Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Th9V27UblOhEK-amIkrgDe6Z_Cs.roa
File:                     Th9V27UblOhEK-amIkrgDe6Z_Cs.roa (raw, json)
Hash identifier:          auXNa12BiBe7S79FxK+fSwvloxDs0REQC84gRCok7yw=
Subject key identifier:   4E:1F:55:DB:B5:1B:94:E8:44:2B:E6:A6:22:4A:E0:0D:EE:99:FC:2B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D690C82A7658D8CD7F324BD88278FBA88
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Th9V27UblOhEK-amIkrgDe6Z_Cs.roa
Signing time:             Tue 07 Apr 2026 17:45:20 +0000
ROA not before:           Tue 07 Apr 2026 17:45:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        163.5.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:69:0c:82:a7:65:8d:8c:d7:f3:24:bd:88:27:8f:ba:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr  7 17:45:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e1f55dbb51b94e8442be6a6224ae00dee99fc2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b4:cc:05:0d:e1:3d:7e:71:a9:c5:33:37:91:
                    47:81:0c:99:d2:b8:59:cd:75:e5:b0:38:ac:7e:22:
                    4d:6c:bf:7d:70:88:ce:08:06:d6:b7:02:aa:ec:27:
                    fd:6d:15:50:ae:98:52:88:6a:c8:6d:1d:5e:04:7e:
                    bc:0c:34:9a:6f:88:9c:f7:a2:3f:9e:87:bb:f8:ba:
                    d7:5f:72:95:63:5d:47:61:d6:5c:81:20:82:22:57:
                    be:3d:c0:01:30:37:7f:0c:8a:cc:0e:4f:41:55:81:
                    e6:f1:71:82:02:97:61:2d:e8:a0:80:32:86:15:dd:
                    ec:2c:c5:d1:86:50:d5:ae:78:48:90:30:c0:89:f3:
                    31:60:9f:f0:4c:b5:22:07:51:58:73:62:28:10:90:
                    96:8d:56:62:c2:b6:8f:10:02:e9:df:e2:1f:48:06:
                    a3:85:c1:6a:83:8d:dd:bd:c6:20:8f:cd:d8:f9:87:
                    00:fc:83:c3:7e:04:da:62:0c:34:34:31:f1:c6:35:
                    47:71:7f:6a:09:fa:5c:f8:bc:55:0c:d0:88:ad:4b:
                    2a:59:12:e9:8a:83:ae:6c:fa:c5:fb:b6:8f:bc:ff:
                    58:64:bf:32:9c:72:d8:0c:6e:9e:3f:ff:19:9a:5f:
                    cd:3b:b5:51:a6:d7:db:aa:af:fd:1f:de:4a:e6:95:
                    4b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:1F:55:DB:B5:1B:94:E8:44:2B:E6:A6:22:4A:E0:0D:EE:99:FC:2B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Th9V27UblOhEK-amIkrgDe6Z_Cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:63:47:61:c5:db:25:db:57:79:67:f8:fb:40:13:ff:f8:d8:
         13:f3:79:a9:f3:01:53:cc:55:00:72:33:4e:b9:12:30:2e:f0:
         9f:d3:50:f8:a9:1d:a9:cb:0e:e8:48:b2:ef:01:44:c5:e2:19:
         51:8d:51:fb:cb:5f:08:52:5e:b5:d2:0f:f6:73:b0:46:88:11:
         ba:eb:5d:e7:00:16:41:10:00:00:33:c7:8a:da:01:81:ff:a7:
         10:37:05:86:b3:d3:27:50:dd:c5:1c:21:07:ec:af:23:3d:2d:
         b5:b4:b4:f1:5e:fb:80:e2:81:b2:b2:87:fe:b3:c8:a7:13:5c:
         a5:f8:ba:9d:ef:8e:df:79:6d:bc:b5:e1:db:a0:aa:76:0b:9e:
         c2:d7:1c:df:73:b3:c2:21:d7:7a:e6:02:f4:23:b6:95:cd:3e:
         db:e7:d9:ec:1f:5d:03:37:9c:54:7a:fc:0c:7a:69:7e:2c:62:
         33:22:42:44:e3:a5:79:ac:31:30:ce:d8:6f:f8:28:a5:2e:69:
         e0:96:bc:29:61:80:59:01:e8:8c:b9:0d:ac:22:37:5b:6c:74:
         7f:1c:41:1a:5f:cd:5f:5f:6b:8a:6f:73:a1:af:d6:9d:60:d5:
         63:75:bf:9f:4d:8f:3a:c9:7d:08:24:20:4a:2b:15:27:50:b1:
         f0:bc:91:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1pDIKnZY2M1/MkvYgnj7qIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDA3MTc0NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTFmNTVkYmI1MWI5NGU4NDQyYmU2YTYyMjRhZTAwZGVlOTlmYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrTMBQ3hPX5xqcUzN5FHgQyZ0rhZ
zXXlsDisfiJNbL99cIjOCAbWtwKq7Cf9bRVQrphSiGrIbR1eBH68DDSab4ic96I/
noe7+LrXX3KVY11HYdZcgSCCIle+PcABMDd/DIrMDk9BVYHm8XGCApdhLeiggDKG
Fd3sLMXRhlDVrnhIkDDAifMxYJ/wTLUiB1FYc2IoEJCWjVZiwraPEALp3+IfSAaj
hcFqg43dvcYgj83Y+YcA/IPDfgTaYgw0NDHxxjVHcX9qCfpc+LxVDNCIrUsqWRLp
ioOubPrF+7aPvP9YZL8ynHLYDG6eP/8Zml/NO7VRptfbqq/9H95K5pVL6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4fVdu1G5ToRCvmpiJK4A3umfwrMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVGg5VjI3VWJsT2hFSy1hbUlrcmdEZTZaX0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXMMA0G
CSqGSIb3DQEBCwUAA4IBAQCaY0dhxdsl21d5Z/j7QBP/+NgT83mp8wFTzFUAcjNO
uRIwLvCf01D4qR2pyw7oSLLvAUTF4hlRjVH7y18IUl610g/2c7BGiBG6613nABZB
EAAAM8eK2gGB/6cQNwWGs9MnUN3FHCEH7K8jPS21tLTxXvuA4oGysof+s8inE1yl
+Lqd747feW28teHboKp2C57C1xzfc7PCIdd65gL0I7aVzT7b59nsH10DN5xUevwM
eml+LGIzIkJE46V5rDEwzthv+CilLmnglrwpYYBZAeiMuQ2sIjdbbHR/HEEaX81f
X2uKb3Ohr9adYNVjdb+fTY86yX0IJCBKKxUnULHwvJGb
-----END CERTIFICATE-----