Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/19WCo-S_yEq3dw6RU0GZkq65j-k.roa
File:                     19WCo-S_yEq3dw6RU0GZkq65j-k.roa (raw, json)
Hash identifier:          /TJmCP1atFxd/Txpj4vqyXEKjLEK7DU6wQrKJ1J6xmU=
Subject key identifier:   D7:D5:82:A3:E4:BF:C8:4A:B7:77:0E:91:53:41:99:92:AE:B9:8F:E9
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019E6386D01E2D0D4AA7784E89AE6BD9BD2A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/19WCo-S_yEq3dw6RU0GZkq65j-k.roa
Signing time:             Tue 26 May 2026 09:03:59 +0000
ROA not before:           Tue 26 May 2026 09:03:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153928
IP address blocks:        163.5.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:86:d0:1e:2d:0d:4a:a7:78:4e:89:ae:6b:d9:bd:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 26 09:03:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7d582a3e4bfc84ab7770e9153419992aeb98fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:92:87:85:5b:f7:0f:43:02:f3:3f:4f:13:10:
                    8a:32:bb:d0:e8:c5:88:90:f3:d6:50:54:f1:63:04:
                    60:bb:ae:eb:02:a0:bc:d5:08:8e:fb:22:5b:75:e2:
                    6c:52:ea:ef:ea:97:47:40:f5:47:5d:53:02:6f:68:
                    6e:a2:73:71:6c:ad:fe:18:38:7a:e1:e7:a3:f2:92:
                    f7:5f:9e:dd:c7:52:ae:52:28:21:01:84:9a:3c:d5:
                    63:db:ec:6d:2f:ab:44:61:01:2d:d2:83:b9:aa:18:
                    a5:86:7c:44:ee:71:96:f6:17:3e:f4:53:14:e9:34:
                    39:4e:4d:4c:19:9a:68:b0:35:88:85:24:5f:15:b6:
                    c8:fb:95:30:31:41:32:f2:90:c5:13:a4:3a:c2:e1:
                    e6:f9:3c:ea:2a:ce:b2:ad:65:9a:70:d2:a9:93:17:
                    64:c6:ea:88:4a:10:07:eb:22:fe:b6:3c:36:02:24:
                    7b:78:7c:a0:67:71:82:44:ab:22:cc:ba:9e:d2:42:
                    24:e5:17:0c:ad:73:ae:cb:ad:aa:63:fa:3a:bc:2c:
                    4b:61:72:26:99:79:2a:e1:45:21:05:19:a4:55:a5:
                    c6:d9:aa:44:53:08:c4:0a:f7:9a:d9:ff:a3:24:ba:
                    0f:dd:85:15:63:37:7d:78:d0:3a:54:02:76:61:9a:
                    4f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:D5:82:A3:E4:BF:C8:4A:B7:77:0E:91:53:41:99:92:AE:B9:8F:E9
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/19WCo-S_yEq3dw6RU0GZkq65j-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:fe:86:06:67:78:a8:45:3a:a5:86:7b:0f:5e:f8:d2:f0:05:
         cc:ec:b2:37:38:de:80:be:9f:d8:73:57:dc:81:3d:54:58:7b:
         1c:30:9c:3c:72:74:94:23:91:a2:3a:ab:1e:e4:06:ec:94:7b:
         0a:86:9c:9c:c2:94:4a:4b:b5:2f:07:7a:47:75:e8:9c:ad:21:
         01:64:ec:a3:66:fb:f9:10:d7:75:d2:69:c3:f0:d4:0c:d7:0e:
         fb:94:7f:51:f7:19:c0:af:94:c3:3d:aa:26:da:37:21:48:72:
         23:44:af:1d:8c:f0:6f:e5:a9:cf:f4:8b:eb:93:77:05:ea:01:
         9c:15:cf:38:8e:c3:ef:b4:e3:ae:92:dc:4c:56:cc:0a:e3:09:
         2b:a4:8b:25:b2:09:c5:1d:4c:b1:67:c4:3f:30:65:2d:86:a4:
         b2:f3:29:e0:2b:86:01:11:d3:26:7f:f1:32:80:88:1e:4f:f4:
         bb:8d:4d:ed:8d:92:6f:1d:da:da:47:12:c1:82:53:29:43:6b:
         49:ff:f7:b0:e9:78:2d:a5:19:22:27:54:86:d8:01:31:51:4e:
         d1:f6:5a:fe:47:4f:c9:23:97:eb:f2:1d:b0:1d:57:18:a5:9a:
         94:75:cc:da:91:cd:d3:ea:2e:cf:9e:e1:5d:af:1a:4a:db:df:
         ea:c4:3b:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jhtAeLQ1Kp3hOia5r2b0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNTI2MDkwMzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Q1ODJhM2U0YmZjODRhYjc3NzBlOTE1MzQxOTk5MmFlYjk4ZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5KHhVv3D0MC8z9PExCKMrvQ6MWI
kPPWUFTxYwRgu67rAqC81QiO+yJbdeJsUurv6pdHQPVHXVMCb2huonNxbK3+GDh6
4eej8pL3X57dx1KuUighAYSaPNVj2+xtL6tEYQEt0oO5qhilhnxE7nGW9hc+9FMU
6TQ5Tk1MGZposDWIhSRfFbbI+5UwMUEy8pDFE6Q6wuHm+TzqKs6yrWWacNKpkxdk
xuqIShAH6yL+tjw2AiR7eHygZ3GCRKsizLqe0kIk5RcMrXOuy62qY/o6vCxLYXIm
mXkq4UUhBRmkVaXG2apEUwjECvea2f+jJLoP3YUVYzd9eNA6VAJ2YZpPCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfVgqPkv8hKt3cOkVNBmZKuuY/pMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMTlXQ28tU195RXEzZHc2UlUwR1prcTY1ai1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWUMA0G
CSqGSIb3DQEBCwUAA4IBAQCq/oYGZ3ioRTqlhnsPXvjS8AXM7LI3ON6Avp/Yc1fc
gT1UWHscMJw8cnSUI5GiOqse5AbslHsKhpycwpRKS7UvB3pHdeicrSEBZOyjZvv5
ENd10mnD8NQM1w77lH9R9xnAr5TDPaom2jchSHIjRK8djPBv5anP9Ivrk3cF6gGc
Fc84jsPvtOOuktxMVswK4wkrpIslsgnFHUyxZ8Q/MGUthqSy8yngK4YBEdMmf/Ey
gIgeT/S7jU3tjZJvHdraRxLBglMpQ2tJ//ew6XgtpRkiJ1SG2AExUU7R9lr+R0/J
I5fr8h2wHVcYpZqUdczakc3T6i7PnuFdrxpK29/qxDtC
-----END CERTIFICATE-----