Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/RD1poAQQb7DIpS4kXoTzk1tC12Q.roa
File:                     RD1poAQQb7DIpS4kXoTzk1tC12Q.roa (raw, json)
Hash identifier:          6rnFhhHpBwRHc7dxNkHpd9x257s5rqpjrhBVATX90Co=
Subject key identifier:   44:3D:69:A0:04:10:6F:B0:C8:A5:2E:24:5E:84:F3:93:5B:42:D7:64
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0198E66DAF6A2BD34DCCD31AF897071F3686
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/RD1poAQQb7DIpS4kXoTzk1tC12Q.roa
Signing time:             Tue 26 Aug 2025 12:50:04 +0000
ROA not before:           Tue 26 Aug 2025 12:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216405
IP address blocks:        163.5.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e6:6d:af:6a:2b:d3:4d:cc:d3:1a:f8:97:07:1f:36:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug 26 12:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=443d69a004106fb0c8a52e245e84f3935b42d764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6a:d5:9b:8a:50:cc:5b:32:10:0e:31:5c:08:
                    2d:5d:05:a0:70:e6:70:7e:7a:ad:fd:5c:15:7f:e7:
                    a0:65:a4:a1:42:b8:56:df:3c:bd:7e:5d:e9:22:5b:
                    bd:8a:de:a0:3d:9a:7a:cd:7f:56:25:b8:03:ef:18:
                    3c:a5:7c:9d:02:5f:71:53:94:26:3a:6d:e3:3d:19:
                    85:34:a0:5e:53:3d:4b:d5:5e:44:93:f7:3e:f2:bb:
                    22:d9:58:38:7a:62:cc:d0:17:f0:5f:b7:c7:9e:6e:
                    3c:f4:3e:ce:c3:47:79:c0:05:2c:9a:87:20:50:cc:
                    79:68:9b:8d:ef:bd:b6:f9:68:1d:53:c2:fd:a1:2c:
                    54:ce:cf:69:64:d2:d7:ef:39:7b:47:91:29:71:40:
                    8f:8a:c6:52:86:13:27:20:76:29:6d:bd:76:7d:73:
                    df:7c:06:d2:1f:7b:38:6f:ee:31:16:ee:8b:f0:e6:
                    04:f0:5b:68:84:0a:14:19:e4:85:df:d7:1c:2b:8e:
                    d9:d6:0c:66:48:56:10:55:4c:2c:d5:5a:59:85:8d:
                    40:c1:82:07:a3:f4:17:b7:2c:43:c5:e1:cf:04:49:
                    b6:51:e5:e6:48:cb:e3:4e:77:98:5d:bb:06:dd:ea:
                    31:90:0c:27:bd:97:46:6f:7c:92:9d:73:0c:d1:08:
                    1e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:3D:69:A0:04:10:6F:B0:C8:A5:2E:24:5E:84:F3:93:5B:42:D7:64
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/RD1poAQQb7DIpS4kXoTzk1tC12Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:58:87:94:2e:26:fe:94:e1:c5:f3:00:5e:66:14:8b:ec:45:
         0d:18:cf:d1:e6:40:aa:11:f8:d1:5d:20:77:03:38:d2:47:b5:
         fe:a4:8d:9c:14:62:f3:1e:2f:b3:00:3d:c2:8e:f9:c5:13:3e:
         07:2a:26:f1:86:7f:94:56:02:fd:9b:f9:1e:a8:57:e8:65:73:
         bd:c5:e2:83:33:55:1b:ca:27:53:aa:83:fe:17:33:b3:1b:cd:
         91:d7:80:e9:e6:d0:7a:42:b8:01:fb:5a:65:21:a9:a5:91:7a:
         53:fe:e3:81:dc:1c:56:b6:8f:fa:e5:af:74:93:7e:72:3b:c6:
         43:11:40:d9:89:82:04:3e:a3:3b:82:d0:69:45:1e:bd:31:2d:
         e6:79:7b:48:e2:07:e7:32:67:9d:d9:ed:3a:bd:66:5b:6d:05:
         75:b7:62:67:15:d4:99:df:1a:81:b3:24:58:bd:75:af:b1:8c:
         0c:88:1b:a8:1f:ba:6a:22:09:82:7f:95:86:0b:e0:18:8e:ca:
         0e:36:c1:cb:b6:5c:bd:e4:43:9a:97:56:b9:d9:cf:61:f5:08:
         c7:c9:2e:6e:5f:3d:b1:25:4f:77:d0:d6:c3:b8:08:94:93:a9:
         7b:d4:70:a4:70:9f:9d:a5:d3:2e:36:f0:12:b5:bd:ac:da:d0:
         9b:98:4b:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjmba9qK9NNzNMa+JcHHzaGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwODI2MTI1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDNkNjlhMDA0MTA2ZmIwYzhhNTJlMjQ1ZTg0ZjM5MzViNDJkNzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GrVm4pQzFsyEA4xXAgtXQWgcOZw
fnqt/VwVf+egZaShQrhW3zy9fl3pIlu9it6gPZp6zX9WJbgD7xg8pXydAl9xU5Qm
Om3jPRmFNKBeUz1L1V5Ek/c+8rsi2Vg4emLM0BfwX7fHnm489D7Ow0d5wAUsmocg
UMx5aJuN7722+WgdU8L9oSxUzs9pZNLX7zl7R5EpcUCPisZShhMnIHYpbb12fXPf
fAbSH3s4b+4xFu6L8OYE8FtohAoUGeSF39ccK47Z1gxmSFYQVUws1VpZhY1AwYIH
o/QXtyxDxeHPBEm2UeXmSMvjTneYXbsG3eoxkAwnvZdGb3ySnXMM0QgeTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQ9aaAEEG+wyKUuJF6E85NbQtdkMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUkQxcG9BUVFiN0RJcFM0a1hvVHprMXRDMTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVZMA0G
CSqGSIb3DQEBCwUAA4IBAQCzWIeULib+lOHF8wBeZhSL7EUNGM/R5kCqEfjRXSB3
AzjSR7X+pI2cFGLzHi+zAD3CjvnFEz4HKibxhn+UVgL9m/keqFfoZXO9xeKDM1Ub
yidTqoP+FzOzG82R14Dp5tB6QrgB+1plIamlkXpT/uOB3BxWto/65a90k35yO8ZD
EUDZiYIEPqM7gtBpRR69MS3meXtI4gfnMmed2e06vWZbbQV1t2JnFdSZ3xqBsyRY
vXWvsYwMiBuoH7pqIgmCf5WGC+AYjsoONsHLtly95EOal1a52c9h9QjHyS5uXz2x
JU930NbDuAiUk6l71HCkcJ+dpdMuNvAStb2s2tCbmEvc
-----END CERTIFICATE-----