Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BrvboXd-R8GNHd4-jKlzp5V7lgo.roa
File:                     BrvboXd-R8GNHd4-jKlzp5V7lgo.roa (raw, json)
Hash identifier:          0bOH5J9iQ3ax6KQJ3SDB6W1JrefTUHrdKNYZHuvyxEw=
Subject key identifier:   06:BB:DB:A1:77:7E:47:C1:8D:1D:DE:3E:8C:A9:73:A7:95:7B:96:0A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CC38BD7B70F926FBB85B7F0AF992A16D3
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BrvboXd-R8GNHd4-jKlzp5V7lgo.roa
Signing time:             Fri 06 Mar 2026 14:27:27 +0000
ROA not before:           Fri 06 Mar 2026 14:27:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60949
IP address blocks:        163.5.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Mar 2026 22:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:8b:d7:b7:0f:92:6f:bb:85:b7:f0:af:99:2a:16:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar  6 14:27:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06bbdba1777e47c18d1dde3e8ca973a7957b960a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:83:aa:0a:bb:a7:e5:65:5f:8d:4b:52:51:c6:
                    68:3f:c4:46:3d:a8:22:eb:1f:ae:8c:45:4a:20:b3:
                    b0:c3:bc:86:e3:bd:91:8b:e7:1a:1d:13:22:98:b7:
                    c1:ec:43:b7:45:59:62:0a:56:85:90:c5:05:9a:47:
                    3c:32:f6:95:fa:54:a2:31:44:68:12:7f:c0:d8:52:
                    cd:e2:30:d1:4e:56:4e:74:ea:ec:73:6c:d4:6a:ae:
                    e1:41:ac:f8:40:f4:09:f7:74:07:10:e1:0a:e7:65:
                    69:2b:b6:7e:fd:ff:e8:9f:58:13:78:08:25:cd:84:
                    ba:1d:b3:ce:5c:c3:5c:bd:a5:b8:86:49:54:fc:8e:
                    e9:cc:4a:17:b5:f7:67:bc:c8:73:8e:54:58:f0:87:
                    bf:bd:ef:59:fd:b1:89:5b:10:33:3d:e7:31:87:4a:
                    ba:09:6d:e6:4f:25:91:98:5c:43:6d:3b:7b:8b:87:
                    65:fd:3c:ef:39:19:5a:59:4f:54:8f:64:0e:09:34:
                    95:cf:2e:44:81:34:ac:83:24:e1:5d:e7:19:bf:c4:
                    7a:a8:f9:3e:62:b8:83:1a:a1:46:47:67:6f:20:9a:
                    ea:f6:1d:fc:4d:51:13:d3:99:3b:83:5e:9f:af:32:
                    e9:cf:d1:68:d0:11:82:6b:37:e2:c3:72:35:aa:6f:
                    df:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:BB:DB:A1:77:7E:47:C1:8D:1D:DE:3E:8C:A9:73:A7:95:7B:96:0A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BrvboXd-R8GNHd4-jKlzp5V7lgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:8c:69:01:73:53:ac:5a:4c:f3:35:8f:55:1e:8a:5e:21:e1:
         7b:9b:f4:89:d8:a6:0d:08:a0:44:a4:2b:ff:79:a6:f2:c7:4c:
         5f:f0:91:b5:b0:55:16:df:d9:c4:4c:dd:07:fe:1d:5c:0c:52:
         22:a5:a3:be:b9:2f:bd:be:ac:b1:da:9b:0e:fc:b7:d9:9b:9f:
         4a:69:2b:da:2e:73:d9:4f:d3:dc:c9:ef:02:fb:81:00:9b:49:
         ec:3c:e7:41:35:69:e9:aa:93:ad:40:97:63:41:f5:93:22:55:
         ff:3b:7b:44:f4:f2:38:71:61:b4:ec:98:10:f7:e6:76:0d:a1:
         c9:ce:eb:9e:78:28:4a:43:db:d9:c1:5f:5a:fd:e9:4e:c9:fd:
         d9:35:e4:2a:78:a3:32:c1:2e:1d:46:aa:33:56:a7:a9:0a:b3:
         49:73:20:ac:6c:c7:4a:31:6a:37:55:92:8b:9e:29:f5:eb:90:
         0d:b8:95:60:26:df:94:d1:d0:78:69:59:91:52:ed:6c:60:09:
         02:b7:ef:c8:96:26:4f:42:72:d2:ce:d2:df:14:61:3a:f4:b9:
         ed:28:45:b8:87:0e:b3:a0:67:d7:26:2d:dc:d3:a3:24:fa:45:
         34:a7:1a:ff:b1:eb:31:cb:93:45:a4:2f:0b:02:d6:ee:10:18:
         80:bc:ab:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzDi9e3D5Jvu4W38K+ZKhbTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzA2MTQyNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmJiZGJhMTc3N2U0N2MxOGQxZGRlM2U4Y2E5NzNhNzk1N2I5NjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoOqCrun5WVfjUtSUcZoP8RGPagi
6x+ujEVKILOww7yG472Ri+caHRMimLfB7EO3RVliClaFkMUFmkc8MvaV+lSiMURo
En/A2FLN4jDRTlZOdOrsc2zUaq7hQaz4QPQJ93QHEOEK52VpK7Z+/f/on1gTeAgl
zYS6HbPOXMNcvaW4hklU/I7pzEoXtfdnvMhzjlRY8Ie/ve9Z/bGJWxAzPecxh0q6
CW3mTyWRmFxDbTt7i4dl/TzvORlaWU9Uj2QOCTSVzy5EgTSsgyThXecZv8R6qPk+
YriDGqFGR2dvIJrq9h38TVET05k7g16frzLpz9Fo0BGCazfiw3I1qm/fSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa726F3fkfBjR3ePoypc6eVe5YKMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQnJ2Ym9YZC1SOEdOSGQ0LWpLbHpwNVY3bGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXFMA0G
CSqGSIb3DQEBCwUAA4IBAQAsjGkBc1OsWkzzNY9VHopeIeF7m/SJ2KYNCKBEpCv/
eabyx0xf8JG1sFUW39nETN0H/h1cDFIipaO+uS+9vqyx2psO/LfZm59KaSvaLnPZ
T9Pcye8C+4EAm0nsPOdBNWnpqpOtQJdjQfWTIlX/O3tE9PI4cWG07JgQ9+Z2DaHJ
zuueeChKQ9vZwV9a/elOyf3ZNeQqeKMywS4dRqozVqepCrNJcyCsbMdKMWo3VZKL
nin165ANuJVgJt+U0dB4aVmRUu1sYAkCt+/IliZPQnLSztLfFGE69LntKEW4hw6z
oGfXJi3c06Mk+kU0pxr/sesxy5NFpC8LAtbuEBiAvKtv
-----END CERTIFICATE-----