Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pTQWTh8ygTnV94Hvv60OGJ7DabA.roa
File:                     pTQWTh8ygTnV94Hvv60OGJ7DabA.roa (raw, json)
Hash identifier:          NksucBV0YCjMgFA0i8F6nrBHsCNFs0F66be18hPkbzs=
Subject key identifier:   A5:34:16:4E:1F:32:81:39:D5:F7:81:EF:BF:AD:0E:18:9E:C3:69:B0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01976B5BA75976E721A05157A131186DA054
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pTQWTh8ygTnV94Hvv60OGJ7DabA.roa
Signing time:             Fri 13 Jun 2025 22:14:18 +0000
ROA not before:           Fri 13 Jun 2025 22:14:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35592
IP address blocks:        163.5.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 21:51:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:6b:5b:a7:59:76:e7:21:a0:51:57:a1:31:18:6d:a0:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun 13 22:14:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a534164e1f328139d5f781efbfad0e189ec369b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:10:a3:de:24:7b:9a:b1:d0:e3:02:5b:b5:fa:
                    49:bb:91:75:13:2e:5c:26:47:00:bf:20:89:d2:68:
                    38:f6:aa:42:96:1b:30:e7:e7:80:08:72:7d:95:1d:
                    c3:02:f7:67:c7:d9:0f:ff:8d:7d:cd:91:b5:82:c9:
                    eb:24:7d:06:52:d6:36:99:27:b7:de:dd:c2:14:1e:
                    6f:d4:fb:4d:9b:f7:ae:34:ac:e7:f4:8b:3c:70:26:
                    2a:1f:47:c9:d7:05:4b:9c:44:9b:22:c6:52:2f:10:
                    24:1d:0d:c4:aa:f3:11:b1:0d:d1:d0:90:4e:bc:73:
                    40:3b:73:cf:02:65:83:b4:22:1c:f6:a5:9b:c4:36:
                    c5:cf:55:08:e2:9a:a8:e6:d4:28:64:4b:30:92:25:
                    7c:5c:7a:21:dd:65:83:07:de:37:1b:66:d3:45:4c:
                    16:48:d9:c5:ba:97:78:e2:03:b2:6e:dd:d8:a4:f6:
                    f3:78:44:09:80:5e:05:60:48:90:65:71:00:31:56:
                    48:3f:b9:64:86:93:c4:79:fc:89:5a:22:49:05:00:
                    69:55:35:ab:f6:e0:fc:13:53:46:de:3b:f9:32:34:
                    b0:3f:73:af:6e:d8:f9:c7:30:f2:23:23:a0:53:c5:
                    51:7c:a5:81:38:f7:e8:e0:4b:3a:fd:08:30:26:4e:
                    de:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:34:16:4E:1F:32:81:39:D5:F7:81:EF:BF:AD:0E:18:9E:C3:69:B0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pTQWTh8ygTnV94Hvv60OGJ7DabA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:00:e0:36:66:4f:a6:31:1e:27:ab:fd:c2:54:46:c0:49:d7:
         26:bd:53:88:ce:df:6b:7b:0d:b7:3c:31:ad:2a:2b:d7:87:5b:
         a3:a3:73:38:7b:a6:5b:14:c0:91:84:84:7d:f5:a2:e5:8d:22:
         61:46:bb:78:1f:57:0b:47:27:c1:36:64:b4:27:7a:43:db:c8:
         d5:4e:2c:75:c3:af:b9:42:c1:46:9e:1f:f3:2d:c1:53:82:21:
         9a:ee:4f:36:d8:6a:b3:68:f7:53:f6:56:28:24:97:47:77:99:
         36:74:40:5f:80:3a:00:18:67:e6:ff:30:85:56:a8:5f:b3:1f:
         59:85:be:a8:11:7f:a1:a6:ce:96:ba:2a:bc:7b:d3:d0:be:50:
         6a:12:4e:bb:bc:98:6e:4b:a2:1b:9e:c8:b3:3c:de:be:68:6d:
         f2:16:b8:58:40:94:98:b1:92:fe:23:7d:6e:d2:5d:39:a7:9a:
         f0:99:9e:a6:32:e7:15:e8:7f:dd:a3:4a:55:59:99:a3:f4:a7:
         27:55:40:52:9e:8e:f5:f4:13:b1:2d:06:8c:9c:b6:77:1f:b0:
         04:99:67:49:42:ec:91:b3:ee:d5:df:e8:74:bd:29:f3:df:42:
         2c:a0:0f:a1:3d:26:7e:4a:30:bf:1c:c7:b9:cb:67:24:f4:6c:
         06:03:ed:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdrW6dZduchoFFXoTEYbaBUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNjEzMjIxNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTM0MTY0ZTFmMzI4MTM5ZDVmNzgxZWZiZmFkMGUxODllYzM2OWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xCj3iR7mrHQ4wJbtfpJu5F1Ey5c
JkcAvyCJ0mg49qpClhsw5+eACHJ9lR3DAvdnx9kP/419zZG1gsnrJH0GUtY2mSe3
3t3CFB5v1PtNm/euNKzn9Is8cCYqH0fJ1wVLnESbIsZSLxAkHQ3EqvMRsQ3R0JBO
vHNAO3PPAmWDtCIc9qWbxDbFz1UI4pqo5tQoZEswkiV8XHoh3WWDB943G2bTRUwW
SNnFupd44gOybt3YpPbzeEQJgF4FYEiQZXEAMVZIP7lkhpPEefyJWiJJBQBpVTWr
9uD8E1NG3jv5MjSwP3Ovbtj5xzDyIyOgU8VRfKWBOPfo4Es6/QgwJk7eqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKU0Fk4fMoE51feB77+tDhiew2mwMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcFRRV1RoOHlnVG5WOTRIdnY2ME9HSjdEYWJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVtMA0G
CSqGSIb3DQEBCwUAA4IBAQAWAOA2Zk+mMR4nq/3CVEbASdcmvVOIzt9rew23PDGt
KivXh1ujo3M4e6ZbFMCRhIR99aLljSJhRrt4H1cLRyfBNmS0J3pD28jVTix1w6+5
QsFGnh/zLcFTgiGa7k822GqzaPdT9lYoJJdHd5k2dEBfgDoAGGfm/zCFVqhfsx9Z
hb6oEX+hps6Wuiq8e9PQvlBqEk67vJhuS6IbnsizPN6+aG3yFrhYQJSYsZL+I31u
0l05p5rwmZ6mMucV6H/do0pVWZmj9KcnVUBSno719BOxLQaMnLZ3H7AEmWdJQuyR
s+7V3+h0vSnz30IsoA+hPSZ+SjC/HMe5y2ck9GwGA+3q
-----END CERTIFICATE-----