Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/JmQmsRG7bKsCNUy1TFzVgbgSDk8.roa
File:                     JmQmsRG7bKsCNUy1TFzVgbgSDk8.roa (raw, json)
Hash identifier:          HCU24wAh/86oxeWsJLYTfe+VKwY0gDCKB2u9W+U7a7s=
Subject key identifier:   26:64:26:B1:11:BB:6C:AB:02:35:4C:B5:4C:5C:D5:81:B8:12:0E:4F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D9A10BC643BAA3582DF4BD2D40AB1073C
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/JmQmsRG7bKsCNUy1TFzVgbgSDk8.roa
Signing time:             Fri 17 Apr 2026 06:11:21 +0000
ROA not before:           Fri 17 Apr 2026 06:11:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214143
IP address blocks:        163.5.35.0/24 maxlen: 24
                          163.5.44.0/24 maxlen: 24
                          163.5.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:10:bc:64:3b:aa:35:82:df:4b:d2:d4:0a:b1:07:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 17 06:11:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=266426b111bb6cab02354cb54c5cd581b8120e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a1:2f:59:6a:32:46:24:64:a7:35:be:7b:e3:
                    3f:67:ae:48:ff:15:31:c2:46:66:66:53:07:1e:2a:
                    51:d5:32:a0:0c:da:2c:5a:48:46:10:8e:3d:9c:a8:
                    7e:c3:1f:9b:25:6d:db:80:f6:bf:f6:8c:46:1f:03:
                    d4:77:c4:de:b3:c2:46:58:cd:e2:b5:ca:af:0d:72:
                    b5:42:70:2c:09:73:70:1f:c8:bd:be:ca:87:e3:61:
                    57:9c:ae:e2:70:fe:57:6c:31:14:0e:d4:50:f9:5d:
                    67:90:71:b4:c7:58:89:95:af:f8:cd:38:ac:52:51:
                    ef:70:04:f2:fa:33:a2:61:cc:34:98:30:46:65:91:
                    09:09:2f:f6:1f:57:65:7c:c8:b3:1b:03:39:20:1c:
                    9e:2f:fd:c3:5f:5b:6c:cf:40:87:7e:62:d2:9f:53:
                    c1:c8:47:95:8d:fe:41:99:4c:ed:cc:79:ba:87:a0:
                    e0:e1:c6:d3:71:1e:cf:ee:7b:8c:8e:7e:0e:46:c2:
                    3f:51:56:4d:a7:04:ec:ba:bb:12:5a:a2:3c:7e:21:
                    66:a3:ad:0a:e5:ac:81:f3:b5:07:bd:81:36:c7:52:
                    cc:9c:9b:36:fe:ad:f2:68:b9:76:5b:df:b1:76:1c:
                    00:32:c9:bf:31:6a:20:43:8f:ca:64:2d:5e:c4:37:
                    01:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:64:26:B1:11:BB:6C:AB:02:35:4C:B5:4C:5C:D5:81:B8:12:0E:4F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/JmQmsRG7bKsCNUy1TFzVgbgSDk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.35.0/24
                  163.5.44.0/24
                  163.5.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:a5:18:8e:09:b0:81:50:a2:df:6a:14:88:d6:0b:42:a7:0a:
         9b:95:2c:17:1e:1b:e3:dd:b5:5a:3e:d1:72:19:b1:7f:97:f7:
         51:c9:75:7b:d1:77:f1:73:c8:9d:5a:0b:5b:0a:aa:52:08:26:
         31:0a:17:c5:fd:f0:ae:b3:09:78:82:95:4c:88:a8:eb:5a:b0:
         92:1d:52:c0:9d:26:f2:27:31:9f:af:0b:74:10:57:c0:27:cc:
         0b:da:b9:d8:f7:64:9d:7e:60:02:6c:db:f2:68:44:5f:e1:86:
         02:b7:ae:2f:02:62:98:9b:f6:ee:87:83:0f:9f:2f:93:c1:1f:
         9a:00:57:aa:8c:fa:61:9c:8c:a5:7c:af:8a:97:2b:ef:75:ed:
         7a:99:d9:e4:ba:3e:4a:7e:17:21:2a:fd:43:ad:3a:01:5a:8c:
         84:41:b2:7a:b5:dc:d4:d1:37:e8:df:78:d9:ea:33:65:58:b5:
         df:fe:18:ce:91:8f:5d:4e:cf:8b:36:60:44:28:56:65:1d:76:
         f8:1f:d9:4e:6d:c7:9e:ad:aa:20:74:0f:44:0f:ca:9d:4d:eb:
         e4:98:85:8f:33:03:a8:7c:7b:31:5e:0e:93:39:18:32:a5:a8:
         35:94:71:d2:72:55:4a:3a:83:91:3b:93:28:83:0e:43:9a:ce:
         e0:1e:67:c2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2aELxkO6o1gt9L0tQKsQc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDE3MDYxMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjY0MjZiMTExYmI2Y2FiMDIzNTRjYjU0YzVjZDU4MWI4MTIwZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6EvWWoyRiRkpzW+e+M/Z65I/xUx
wkZmZlMHHipR1TKgDNosWkhGEI49nKh+wx+bJW3bgPa/9oxGHwPUd8Tes8JGWM3i
tcqvDXK1QnAsCXNwH8i9vsqH42FXnK7icP5XbDEUDtRQ+V1nkHG0x1iJla/4zTis
UlHvcATy+jOiYcw0mDBGZZEJCS/2H1dlfMizGwM5IByeL/3DX1tsz0CHfmLSn1PB
yEeVjf5BmUztzHm6h6Dg4cbTcR7P7nuMjn4ORsI/UVZNpwTsursSWqI8fiFmo60K
5ayB87UHvYE2x1LMnJs2/q3yaLl2W9+xdhwAMsm/MWogQ4/KZC1exDcBYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCZkJrERu2yrAjVMtUxc1YG4Eg5PMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSm1RbXNSRzdiS3NDTlV5MVRGelZnYmdTRGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowUjAwQA
owUsAwQAowWzMA0GCSqGSIb3DQEBCwUAA4IBAQBMpRiOCbCBUKLfahSI1gtCpwqb
lSwXHhvj3bVaPtFyGbF/l/dRyXV70Xfxc8idWgtbCqpSCCYxChfF/fCuswl4gpVM
iKjrWrCSHVLAnSbyJzGfrwt0EFfAJ8wL2rnY92SdfmACbNvyaERf4YYCt64vAmKY
m/buh4MPny+TwR+aAFeqjPphnIylfK+Klyvvde16mdnkuj5KfhchKv1DrToBWoyE
QbJ6tdzU0Tfo33jZ6jNlWLXf/hjOkY9dTs+LNmBEKFZlHXb4H9lObceeraogdA9E
D8qdTevkmIWPMwOofHsxXg6TORgypag1lHHSclVKOoORO5Mogw5Dms7gHmfC
-----END CERTIFICATE-----