Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CJO84V0p3LpvGj6u9QunuJJ77Wo.roa
File:                     CJO84V0p3LpvGj6u9QunuJJ77Wo.roa (raw, json)
Hash identifier:          K/OAt4LaL96+vsuI/T2BKTiyDmeBpeyWKo2eRpO9cAU=
Subject key identifier:   08:93:BC:E1:5D:29:DC:BA:6F:1A:3E:AE:F5:0B:A7:B8:92:7B:ED:6A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019E8836B7065E274D472EA86FE736354773
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CJO84V0p3LpvGj6u9QunuJJ77Wo.roa
Signing time:             Tue 02 Jun 2026 12:02:27 +0000
ROA not before:           Tue 02 Jun 2026 12:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        163.5.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 12:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:36:b7:06:5e:27:4d:47:2e:a8:6f:e7:36:35:47:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun  2 12:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0893bce15d29dcba6f1a3eaef50ba7b8927bed6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:83:87:40:e5:89:48:b0:e8:98:c7:43:66:81:
                    e4:6d:f1:3d:23:43:f9:ac:40:b7:f7:54:2e:7e:76:
                    46:78:79:5e:47:4a:ef:d3:71:cf:39:fd:23:bb:67:
                    90:db:6b:f6:20:dd:cd:05:7a:d9:b7:10:2c:1e:ba:
                    69:2d:0f:7a:1c:c3:c9:54:59:c7:3d:a1:10:fc:e0:
                    91:90:93:07:56:3f:ab:13:e5:ee:ae:1b:f3:e1:a0:
                    58:f6:0f:2a:29:09:75:a1:e2:b2:c1:51:3c:07:74:
                    18:12:bd:12:71:11:78:bc:be:13:75:19:42:cb:e0:
                    a7:63:a7:f5:26:b7:75:d8:c0:2f:5c:b4:94:77:fb:
                    04:2a:bb:83:c4:34:4d:a4:ab:bc:b7:b8:b7:93:78:
                    1a:a2:75:86:4e:bb:5f:0e:9b:62:6a:70:af:be:e9:
                    70:9c:08:78:76:3b:de:91:5e:94:75:5f:29:df:90:
                    07:90:17:9b:2e:9a:20:8e:b2:65:de:3d:fe:6a:c6:
                    07:6b:29:7a:9d:15:8e:2b:c8:19:93:56:98:d9:07:
                    d2:1a:b2:5a:af:a4:72:67:b7:f5:e6:38:1a:0a:ea:
                    a3:f8:24:9d:ff:1f:c3:e5:08:62:93:8e:ba:5d:7c:
                    32:72:e7:31:8f:3c:ec:ab:f2:9e:c4:83:10:38:a2:
                    15:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:93:BC:E1:5D:29:DC:BA:6F:1A:3E:AE:F5:0B:A7:B8:92:7B:ED:6A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CJO84V0p3LpvGj6u9QunuJJ77Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:30:dd:82:f2:97:5b:d9:ce:54:e6:0c:da:0b:95:94:83:b4:
         f2:5a:a0:5f:8c:5f:d9:8d:3c:d4:53:10:97:3c:3e:e2:a3:5d:
         56:ec:75:9b:3f:dc:0f:34:95:1f:f9:93:9b:24:12:8d:75:3e:
         d0:ea:cb:66:6d:a1:fc:db:cf:38:77:a0:1b:7b:8d:09:8c:2e:
         5c:a4:8f:65:86:75:de:68:c3:69:ef:db:45:53:cb:4c:b0:0c:
         84:e2:cb:73:44:65:5f:4a:21:93:3a:3e:ba:ec:7d:f9:a5:e0:
         39:dc:a6:a6:fa:6f:3e:2c:68:1e:07:40:fd:a7:ed:bb:c1:29:
         e3:b4:71:c5:be:0d:1f:09:39:2e:48:8e:8c:a7:ad:70:8b:f6:
         b3:00:91:fa:da:e9:cd:1f:03:df:bc:9f:df:13:7b:75:6a:7f:
         67:c3:b8:74:ad:8d:87:10:da:4e:88:88:56:9a:e0:95:f7:dc:
         c0:13:94:87:c0:bc:6e:1a:b6:ff:15:24:c2:e6:35:43:b7:51:
         0f:7b:eb:61:dc:05:24:54:85:15:03:96:41:6b:cc:9c:d8:a4:
         d5:66:8b:f3:fb:98:e9:3b:d9:ff:df:d3:c9:09:57:5f:ee:de:
         6b:f1:c6:0f:b7:0e:c0:b0:d3:aa:72:bf:54:83:50:ab:1d:ce:
         41:1c:f5:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6INrcGXidNRy6ob+c2NUdzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNjAyMTIwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODkzYmNlMTVkMjlkY2JhNmYxYTNlYWVmNTBiYTdiODkyN2JlZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9oOHQOWJSLDomMdDZoHkbfE9I0P5
rEC391QufnZGeHleR0rv03HPOf0ju2eQ22v2IN3NBXrZtxAsHrppLQ96HMPJVFnH
PaEQ/OCRkJMHVj+rE+Xurhvz4aBY9g8qKQl1oeKywVE8B3QYEr0ScRF4vL4TdRlC
y+CnY6f1Jrd12MAvXLSUd/sEKruDxDRNpKu8t7i3k3gaonWGTrtfDptianCvvulw
nAh4djvekV6UdV8p35AHkBebLpogjrJl3j3+asYHayl6nRWOK8gZk1aY2QfSGrJa
r6RyZ7f15jgaCuqj+CSd/x/D5Qhik466XXwycucxjzzsq/KexIMQOKIV2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiTvOFdKdy6bxo+rvULp7iSe+1qMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQ0pPODRWMHAzTHB2R2o2dTlRdW51Sko3N1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWEMA0G
CSqGSIb3DQEBCwUAA4IBAQCHMN2C8pdb2c5U5gzaC5WUg7TyWqBfjF/ZjTzUUxCX
PD7io11W7HWbP9wPNJUf+ZObJBKNdT7Q6stmbaH82884d6Abe40JjC5cpI9lhnXe
aMNp79tFU8tMsAyE4stzRGVfSiGTOj667H35peA53Kam+m8+LGgeB0D9p+27wSnj
tHHFvg0fCTkuSI6Mp61wi/azAJH62unNHwPfvJ/fE3t1an9nw7h0rY2HENpOiIhW
muCV99zAE5SHwLxuGrb/FSTC5jVDt1EPe+th3AUkVIUVA5ZBa8yc2KTVZovz+5jp
O9n/39PJCVdf7t5r8cYPtw7AsNOqcr9Ug1CrHc5BHPW4
-----END CERTIFICATE-----