Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/wbHJ49uXchyJWb8YdLJSdZqTtzM.roa
File:                     wbHJ49uXchyJWb8YdLJSdZqTtzM.roa (raw, json)
Hash identifier:          jKxwH1QzFMJEMYtDcM7aHEKDtixB8vFwrF8cKl0uiNQ=
Subject key identifier:   C1:B1:C9:E3:DB:97:72:1C:89:59:BF:18:74:B2:52:75:9A:93:B7:33
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019E99257A793621EC3AE6437703038A4FE9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/wbHJ49uXchyJWb8YdLJSdZqTtzM.roa
Signing time:             Fri 05 Jun 2026 18:57:10 +0000
ROA not before:           Fri 05 Jun 2026 18:57:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206230
IP address blocks:        163.5.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:99:25:7a:79:36:21:ec:3a:e6:43:77:03:03:8a:4f:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun  5 18:57:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1b1c9e3db97721c8959bf1874b252759a93b733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0a:88:96:a6:16:3a:8b:33:0b:c4:46:9a:9e:
                    53:76:7c:2a:0c:77:33:08:b8:3b:1e:17:9c:90:31:
                    28:b0:f0:71:32:5c:e0:04:47:0c:48:95:8d:ea:4e:
                    e5:3d:3c:c4:d7:bc:f4:19:b9:b0:04:ab:bf:55:50:
                    aa:1d:22:a0:81:56:13:79:11:7e:99:f6:36:aa:4e:
                    9f:e0:09:89:cf:d7:47:35:4c:b2:ae:4e:27:43:73:
                    cd:7c:93:d6:05:07:5b:94:f6:f4:4e:b6:14:8d:dd:
                    55:2f:cb:f5:c2:36:98:0f:d0:c9:d6:e7:b6:95:e0:
                    5d:df:6b:f1:6f:64:c7:92:45:28:57:91:77:b7:93:
                    47:72:62:8f:20:2e:fd:fd:b3:eb:53:a3:8a:4d:78:
                    8f:d5:11:33:f0:6d:ca:61:1a:cb:8d:f8:e4:55:8d:
                    88:12:b3:49:5c:1e:f0:95:b4:ed:84:e1:5b:b4:d9:
                    f9:6a:8d:b6:81:ed:6c:89:c3:2d:b7:65:ca:c7:84:
                    f1:d6:e6:36:8f:50:d1:c2:f1:02:03:3a:38:1d:7d:
                    92:f0:54:5b:7f:91:dd:1b:dc:d7:16:97:96:7f:62:
                    38:71:ef:b4:ed:69:15:63:25:ad:29:1c:07:fb:d5:
                    75:48:22:d2:1d:8c:85:6a:d3:ab:53:b8:6c:75:f6:
                    02:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:B1:C9:E3:DB:97:72:1C:89:59:BF:18:74:B2:52:75:9A:93:B7:33
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/wbHJ49uXchyJWb8YdLJSdZqTtzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:80:a4:e5:e0:1d:55:c1:39:9e:68:5c:06:fc:15:06:3a:c9:
         3b:4e:a5:55:46:a8:42:44:fe:cc:2c:58:f2:c9:b3:59:0a:54:
         2b:1a:5c:c5:60:3b:b7:73:49:aa:b5:3e:22:7a:29:e4:f1:c9:
         fe:a4:f6:cb:ca:e0:2d:3d:73:1a:8f:ee:d2:85:2e:d1:e8:6d:
         81:06:05:31:d6:a4:d5:bc:8a:6c:17:bb:d4:c2:8a:0c:ec:06:
         5e:57:51:d8:02:05:35:cb:d3:3e:21:69:ff:f4:29:9b:ba:1c:
         e5:9b:41:cd:04:4f:91:9e:d8:2b:87:e2:57:d0:ac:9f:f7:47:
         56:22:5d:9c:5b:2e:e5:32:95:73:91:f9:72:2f:d9:04:67:e2:
         c2:43:4d:c6:af:30:18:05:f6:04:23:bf:fd:38:db:55:e6:4b:
         8b:4a:5e:72:b5:2a:cf:9f:76:09:1b:e9:13:c6:7c:5b:5c:59:
         62:c7:d5:cb:df:44:b4:ba:f2:99:ce:d0:39:aa:bc:53:0d:0d:
         96:b0:d3:47:f1:45:6a:14:39:f4:64:03:e6:f8:76:97:90:17:
         58:1b:8d:65:2a:40:99:56:f1:c0:53:fb:ab:96:d6:43:4f:64:
         80:69:1e:75:8e:57:0a:5f:db:76:05:51:3d:f0:b9:89:ad:76:
         8f:e8:0a:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6ZJXp5NiHsOuZDdwMDik/pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNjA1MTg1NzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWIxYzllM2RiOTc3MjFjODk1OWJmMTg3NGIyNTI3NTlhOTNiNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAqIlqYWOoszC8RGmp5TdnwqDHcz
CLg7HheckDEosPBxMlzgBEcMSJWN6k7lPTzE17z0GbmwBKu/VVCqHSKggVYTeRF+
mfY2qk6f4AmJz9dHNUyyrk4nQ3PNfJPWBQdblPb0TrYUjd1VL8v1wjaYD9DJ1ue2
leBd32vxb2THkkUoV5F3t5NHcmKPIC79/bPrU6OKTXiP1REz8G3KYRrLjfjkVY2I
ErNJXB7wlbTthOFbtNn5ao22ge1sicMtt2XKx4Tx1uY2j1DRwvECAzo4HX2S8FRb
f5HdG9zXFpeWf2I4ce+07WkVYyWtKRwH+9V1SCLSHYyFatOrU7hsdfYCOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGxyePbl3IciVm/GHSyUnWak7czMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvd2JISjQ5dVhjaHlKV2I4WWRMSlNkWnFUdHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUfMA0G
CSqGSIb3DQEBCwUAA4IBAQBigKTl4B1VwTmeaFwG/BUGOsk7TqVVRqhCRP7MLFjy
ybNZClQrGlzFYDu3c0mqtT4ieink8cn+pPbLyuAtPXMaj+7ShS7R6G2BBgUx1qTV
vIpsF7vUwooM7AZeV1HYAgU1y9M+IWn/9Cmbuhzlm0HNBE+Rntgrh+JX0Kyf90dW
Il2cWy7lMpVzkflyL9kEZ+LCQ03GrzAYBfYEI7/9ONtV5kuLSl5ytSrPn3YJG+kT
xnxbXFlix9XL30S0uvKZztA5qrxTDQ2WsNNH8UVqFDn0ZAPm+HaXkBdYG41lKkCZ
VvHAU/urltZDT2SAaR51jlcKX9t2BVE98LmJrXaP6ArP
-----END CERTIFICATE-----