Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/PbDq3xVgqO-bF9XONRRddw494RM.roa
File:                     PbDq3xVgqO-bF9XONRRddw494RM.roa (raw, json)
Hash identifier:          6i5k3ofonD+ejlnDYJMtMiIL5cGdm4HLZHZp8Uw+N/Y=
Subject key identifier:   3D:B0:EA:DF:15:60:A8:EF:9B:17:D5:CE:35:14:5D:77:0E:3D:E1:13
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019A355AF926FAEF4050B4F5A7A9B8EC7876
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/PbDq3xVgqO-bF9XONRRddw494RM.roa
Signing time:             Thu 30 Oct 2025 13:42:25 +0000
ROA not before:           Thu 30 Oct 2025 13:42:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        163.5.104.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24
                          163.5.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Nov 2025 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:35:5a:f9:26:fa:ef:40:50:b4:f5:a7:a9:b8:ec:78:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct 30 13:42:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3db0eadf1560a8ef9b17d5ce35145d770e3de113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:52:c3:54:9b:b1:70:8c:fa:58:dc:93:c7:7e:
                    3c:2d:39:7f:c9:40:15:ac:0d:28:79:7e:1f:1f:92:
                    1c:83:63:29:8f:0d:71:02:b4:ab:a5:aa:ef:f1:f2:
                    eb:58:99:e2:1b:ff:11:84:e5:ca:ce:f8:bd:9a:42:
                    98:da:6a:5f:fc:a1:bf:13:61:0b:39:2b:13:78:a6:
                    84:50:0e:6c:df:c3:fb:aa:b4:00:fc:6b:c3:e1:6f:
                    c8:99:78:01:c7:dc:40:6d:f6:74:50:b9:7e:8f:5e:
                    1c:52:e5:82:61:4a:a6:13:85:4b:c7:5c:e3:b1:a4:
                    3d:1e:fe:3b:95:db:3f:cb:b8:2e:b0:b0:d7:fd:cb:
                    ea:0c:35:37:33:cb:bd:2e:eb:f0:b4:98:7b:1c:af:
                    2f:8a:03:c4:25:a1:2f:0e:66:0a:ec:8e:25:b6:a1:
                    34:af:af:1f:e5:68:70:74:be:df:d9:5f:56:ea:8d:
                    ef:d8:a1:21:09:2c:6c:d8:35:05:93:19:88:d4:a6:
                    22:89:d9:30:d4:2b:54:e6:25:6c:b2:7d:b0:dd:ab:
                    e3:6b:f2:e4:46:0e:31:73:9a:cf:68:58:47:d2:01:
                    f5:3f:25:23:f9:9d:62:2f:88:45:c6:9a:47:7e:28:
                    d0:49:0a:ad:9d:b5:76:cc:28:31:21:49:c7:dd:5f:
                    bf:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B0:EA:DF:15:60:A8:EF:9B:17:D5:CE:35:14:5D:77:0E:3D:E1:13
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/PbDq3xVgqO-bF9XONRRddw494RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.104.0/24
                  163.5.118.0/24
                  163.5.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:61:d6:c4:6e:ef:b5:aa:3d:f8:38:47:92:b3:87:4a:6a:db:
         22:2c:fc:17:9a:47:3e:4c:92:58:1e:52:6c:16:29:98:14:df:
         ba:b5:97:10:bb:1f:b3:8f:63:4f:94:2e:55:b7:17:95:a7:a3:
         93:95:7e:e3:7b:e4:32:dc:e3:2f:6b:1d:e7:bd:c8:96:c4:98:
         84:e9:09:09:58:5f:15:5b:39:62:56:9d:74:2e:2d:9c:b9:8d:
         60:58:3d:a9:02:58:7e:2b:d7:a1:5b:78:db:c6:50:45:03:fa:
         54:52:5d:45:c9:56:e8:b4:a7:2b:c6:62:52:7d:66:3b:80:4a:
         a4:a2:d3:72:53:e6:30:d0:3b:46:31:4d:1c:fe:08:a8:98:53:
         ad:c9:61:52:75:a8:52:d1:40:00:de:e1:ca:da:e4:4d:80:4e:
         02:bd:15:08:36:52:2e:08:90:0d:3b:20:1d:6c:30:47:68:c7:
         02:b2:2c:97:96:4e:fc:0c:b8:f9:d6:e0:b9:4b:62:36:22:8e:
         ae:53:4e:3f:da:6c:70:43:2e:a8:f9:3f:67:a6:f0:d9:50:89:
         c2:bd:d3:b7:61:57:f0:fa:84:fa:3b:80:a9:1d:ae:47:86:85:
         6e:e1:83:2c:aa:a9:ac:30:85:23:3d:83:fb:fd:a5:cd:bd:5e:
         72:9f:5c:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZo1Wvkm+u9AULT1p6m47Hh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUxMDMwMTM0MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGIwZWFkZjE1NjBhOGVmOWIxN2Q1Y2UzNTE0NWQ3NzBlM2RlMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVLDVJuxcIz6WNyTx348LTl/yUAV
rA0oeX4fH5Icg2Mpjw1xArSrparv8fLrWJniG/8RhOXKzvi9mkKY2mpf/KG/E2EL
OSsTeKaEUA5s38P7qrQA/GvD4W/ImXgBx9xAbfZ0ULl+j14cUuWCYUqmE4VLx1zj
saQ9Hv47lds/y7gusLDX/cvqDDU3M8u9LuvwtJh7HK8vigPEJaEvDmYK7I4ltqE0
r68f5WhwdL7f2V9W6o3v2KEhCSxs2DUFkxmI1KYiidkw1CtU5iVssn2w3avja/Lk
Rg4xc5rPaFhH0gH1PyUj+Z1iL4hFxppHfijQSQqtnbV2zCgxIUnH3V+/GQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD2w6t8VYKjvmxfVzjUUXXcOPeETMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUGJEcTN4VmdxTy1iRjlYT05SUmRkdzQ5NFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowVoAwQA
owV2AwQAowXfMA0GCSqGSIb3DQEBCwUAA4IBAQBSYdbEbu+1qj34OEeSs4dKatsi
LPwXmkc+TJJYHlJsFimYFN+6tZcQux+zj2NPlC5VtxeVp6OTlX7je+Qy3OMvax3n
vciWxJiE6QkJWF8VWzliVp10Li2cuY1gWD2pAlh+K9ehW3jbxlBFA/pUUl1FyVbo
tKcrxmJSfWY7gEqkotNyU+Yw0DtGMU0c/giomFOtyWFSdahS0UAA3uHK2uRNgE4C
vRUINlIuCJANOyAdbDBHaMcCsiyXlk78DLj51uC5S2I2Io6uU04/2mxwQy6o+T9n
pvDZUInCvdO3YVfw+oT6O4CpHa5HhoVu4YMsqqmsMIUjPYP7/aXNvV5yn1wo
-----END CERTIFICATE-----