Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0VxS3WwSTwZ93Px8NlTrdwwf3tw.roa
File:                     0VxS3WwSTwZ93Px8NlTrdwwf3tw.roa (raw, json)
Hash identifier:          oBpcSr/t/FW91b59CcTrESurLP0CeAvssgU30XpJVQg=
Subject key identifier:   D1:5C:52:DD:6C:12:4F:06:7D:DC:FC:7C:36:54:EB:77:0C:1F:DE:DC
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D01F86916D8451DBDA27142CE91247257
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0VxS3WwSTwZ93Px8NlTrdwwf3tw.roa
Signing time:             Wed 18 Mar 2026 17:22:30 +0000
ROA not before:           Wed 18 Mar 2026 17:22:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7488
IP address blocks:        163.5.182.0/24 maxlen: 24
                          163.5.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 10:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:f8:69:16:d8:45:1d:bd:a2:71:42:ce:91:24:72:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 18 17:22:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d15c52dd6c124f067ddcfc7c3654eb770c1fdedc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:91:24:35:57:fc:2b:01:12:69:2e:05:db:60:
                    c8:aa:16:70:e7:46:b8:37:22:66:7f:1f:96:42:71:
                    48:7d:44:e1:f2:89:7b:75:3f:f5:db:94:0d:00:63:
                    ea:d6:6f:34:da:3c:30:71:da:53:93:ef:b5:ae:95:
                    7d:44:a4:54:be:c1:20:ee:28:65:b0:e3:5a:43:3b:
                    9c:b7:36:7e:cb:cf:da:e6:94:b2:5d:c1:f3:45:c7:
                    0d:54:f9:0f:23:b2:f1:3f:61:ed:c6:a8:96:f2:68:
                    1e:76:e9:ae:9d:c1:92:14:cd:38:a3:f7:a7:8d:f2:
                    49:c3:c5:3e:02:4d:86:49:55:fd:a3:1f:ed:c6:e8:
                    92:a6:1c:2c:b9:a2:52:65:17:16:7c:64:35:29:f4:
                    63:43:c8:e2:bb:d5:29:37:f5:9a:ba:88:07:78:8e:
                    5b:54:ab:b1:9d:80:c5:94:df:6c:b7:6f:b5:da:da:
                    bf:6d:44:47:93:78:0e:c0:86:e4:3c:03:28:c0:b3:
                    92:52:7b:5b:1d:3d:2e:cf:b7:10:f0:7b:ec:2c:71:
                    4b:fd:d8:12:76:b0:e6:85:78:c2:81:b3:a9:2d:2a:
                    79:68:23:01:a5:42:80:ee:7b:db:56:61:bf:3c:40:
                    1e:ab:83:c6:a4:6f:d2:6f:e3:21:a5:e2:58:a1:00:
                    91:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:5C:52:DD:6C:12:4F:06:7D:DC:FC:7C:36:54:EB:77:0C:1F:DE:DC
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0VxS3WwSTwZ93Px8NlTrdwwf3tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.182.0/24
                  163.5.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:6a:89:90:b9:37:8d:1e:08:39:4d:17:36:a1:67:6b:97:68:
         3e:6b:f4:83:09:b9:7c:05:da:f3:d9:0c:3b:a7:ed:59:a8:bd:
         43:10:75:b0:36:85:ca:ea:2b:e7:2e:82:fd:50:ec:3f:da:0d:
         5a:f5:ea:d1:ba:7a:9c:76:c7:69:52:62:63:8a:75:8f:78:b3:
         94:c4:0d:54:d0:57:7a:10:d3:8f:e1:f0:02:72:5d:b5:05:49:
         0b:62:79:b7:84:b7:58:8a:50:30:f1:47:2f:5a:74:f9:96:58:
         20:b7:c8:ae:c2:5d:69:03:02:ef:1c:78:3c:4b:1e:4c:7a:c8:
         59:59:f6:ce:b3:b5:a2:f3:30:b1:b5:7b:86:7c:18:52:42:55:
         4e:2a:0e:19:6f:ef:07:cc:98:a2:02:3d:c6:d3:bc:35:bb:be:
         24:c3:46:79:0d:41:21:8c:8f:e8:f0:6e:fe:35:0c:2d:4c:b4:
         0c:4d:ea:0a:d0:4a:6f:4c:73:cb:8b:7e:70:66:2d:cd:19:ce:
         11:fa:dd:01:3f:3e:e7:0d:38:28:d5:34:f6:99:57:43:fe:be:
         6a:e5:b1:91:a6:3f:43:15:83:f6:9a:6a:20:23:7e:97:dd:fe:
         50:af:44:70:17:50:4c:3d:9c:3c:8e:76:68:6f:bc:d6:f8:70:
         88:d0:24:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0B+GkW2EUdvaJxQs6RJHJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzE4MTcyMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTVjNTJkZDZjMTI0ZjA2N2RkY2ZjN2MzNjU0ZWI3NzBjMWZkZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5EkNVf8KwESaS4F22DIqhZw50a4
NyJmfx+WQnFIfUTh8ol7dT/125QNAGPq1m802jwwcdpTk++1rpV9RKRUvsEg7ihl
sONaQzuctzZ+y8/a5pSyXcHzRccNVPkPI7LxP2HtxqiW8mgedumuncGSFM04o/en
jfJJw8U+Ak2GSVX9ox/txuiSphwsuaJSZRcWfGQ1KfRjQ8jiu9UpN/WauogHeI5b
VKuxnYDFlN9st2+12tq/bURHk3gOwIbkPAMowLOSUntbHT0uz7cQ8HvsLHFL/dgS
drDmhXjCgbOpLSp5aCMBpUKA7nvbVmG/PEAeq4PGpG/Sb+MhpeJYoQCRBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNFcUt1sEk8Gfdz8fDZU63cMH97cMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMFZ4UzNXd1NUd1o5M1B4OE5sVHJkd3dmM3R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowW2AwQA
owX0MA0GCSqGSIb3DQEBCwUAA4IBAQCQaomQuTeNHgg5TRc2oWdrl2g+a/SDCbl8
Bdrz2Qw7p+1ZqL1DEHWwNoXK6ivnLoL9UOw/2g1a9erRunqcdsdpUmJjinWPeLOU
xA1U0Fd6ENOP4fACcl21BUkLYnm3hLdYilAw8UcvWnT5llggt8iuwl1pAwLvHHg8
Sx5MeshZWfbOs7Wi8zCxtXuGfBhSQlVOKg4Zb+8HzJiiAj3G07w1u74kw0Z5DUEh
jI/o8G7+NQwtTLQMTeoK0EpvTHPLi35wZi3NGc4R+t0BPz7nDTgo1TT2mVdD/r5q
5bGRpj9DFYP2mmogI36X3f5Qr0RwF1BMPZw8jnZob7zW+HCI0CTt
-----END CERTIFICATE-----