Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/KydhcE-RVL3Gy6vqSL1LPAMsdNc.roa
File:                     KydhcE-RVL3Gy6vqSL1LPAMsdNc.roa (raw, json)
Hash identifier:          LbzLiMqzOGkU88qout51uQlj3VftvsGuzn+UYboRKqU=
Subject key identifier:   2B:27:61:70:4F:91:54:BD:C6:CB:AB:EA:48:BD:4B:3C:03:2C:74:D7
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0196F3068AA02C1B92F4F8E4070DF023550D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/KydhcE-RVL3Gy6vqSL1LPAMsdNc.roa
Signing time:             Wed 21 May 2025 13:26:54 +0000
ROA not before:           Wed 21 May 2025 13:26:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        163.5.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:06:8a:a0:2c:1b:92:f4:f8:e4:07:0d:f0:23:55:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 21 13:26:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b2761704f9154bdc6cbabea48bd4b3c032c74d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6b:fd:82:1b:b2:7e:a7:b3:3e:84:f2:3d:55:
                    1a:61:fe:3d:9b:dc:ea:ba:cc:23:1d:7a:41:10:89:
                    68:a7:9c:7e:42:fc:51:f1:16:83:a5:85:84:89:e8:
                    80:ea:01:5d:52:77:3e:65:65:cd:df:66:8c:af:1b:
                    1b:7d:4c:1f:8b:48:33:b9:db:cb:e8:73:fa:81:cb:
                    c2:13:05:ec:fa:02:9d:20:68:db:50:12:c2:15:4a:
                    ea:e9:e8:79:4f:8b:29:d8:08:d5:2d:92:92:47:89:
                    16:9c:98:4c:01:26:ed:73:c7:3a:60:57:63:3f:9c:
                    af:d0:4e:f3:a1:97:f2:a2:b6:20:c4:1f:0c:58:ee:
                    b9:55:30:92:d0:0b:5b:91:6d:4f:a6:2b:27:46:85:
                    98:b1:da:6c:6d:d8:9b:3d:7c:c6:b1:96:48:8a:05:
                    83:6a:65:41:7f:0f:59:f9:84:55:d3:55:cc:38:c5:
                    9a:38:6e:71:f6:cd:67:47:94:e6:06:6b:b9:71:4b:
                    80:30:5c:6e:c2:72:4d:5d:17:4d:34:cd:a1:d8:61:
                    76:62:4d:86:1f:88:06:68:f0:4d:84:01:36:11:9f:
                    8e:0e:01:99:73:d0:78:7e:c6:1e:cd:8d:54:a7:af:
                    72:cf:84:1b:b1:31:73:7f:2f:14:4e:03:62:a3:71:
                    ae:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:27:61:70:4F:91:54:BD:C6:CB:AB:EA:48:BD:4B:3C:03:2C:74:D7
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/KydhcE-RVL3Gy6vqSL1LPAMsdNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:3d:56:00:93:7b:af:a6:a3:e6:af:db:8d:2a:2e:33:a8:d7:
         ec:5d:5a:1f:7d:a6:d1:6b:b9:7a:38:1c:50:32:6b:30:ec:b2:
         1a:74:3f:71:af:63:d6:e5:90:3a:0e:80:d2:35:c1:f8:56:de:
         e2:d0:0d:0c:11:26:77:fc:b5:b0:22:d4:92:f8:ee:bc:66:aa:
         52:20:35:f5:2d:38:22:d0:b3:c8:47:d2:c4:62:3f:38:de:83:
         5d:ab:5a:fb:2c:96:80:a3:9e:02:f8:50:d8:4b:e9:f2:b4:da:
         76:d9:dc:64:b4:07:8b:94:80:64:9c:bd:d9:7a:b2:34:4f:cb:
         59:d3:91:c0:8a:68:f7:da:13:6b:16:06:7b:61:6b:3f:10:5a:
         b5:96:e5:74:c3:88:df:5d:af:97:03:34:63:b3:82:e3:16:cb:
         22:dd:6e:36:2a:a8:ad:ac:81:96:05:12:e6:5d:e4:af:38:cf:
         47:47:c6:12:4b:0f:3a:b4:40:4d:41:49:38:5d:55:d7:7e:e4:
         c0:cf:7b:99:c9:26:e6:46:97:84:a3:76:41:02:34:1c:47:d3:
         e3:1d:c2:2e:b3:67:2a:53:23:c5:8a:fe:60:c8:6f:9b:66:ea:
         60:1d:86:57:08:9c:48:47:9d:2c:5a:a0:5f:c3:6f:72:7b:68:
         b1:71:78:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbzBoqgLBuS9PjkBw3wI1UNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNTIxMTMyNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjI3NjE3MDRmOTE1NGJkYzZjYmFiZWE0OGJkNGIzYzAzMmM3NGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmv9ghuyfqezPoTyPVUaYf49m9zq
uswjHXpBEIlop5x+QvxR8RaDpYWEieiA6gFdUnc+ZWXN32aMrxsbfUwfi0gzudvL
6HP6gcvCEwXs+gKdIGjbUBLCFUrq6eh5T4sp2AjVLZKSR4kWnJhMASbtc8c6YFdj
P5yv0E7zoZfyorYgxB8MWO65VTCS0AtbkW1PpisnRoWYsdpsbdibPXzGsZZIigWD
amVBfw9Z+YRV01XMOMWaOG5x9s1nR5TmBmu5cUuAMFxuwnJNXRdNNM2h2GF2Yk2G
H4gGaPBNhAE2EZ+ODgGZc9B4fsYezY1Up69yz4QbsTFzfy8UTgNio3GujQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsnYXBPkVS9xsur6ki9SzwDLHTXMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvS3lkaGNFLVJWTDNHeTZ2cVNMMUxQQU1zZE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXtMA0G
CSqGSIb3DQEBCwUAA4IBAQAbPVYAk3uvpqPmr9uNKi4zqNfsXVoffabRa7l6OBxQ
Mmsw7LIadD9xr2PW5ZA6DoDSNcH4Vt7i0A0MESZ3/LWwItSS+O68ZqpSIDX1LTgi
0LPIR9LEYj843oNdq1r7LJaAo54C+FDYS+nytNp22dxktAeLlIBknL3ZerI0T8tZ
05HAimj32hNrFgZ7YWs/EFq1luV0w4jfXa+XAzRjs4LjFssi3W42KqitrIGWBRLm
XeSvOM9HR8YSSw86tEBNQUk4XVXXfuTAz3uZySbmRpeEo3ZBAjQcR9PjHcIus2cq
UyPFiv5gyG+bZupgHYZXCJxIR50sWqBfw29ye2ixcXiz
-----END CERTIFICATE-----