Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GsXVg0UZgqYvVvc9-IoJYGnaOnY.roa
File:                     GsXVg0UZgqYvVvc9-IoJYGnaOnY.roa (raw, json)
Hash identifier:          Om5NCOpjnxEr/4D4Ly97Xkk7/IZUaQUgjolgp6gglwE=
Subject key identifier:   1A:C5:D5:83:45:19:82:A6:2F:56:F7:3D:F8:8A:09:60:69:DA:3A:76
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01987573A3F76F1E18E4D8C633B4AD4B8201
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GsXVg0UZgqYvVvc9-IoJYGnaOnY.roa
Signing time:             Mon 04 Aug 2025 14:19:29 +0000
ROA not before:           Mon 04 Aug 2025 14:19:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14445
IP address blocks:        163.5.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:73:a3:f7:6f:1e:18:e4:d8:c6:33:b4:ad:4b:82:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug  4 14:19:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ac5d583451982a62f56f73df88a096069da3a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9f:3b:56:64:cf:a7:92:b6:d6:14:a0:0b:18:
                    9e:93:9c:05:9e:b1:14:49:aa:b6:c4:a3:35:e0:dc:
                    b0:15:ff:e6:92:32:1c:cb:0f:b2:dd:c2:de:49:4c:
                    36:8d:c8:82:11:50:77:d7:ba:de:1a:0f:40:61:e7:
                    a8:90:df:4b:1a:00:4b:40:6c:9b:01:c8:bb:54:27:
                    66:2a:83:b4:3c:25:5f:1d:7a:e4:51:ea:f1:27:37:
                    4a:2d:da:a5:80:a4:5a:d9:81:f6:7d:0e:ae:c1:43:
                    ab:71:14:71:4c:ee:31:8b:68:a6:0c:c4:03:2a:69:
                    3f:cf:a6:31:4a:26:5f:18:31:83:08:28:5e:a3:83:
                    8f:04:d5:05:d0:a9:d8:10:9c:70:86:8e:d9:43:f7:
                    56:67:a8:27:97:7d:6c:e8:33:42:29:50:96:d0:66:
                    aa:a7:b8:c7:ce:69:18:22:4e:55:c8:e8:1e:31:79:
                    8b:f5:49:c1:6d:61:81:2a:c0:70:92:d1:a3:52:20:
                    51:b6:88:d3:f0:29:8b:c9:d9:f6:63:11:31:d9:f9:
                    45:2a:a7:07:ed:04:64:b9:48:84:f7:d0:d3:9d:ba:
                    23:8b:51:ee:35:55:88:ec:4c:a4:c4:6e:a9:f4:14:
                    83:ab:39:eb:27:c0:a8:97:ce:64:ed:b4:95:12:c3:
                    59:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:C5:D5:83:45:19:82:A6:2F:56:F7:3D:F8:8A:09:60:69:DA:3A:76
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GsXVg0UZgqYvVvc9-IoJYGnaOnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:53:8a:c4:a7:c0:83:f4:0b:18:00:c5:8a:6d:b9:f2:33:c4:
         cd:2c:71:c8:c1:20:46:e4:d6:d3:36:be:84:69:59:ae:58:d7:
         f8:41:91:b8:a3:7c:f8:06:ae:9d:8b:13:2e:ca:5e:53:e0:45:
         b8:18:04:8d:17:d2:ef:81:6b:9a:83:b7:a4:2f:9e:e0:22:92:
         0b:29:12:09:b2:44:5f:0d:10:f9:55:40:97:37:a2:e4:b6:a0:
         4c:2f:d7:3d:02:e8:03:97:3b:5b:96:8e:fb:e9:b4:ab:5c:ea:
         e3:7e:ce:14:a5:3d:63:d5:82:10:d4:49:01:f4:81:14:94:1f:
         92:c6:29:db:6e:ca:04:64:5f:5e:1b:1a:68:68:ec:d6:72:3d:
         0e:87:cf:eb:82:5d:30:a0:9f:f7:c2:cc:c0:af:41:5f:1f:7b:
         79:db:ea:04:63:aa:00:f1:92:e1:be:6c:82:a3:ff:3e:71:20:
         6d:ab:c7:41:01:65:d2:ee:f8:f4:a4:79:2d:23:fd:07:74:db:
         ec:c2:cf:07:be:8b:09:40:33:d6:6d:7f:13:ca:13:26:55:8a:
         69:06:46:9a:1f:ed:02:59:be:b8:5a:a8:79:9a:26:5a:50:e4:
         42:de:65:c6:88:41:c1:3f:14:85:38:7b:e1:21:ab:b6:f8:89:
         1f:9d:41:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh1c6P3bx4Y5NjGM7StS4IBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwODA0MTQxOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWM1ZDU4MzQ1MTk4MmE2MmY1NmY3M2RmODhhMDk2MDY5ZGEzYTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ87VmTPp5K21hSgCxiek5wFnrEU
Saq2xKM14NywFf/mkjIcyw+y3cLeSUw2jciCEVB317reGg9AYeeokN9LGgBLQGyb
Aci7VCdmKoO0PCVfHXrkUerxJzdKLdqlgKRa2YH2fQ6uwUOrcRRxTO4xi2imDMQD
Kmk/z6YxSiZfGDGDCCheo4OPBNUF0KnYEJxwho7ZQ/dWZ6gnl31s6DNCKVCW0Gaq
p7jHzmkYIk5VyOgeMXmL9UnBbWGBKsBwktGjUiBRtojT8CmLydn2YxEx2flFKqcH
7QRkuUiE99DTnboji1HuNVWI7EykxG6p9BSDqznrJ8Col85k7bSVEsNZvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrF1YNFGYKmL1b3PfiKCWBp2jp2MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvR3NYVmcwVVpncVl2VnZjOS1Jb0pZR25hT25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXIMA0G
CSqGSIb3DQEBCwUAA4IBAQB5U4rEp8CD9AsYAMWKbbnyM8TNLHHIwSBG5NbTNr6E
aVmuWNf4QZG4o3z4Bq6dixMuyl5T4EW4GASNF9LvgWuag7ekL57gIpILKRIJskRf
DRD5VUCXN6LktqBML9c9AugDlztblo776bSrXOrjfs4UpT1j1YIQ1EkB9IEUlB+S
xinbbsoEZF9eGxpoaOzWcj0Oh8/rgl0woJ/3wszAr0FfH3t52+oEY6oA8ZLhvmyC
o/8+cSBtq8dBAWXS7vj0pHktI/0HdNvsws8HvosJQDPWbX8TyhMmVYppBkaaH+0C
Wb64Wqh5miZaUORC3mXGiEHBPxSFOHvhIau2+IkfnUFu
-----END CERTIFICATE-----