Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/S9pD2kCBrZrlownW_ebDIZq0JNM.roa
File:                     S9pD2kCBrZrlownW_ebDIZq0JNM.roa (raw, json)
Hash identifier:          bgwGXZjIfTtWA2e8Sgx8OghE1KN4N9kUdWVqxZXBIno=
Subject key identifier:   4B:DA:43:DA:40:81:AD:9A:E5:A3:09:D6:FD:E6:C3:21:9A:B4:24:D3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019C93E385D0EF64FB22B6973E20556F699D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/S9pD2kCBrZrlownW_ebDIZq0JNM.roa
Signing time:             Wed 25 Feb 2026 08:21:27 +0000
ROA not before:           Wed 25 Feb 2026 08:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212306
IP address blocks:        163.5.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:93:e3:85:d0:ef:64:fb:22:b6:97:3e:20:55:6f:69:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 25 08:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bda43da4081ad9ae5a309d6fde6c3219ab424d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d1:9a:bb:55:49:a5:35:73:a5:e5:d1:a1:3e:
                    36:8e:41:d5:4b:42:64:f2:38:8d:90:e4:74:65:4e:
                    77:d2:fa:b3:7a:4b:cc:a7:9a:1a:82:dd:86:1a:1b:
                    64:76:f1:ba:14:9b:43:e2:24:30:5b:0e:72:de:90:
                    09:9b:db:93:40:4b:8d:ac:13:a6:61:53:47:06:0d:
                    77:13:1b:56:0e:77:41:1b:a2:2b:e0:88:60:d9:38:
                    05:54:dd:bf:d1:30:88:27:e1:87:ce:1d:d0:f5:4d:
                    67:14:5f:1e:b2:88:32:f8:b2:e3:71:c3:8a:a7:a5:
                    7d:df:0d:87:04:e1:99:5a:01:46:0b:52:b2:b9:a0:
                    36:4b:cb:13:cd:cf:ed:c4:09:47:27:a2:72:42:1d:
                    b8:8f:aa:59:c7:a6:cc:a6:36:a7:56:60:dd:e8:26:
                    9b:eb:7f:b7:9d:0b:4b:22:72:f9:5f:49:b0:0f:c9:
                    d8:f3:e3:47:03:ce:64:99:7b:8c:64:61:ef:f2:68:
                    63:09:4b:29:0f:5d:7d:b8:2e:de:75:07:55:43:80:
                    ef:3d:a0:d9:c0:49:15:c5:87:91:a5:63:7b:88:09:
                    c0:21:47:9f:af:7d:87:51:ba:e9:f4:00:fa:eb:0f:
                    09:d6:5d:d4:8a:29:0a:9b:d1:c3:7f:6c:eb:57:85:
                    fc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:DA:43:DA:40:81:AD:9A:E5:A3:09:D6:FD:E6:C3:21:9A:B4:24:D3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/S9pD2kCBrZrlownW_ebDIZq0JNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:dc:7d:aa:d6:30:25:ed:7f:a9:74:00:49:2f:61:a2:9e:3a:
         c8:27:4d:32:bf:8a:56:6d:20:c1:49:a7:ae:6b:26:66:c3:ce:
         24:06:0d:24:40:f7:05:0f:c1:b0:39:e6:57:aa:13:1d:9c:be:
         3e:70:7d:36:a1:f3:0b:4f:c5:f5:24:84:9a:e0:8d:86:ad:5b:
         d3:8a:f0:87:cf:56:b6:38:d6:6b:45:1e:2d:36:0c:41:49:3f:
         99:55:57:1a:9f:4f:fc:f9:1a:ef:af:17:b6:56:d2:f1:4a:40:
         93:11:2e:d7:96:ae:f8:13:12:e4:fa:3c:c9:89:a2:16:12:fa:
         9f:29:24:4a:1a:31:c1:09:9a:85:f7:24:88:5b:39:6a:6d:fe:
         cf:9b:75:0c:8f:31:d6:4c:6b:a2:0b:c3:86:4b:7a:d5:7e:c7:
         7f:77:0e:6b:7d:d8:61:35:88:7d:10:d5:c8:6f:0f:3f:06:c2:
         ce:1d:57:65:c1:05:92:2a:4f:41:1e:6e:f1:22:68:37:0f:f4:
         2a:41:fd:db:a0:b1:2f:22:1c:85:2f:07:b8:1c:6c:16:2d:b7:
         c5:59:0c:52:9d:c2:4e:8f:91:56:bd:7c:8a:25:2c:fe:72:4f:
         57:28:2c:51:e8:02:f8:45:c2:c4:32:0b:67:b9:c8:56:38:c3:
         d2:d4:e3:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyT44XQ72T7IraXPiBVb2mdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMjI1MDgyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmRhNDNkYTQwODFhZDlhZTVhMzA5ZDZmZGU2YzMyMTlhYjQyNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdGau1VJpTVzpeXRoT42jkHVS0Jk
8jiNkOR0ZU530vqzekvMp5oagt2GGhtkdvG6FJtD4iQwWw5y3pAJm9uTQEuNrBOm
YVNHBg13ExtWDndBG6Ir4Ihg2TgFVN2/0TCIJ+GHzh3Q9U1nFF8esogy+LLjccOK
p6V93w2HBOGZWgFGC1KyuaA2S8sTzc/txAlHJ6JyQh24j6pZx6bMpjanVmDd6Cab
63+3nQtLInL5X0mwD8nY8+NHA85kmXuMZGHv8mhjCUspD119uC7edQdVQ4DvPaDZ
wEkVxYeRpWN7iAnAIUefr32HUbrp9AD66w8J1l3UiikKm9HDf2zrV4X8oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvaQ9pAga2a5aMJ1v3mwyGatCTTMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUzlwRDJrQ0JyWnJsb3duV19lYkRJWnEwSk5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWEMA0G
CSqGSIb3DQEBCwUAA4IBAQAI3H2q1jAl7X+pdABJL2GinjrIJ00yv4pWbSDBSaeu
ayZmw84kBg0kQPcFD8GwOeZXqhMdnL4+cH02ofMLT8X1JISa4I2GrVvTivCHz1a2
ONZrRR4tNgxBST+ZVVcan0/8+Rrvrxe2VtLxSkCTES7Xlq74ExLk+jzJiaIWEvqf
KSRKGjHBCZqF9ySIWzlqbf7Pm3UMjzHWTGuiC8OGS3rVfsd/dw5rfdhhNYh9ENXI
bw8/BsLOHVdlwQWSKk9BHm7xImg3D/QqQf3boLEvIhyFLwe4HGwWLbfFWQxSncJO
j5FWvXyKJSz+ck9XKCxR6AL4RcLEMgtnuchWOMPS1OPP
-----END CERTIFICATE-----