l8XxKU4LsQDTeJ0JVj3UxyCQ8Dj+a6edgG/r51OYGOwWNG8fS25wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKwu5fMpknKjTXidVv9gc8wvnmPMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTXJDN2w4eW1TY3FOTmVKMVdfMkJ6ekMtZVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowV3MA0G
CSqGSIb3DQEBCwUAA4IBAQCpQmj//v029PKosLzpFkJEGNYX3kM+bXpsevDd2FMI
TiyIFJDY+nRBopw0Ia7gV+sejMl4vw1C2R78BLZBPdiYXm00/oUC/01x7GS3Y1io
PGHo+odp2wMUwQyJ9v8gC12MMVqGHXj53QN33L4zW4bvQdUO6QWtgz78UDEKT5gq
zHClT4ivn90CDx63CmplTLAxC6h9o+ecV3dO2IhQb6I5mZRPEuDRObjLXT/mnkX4
UpSUaz7GT7gOpaJQHTQWqyO7PX85OpPPs1mhfbhTjughIlbGETTLALRLXyEJZYcZ
Ei/LvyCzcleOxUZGysQunZzn0xMTbsKTv33yzHztz08G
-----END CERTIFICATE-----