Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/S9jU3wmMYqyDFbGRkY1kvUKuH_Q.roa
File:                     S9jU3wmMYqyDFbGRkY1kvUKuH_Q.roa (raw, json)
Hash identifier:          GaFgxZgOi94D7WPCps7rHAnsZ3FYkP8REazghkauX1o=
Subject key identifier:   4B:D8:D4:DF:09:8C:62:AC:83:15:B1:91:91:8D:64:BD:42:AE:1F:F4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019C9AAC4633054919D3C73AD06D6482D48F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/S9jU3wmMYqyDFbGRkY1kvUKuH_Q.roa
Signing time:             Thu 26 Feb 2026 15:58:27 +0000
ROA not before:           Thu 26 Feb 2026 15:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395517
IP address blocks:        163.5.198.0/24 maxlen: 24
                          163.5.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:ac:46:33:05:49:19:d3:c7:3a:d0:6d:64:82:d4:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 26 15:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bd8d4df098c62ac8315b191918d64bd42ae1ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7f:ff:10:65:79:6e:31:b7:47:fd:88:69:33:
                    2f:65:d2:cd:9c:39:5c:22:e4:a2:8e:2f:3a:6f:d8:
                    14:0c:68:a8:ac:69:4b:53:da:ac:06:9a:3c:eb:6c:
                    61:aa:aa:7c:18:9e:15:84:bb:ff:7f:67:2a:68:bb:
                    db:61:df:33:50:01:95:c6:6c:b4:63:06:97:38:51:
                    2d:e6:bb:16:e5:7b:b5:1e:16:c1:e1:ef:19:9c:dd:
                    88:02:9b:4e:ea:7c:43:01:5b:5d:32:69:ff:7f:5a:
                    d7:56:13:5b:07:8c:75:96:75:3d:6f:1c:c4:6c:6c:
                    df:ba:15:c7:99:62:ee:9a:d6:fe:49:ba:14:0d:ad:
                    b7:4d:94:f7:5c:69:13:81:c2:96:04:88:ea:eb:b1:
                    cd:c8:aa:28:ef:6d:3b:ba:6a:16:8f:d0:bd:4a:fb:
                    e9:74:b9:25:2e:c6:96:05:6f:93:34:ee:82:93:08:
                    36:d8:8c:dd:70:d3:6c:3f:f1:f6:9d:5d:ac:0d:7a:
                    15:f2:3c:96:9f:0f:1d:41:af:96:af:8d:89:96:94:
                    ae:4c:a9:08:f8:3f:e7:6c:86:c3:4d:64:33:e1:2d:
                    e5:aa:ed:46:36:8b:ae:98:f3:d4:d1:ed:23:04:da:
                    e0:1b:8d:bf:8d:f7:ac:55:3e:82:17:7b:91:a9:72:
                    83:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D8:D4:DF:09:8C:62:AC:83:15:B1:91:91:8D:64:BD:42:AE:1F:F4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/S9jU3wmMYqyDFbGRkY1kvUKuH_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:7f:ef:91:fa:4a:f4:20:d3:60:8a:e1:f6:59:d5:61:99:75:
         92:7c:af:d6:12:e1:8b:1f:c0:af:dc:0c:b2:67:3f:c5:2c:50:
         3f:1e:5d:45:0e:1e:5d:37:d0:93:8b:aa:77:fa:9d:7d:38:fc:
         6f:b7:88:5d:f4:0a:1d:1d:85:5b:ca:93:c6:4e:26:5e:26:e4:
         7c:d3:f4:a9:ee:6f:89:79:bf:60:81:17:c1:ca:e4:29:a6:b3:
         c2:e7:c4:bf:f6:8c:b9:c4:b4:ac:5b:62:b7:23:a5:1c:6c:f2:
         8b:5e:13:73:ad:29:c5:6d:56:c5:1f:c6:7d:8a:db:f2:57:be:
         eb:d3:cb:b3:37:16:2d:6f:a3:d0:8a:67:6a:6b:e8:a8:cd:34:
         dd:ea:95:3e:1e:57:8d:ac:13:57:60:5d:81:b5:25:29:ad:6e:
         c9:f3:07:05:ca:23:07:09:71:8f:e4:cb:a8:9f:dd:c9:16:58:
         af:fe:b1:66:24:ae:57:86:fb:f2:f1:76:18:b8:32:29:35:e2:
         eb:e9:f8:8c:82:60:1f:f9:90:b2:70:d6:ba:b0:2a:6d:e9:e1:
         22:52:73:d0:bb:45:e2:77:39:ca:30:ac:e3:87:f0:49:9b:dd:
         aa:34:a2:42:6b:0d:d0:c0:4c:de:27:48:e6:dc:11:b0:f6:e7:
         49:0c:54:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyarEYzBUkZ08c60G1kgtSPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMjI2MTU1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQ4ZDRkZjA5OGM2MmFjODMxNWIxOTE5MThkNjRiZDQyYWUxZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3//EGV5bjG3R/2IaTMvZdLNnDlc
IuSiji86b9gUDGiorGlLU9qsBpo862xhqqp8GJ4VhLv/f2cqaLvbYd8zUAGVxmy0
YwaXOFEt5rsW5Xu1HhbB4e8ZnN2IAptO6nxDAVtdMmn/f1rXVhNbB4x1lnU9bxzE
bGzfuhXHmWLumtb+SboUDa23TZT3XGkTgcKWBIjq67HNyKoo7207umoWj9C9Svvp
dLklLsaWBW+TNO6Ckwg22IzdcNNsP/H2nV2sDXoV8jyWnw8dQa+Wr42JlpSuTKkI
+D/nbIbDTWQz4S3lqu1GNouumPPU0e0jBNrgG42/jfesVT6CF3uRqXKDjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvY1N8JjGKsgxWxkZGNZL1Crh/0MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUzlqVTN3bU1ZcXlERmJHUmtZMWt2VUt1SF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBowXGMA0G
CSqGSIb3DQEBCwUAA4IBAQB0f++R+kr0INNgiuH2WdVhmXWSfK/WEuGLH8Cv3Ayy
Zz/FLFA/Hl1FDh5dN9CTi6p3+p19OPxvt4hd9AodHYVbypPGTiZeJuR80/Sp7m+J
eb9ggRfByuQpprPC58S/9oy5xLSsW2K3I6UcbPKLXhNzrSnFbVbFH8Z9itvyV77r
08uzNxYtb6PQimdqa+iozTTd6pU+HleNrBNXYF2BtSUprW7J8wcFyiMHCXGP5Muo
n93JFliv/rFmJK5Xhvvy8XYYuDIpNeLr6fiMgmAf+ZCycNa6sCpt6eEiUnPQu0Xi
dznKMKzjh/BJm92qNKJCaw3QwEzeJ0jm3BGw9udJDFSu
-----END CERTIFICATE-----