Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/_4qQaqWL9R25Vw3uK0jftTcq2DU.roa
File:                     _4qQaqWL9R25Vw3uK0jftTcq2DU.roa (raw, json)
Hash identifier:          kBnixxfrHCqXD4wANIeGWiL41mtcK29wd6N+m9uFpTA=
Subject key identifier:   FF:8A:90:6A:A5:8B:F5:1D:B9:57:0D:EE:2B:48:DF:B5:37:2A:D8:35
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019A4E015C81C822781D3A0A573CEEBA3644
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/_4qQaqWL9R25Vw3uK0jftTcq2DU.roa
Signing time:             Tue 04 Nov 2025 08:35:03 +0000
ROA not before:           Tue 04 Nov 2025 08:35:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        163.5.1.0/24 maxlen: 24
                          163.5.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:01:5c:81:c8:22:78:1d:3a:0a:57:3c:ee:ba:36:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov  4 08:35:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff8a906aa58bf51db9570dee2b48dfb5372ad835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4d:9e:73:d1:9e:29:bf:d2:35:ce:1b:e8:36:
                    38:f8:bd:56:26:8d:3c:1c:ec:e1:3c:01:38:23:53:
                    f0:46:11:8b:f8:e7:e4:19:a2:73:33:af:39:eb:c0:
                    16:e0:c4:3c:74:da:a9:84:ea:2c:36:58:41:e8:df:
                    5a:b6:43:21:56:4e:11:e9:9d:c1:8c:9d:b5:aa:4d:
                    78:cb:cf:71:12:3d:5c:27:82:4f:77:7a:0f:9c:c6:
                    23:70:e8:d9:ee:38:f6:e9:4b:be:6e:56:32:6a:04:
                    c8:98:91:e6:c2:6b:c7:e8:00:47:71:72:ad:e4:a9:
                    1f:dc:2b:39:1f:c7:91:6a:ea:ae:5c:b6:07:ce:6f:
                    08:bd:cb:e1:a1:89:59:ad:15:8a:c8:18:a1:fb:91:
                    0c:3c:10:5a:46:23:ff:bf:75:62:ca:73:a7:d7:d0:
                    12:32:b5:fa:07:2a:23:be:4a:25:70:21:dc:dc:d1:
                    7e:36:a6:0f:4b:d0:4d:7f:cd:ee:14:a3:7b:91:4d:
                    66:5d:5d:6c:7b:25:e2:90:64:c7:87:f0:ca:86:8e:
                    19:67:bd:60:b7:af:f8:b8:bf:83:53:8c:f3:d4:f6:
                    8a:78:94:58:71:49:cf:39:eb:cd:d6:e6:d3:32:a7:
                    7d:f7:b7:f9:71:5b:aa:09:bb:46:db:90:51:2d:26:
                    82:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:8A:90:6A:A5:8B:F5:1D:B9:57:0D:EE:2B:48:DF:B5:37:2A:D8:35
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/_4qQaqWL9R25Vw3uK0jftTcq2DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.1.0/24
                  163.5.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:6c:76:95:2e:f0:55:d0:c6:e5:5b:3a:92:34:1d:c2:b7:06:
         7a:08:dd:ae:c8:45:2f:e9:a5:dc:14:0d:53:c4:90:70:80:cd:
         41:39:1f:a9:21:74:34:86:99:f1:cc:5a:82:96:f0:a9:dd:53:
         16:56:2d:70:ec:95:fd:50:f6:36:2c:f6:fc:26:3c:5b:34:43:
         e5:9d:1b:ba:71:e4:80:1c:93:37:7f:ed:cf:df:72:39:89:98:
         67:37:f6:ef:21:ba:6c:5f:a2:f9:6d:d8:5f:f6:ed:1f:ad:39:
         c9:91:a6:86:7c:72:a4:cf:fb:f1:5e:fc:57:7a:1b:67:b9:57:
         01:e3:c0:7a:2a:7f:ba:0c:97:01:27:82:9c:1e:04:6c:a1:e4:
         9b:ba:e3:2e:64:a5:bb:5d:04:c1:5f:a7:cb:8d:d8:68:44:22:
         7f:7a:49:99:56:a0:dd:c5:80:9f:10:43:f7:9e:aa:cf:86:96:
         e3:9b:59:c3:a6:47:fd:f1:7d:99:4a:1b:51:b1:8f:23:c5:cb:
         ca:8f:06:18:b8:41:d9:56:b8:47:7a:06:fb:f9:1b:79:12:b5:
         b8:65:1f:51:f7:c8:56:cb:c1:96:48:24:aa:d4:2d:36:68:b3:
         2f:ff:57:e3:7c:3b:a4:16:9e:13:15:b5:ef:67:57:f7:90:42:
         da:7c:a0:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpOAVyByCJ4HToKVzzuujZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUxMTA0MDgzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjhhOTA2YWE1OGJmNTFkYjk1NzBkZWUyYjQ4ZGZiNTM3MmFkODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj02ec9GeKb/SNc4b6DY4+L1WJo08
HOzhPAE4I1PwRhGL+OfkGaJzM68568AW4MQ8dNqphOosNlhB6N9atkMhVk4R6Z3B
jJ21qk14y89xEj1cJ4JPd3oPnMYjcOjZ7jj26Uu+blYyagTImJHmwmvH6ABHcXKt
5Kkf3Cs5H8eRauquXLYHzm8IvcvhoYlZrRWKyBih+5EMPBBaRiP/v3ViynOn19AS
MrX6ByojvkolcCHc3NF+NqYPS9BNf83uFKN7kU1mXV1seyXikGTHh/DKho4ZZ71g
t6/4uL+DU4zz1PaKeJRYcUnPOevN1ubTMqd997f5cVuqCbtG25BRLSaCVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP+KkGqli/UduVcN7itI37U3Ktg1MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvXzRxUWFxV0w5UjI1VnczdUswamZ0VGNxMkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowUBAwQA
owUrMA0GCSqGSIb3DQEBCwUAA4IBAQCabHaVLvBV0MblWzqSNB3CtwZ6CN2uyEUv
6aXcFA1TxJBwgM1BOR+pIXQ0hpnxzFqClvCp3VMWVi1w7JX9UPY2LPb8JjxbNEPl
nRu6ceSAHJM3f+3P33I5iZhnN/bvIbpsX6L5bdhf9u0frTnJkaaGfHKkz/vxXvxX
ehtnuVcB48B6Kn+6DJcBJ4KcHgRsoeSbuuMuZKW7XQTBX6fLjdhoRCJ/ekmZVqDd
xYCfEEP3nqrPhpbjm1nDpkf98X2ZShtRsY8jxcvKjwYYuEHZVrhHegb7+Rt5ErW4
ZR9R98hWy8GWSCSq1C02aLMv/1fjfDukFp4TFbXvZ1f3kELafKDt
-----END CERTIFICATE-----