Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iSw2vMCG1vN-mJMc5LPiQOCKAWg.roa
File:                     iSw2vMCG1vN-mJMc5LPiQOCKAWg.roa (raw, json)
Hash identifier:          sT4KGwh0/0mRuoJJlBaQqyLdKnINK789Pijg6ni1ws4=
Subject key identifier:   89:2C:36:BC:C0:86:D6:F3:7E:98:93:1C:E4:B3:E2:40:E0:8A:01:68
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019C9AAC466126983CE404777D9FE375DF7E
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iSw2vMCG1vN-mJMc5LPiQOCKAWg.roa
Signing time:             Thu 26 Feb 2026 15:58:27 +0000
ROA not before:           Thu 26 Feb 2026 15:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401418
IP address blocks:        163.5.198.0/24 maxlen: 24
                          163.5.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:ac:46:61:26:98:3c:e4:04:77:7d:9f:e3:75:df:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 26 15:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=892c36bcc086d6f37e98931ce4b3e240e08a0168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1d:0b:a6:00:73:b9:d1:ff:3a:d4:44:7d:9c:
                    5d:41:c3:af:0a:f4:ea:3f:da:75:1a:eb:dd:32:16:
                    53:f7:28:77:57:0a:f4:61:15:55:69:2e:e5:9f:18:
                    29:27:24:cd:c8:6c:38:35:c0:c0:50:d3:df:1e:4e:
                    a0:bd:5d:e7:a2:2a:87:be:da:4b:50:07:26:4a:77:
                    d2:dd:f5:04:65:1e:ff:4f:61:a1:50:89:ad:c8:f8:
                    6d:16:73:43:8f:3f:af:88:7b:40:fb:f3:1e:a4:c7:
                    21:18:3e:d8:34:74:c1:58:8e:6e:4a:95:8f:d4:b0:
                    f3:0d:9a:64:35:38:0f:ff:30:c4:3e:f5:f1:34:ec:
                    ca:2e:4e:ed:76:da:9a:50:3f:fe:08:7a:9d:3c:c5:
                    02:83:27:7f:6d:19:e9:6b:0c:7a:9d:5f:ad:81:a6:
                    b0:d6:5f:a2:e6:7f:ad:d4:10:0e:87:2b:01:d6:15:
                    a9:03:dc:5d:30:70:9f:f7:2d:2b:23:40:af:bf:ec:
                    a5:37:4a:34:50:d6:f1:f5:a2:1a:63:15:77:49:e6:
                    19:2e:e8:f2:64:f6:01:21:6e:2b:9e:07:0b:b2:bc:
                    dd:e1:76:30:79:e7:93:3c:19:9f:34:39:ff:0f:16:
                    c6:04:f1:2c:bd:2d:ee:9d:06:b7:ec:1c:ba:45:86:
                    45:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2C:36:BC:C0:86:D6:F3:7E:98:93:1C:E4:B3:E2:40:E0:8A:01:68
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iSw2vMCG1vN-mJMc5LPiQOCKAWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:44:0c:9c:71:f3:98:32:a4:db:50:95:97:59:33:fa:49:8f:
         f3:7f:64:03:39:26:a0:3a:81:35:2d:7b:ac:8c:a2:b7:e8:64:
         af:42:f6:cd:8d:f4:ac:79:cc:3f:b9:47:31:c1:5c:22:11:67:
         2e:be:08:ef:44:48:64:eb:c3:4a:c4:35:b7:99:df:1f:a1:0d:
         9c:0a:f1:3d:d8:b6:04:f8:76:69:47:d0:7d:33:a0:81:30:9d:
         cf:42:86:7d:c9:4c:19:47:26:29:1d:ce:cf:b4:4a:59:37:58:
         51:18:27:68:01:2a:02:81:48:c7:87:0a:f4:8a:b8:5e:b1:8d:
         65:87:04:c6:85:43:fe:e6:be:e5:f9:34:dc:d0:3d:c4:89:f1:
         1e:e9:14:da:08:0e:61:36:05:c8:74:22:de:50:f5:d5:65:df:
         3f:3b:6b:28:56:93:3d:2e:ef:32:c1:47:25:b9:3b:6f:c1:e5:
         fc:02:e5:25:0f:2d:15:2a:7b:d0:2d:58:87:b6:06:9d:bf:ad:
         bf:6a:9c:2d:24:94:a9:45:b6:83:dd:ea:13:93:d1:f3:db:fc:
         44:1b:ae:96:95:5f:89:96:4b:52:4a:7c:48:fc:cf:f5:72:95:
         47:59:c2:4e:53:f0:e1:d6:ad:e1:d5:98:58:db:96:83:f8:f2:
         0c:43:2c:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyarEZhJpg85AR3fZ/jdd9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMjI2MTU1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTJjMzZiY2MwODZkNmYzN2U5ODkzMWNlNGIzZTI0MGUwOGEwMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAox0LpgBzudH/OtREfZxdQcOvCvTq
P9p1GuvdMhZT9yh3Vwr0YRVVaS7lnxgpJyTNyGw4NcDAUNPfHk6gvV3noiqHvtpL
UAcmSnfS3fUEZR7/T2GhUImtyPhtFnNDjz+viHtA+/MepMchGD7YNHTBWI5uSpWP
1LDzDZpkNTgP/zDEPvXxNOzKLk7tdtqaUD/+CHqdPMUCgyd/bRnpawx6nV+tgaaw
1l+i5n+t1BAOhysB1hWpA9xdMHCf9y0rI0Cvv+ylN0o0UNbx9aIaYxV3SeYZLujy
ZPYBIW4rngcLsrzd4XYweeeTPBmfNDn/DxbGBPEsvS3unQa37By6RYZFTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIksNrzAhtbzfpiTHOSz4kDgigFoMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaVN3MnZNQ0cxdk4tbUpNYzVMUGlRT0NLQVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBowXGMA0G
CSqGSIb3DQEBCwUAA4IBAQBeRAyccfOYMqTbUJWXWTP6SY/zf2QDOSagOoE1LXus
jKK36GSvQvbNjfSsecw/uUcxwVwiEWcuvgjvREhk68NKxDW3md8foQ2cCvE92LYE
+HZpR9B9M6CBMJ3PQoZ9yUwZRyYpHc7PtEpZN1hRGCdoASoCgUjHhwr0irhesY1l
hwTGhUP+5r7l+TTc0D3EifEe6RTaCA5hNgXIdCLeUPXVZd8/O2soVpM9Lu8ywUcl
uTtvweX8AuUlDy0VKnvQLViHtgadv62/apwtJJSpRbaD3eoTk9Hz2/xEG66WlV+J
lktSSnxI/M/1cpVHWcJOU/Dh1q3h1ZhY25aD+PIMQyxz
-----END CERTIFICATE-----