Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ROAtnCnzTArw7KM5IcOXr-j6arQ.roa
File:                     ROAtnCnzTArw7KM5IcOXr-j6arQ.roa (raw, json)
Hash identifier:          +A8G214aZpdsnAQY/BC/rOWbe4qYWb5e5nvSTdAF6xo=
Subject key identifier:   44:E0:2D:9C:29:F3:4C:0A:F0:EC:A3:39:21:C3:97:AF:E8:FA:6A:B4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01999538FA93165A2B604FFEA77CF3FD8174
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ROAtnCnzTArw7KM5IcOXr-j6arQ.roa
Signing time:             Mon 29 Sep 2025 11:26:03 +0000
ROA not before:           Mon 29 Sep 2025 11:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142111
IP address blocks:        163.5.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Oct 2025 11:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:95:38:fa:93:16:5a:2b:60:4f:fe:a7:7c:f3:fd:81:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 29 11:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44e02d9c29f34c0af0eca33921c397afe8fa6ab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4f:90:eb:08:7b:a0:f3:e6:7c:89:19:c4:75:
                    11:5c:da:18:95:61:69:e0:c7:1b:9d:00:b7:0c:cf:
                    93:ea:db:6e:6e:9d:73:30:a0:5d:a4:c4:e0:78:0a:
                    4e:06:5f:8a:ea:46:6c:0b:20:37:af:6d:be:02:01:
                    1d:d2:5b:7b:36:fd:4f:0c:32:af:0c:a3:8f:3c:17:
                    65:f8:48:98:a4:e8:9f:6d:de:a9:c3:8c:62:bb:75:
                    a1:c0:5d:23:03:11:9f:2c:3b:a3:0a:c6:c1:0d:0f:
                    b5:93:48:81:47:72:4e:19:dc:43:c8:fa:24:4f:84:
                    75:e6:b1:8f:03:99:a4:45:5e:3c:a9:d3:49:f0:fd:
                    7e:a6:9b:a5:2d:04:8c:c9:54:58:ca:5d:01:39:c6:
                    b8:80:19:99:ad:f6:61:05:af:b5:1e:fc:73:13:91:
                    b5:99:48:79:f4:11:cf:e4:78:c3:9f:36:fd:e9:5d:
                    4f:1c:15:ff:0f:62:a0:6a:f2:4f:0a:32:18:6f:6c:
                    d5:13:7f:b5:d1:8c:ce:7d:0b:55:04:36:0c:36:9c:
                    f0:5e:a1:cd:d1:1a:b8:79:31:eb:7d:88:ca:a1:be:
                    41:b8:7a:e1:dc:7b:58:48:6e:02:4e:eb:8b:d3:e4:
                    82:d7:eb:19:aa:c5:4e:96:a9:13:be:4e:e1:ab:b9:
                    49:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:E0:2D:9C:29:F3:4C:0A:F0:EC:A3:39:21:C3:97:AF:E8:FA:6A:B4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ROAtnCnzTArw7KM5IcOXr-j6arQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:21:0b:f9:43:09:be:a9:9b:f7:5b:87:3e:e8:87:10:d6:21:
         92:6c:fa:a9:52:e2:71:fd:b5:cc:f0:e0:66:51:a5:f1:73:6b:
         8d:bc:ab:d3:ef:cf:14:54:f3:b2:eb:d6:be:7b:46:07:2b:f8:
         69:d1:b9:99:21:1d:0f:b5:05:39:fe:97:dc:68:5c:53:83:44:
         30:9a:bf:4e:65:5c:f5:f8:77:7f:c4:d8:5a:43:da:45:20:38:
         cc:b4:81:74:b8:32:0f:6f:3a:b1:15:1e:d4:40:dc:c5:8d:ca:
         3b:08:87:c8:ea:fc:11:2b:20:85:cc:11:c5:14:ac:e0:d3:17:
         a2:6c:36:ea:fb:3c:91:7e:26:64:e6:67:ea:a6:73:ba:70:ad:
         44:bc:22:ca:c1:03:8e:d4:56:7e:7e:bb:57:1b:65:04:c7:f6:
         b9:f7:01:01:e9:58:2c:ed:52:ff:57:17:93:82:f0:dd:64:a9:
         5a:92:0e:d6:30:f7:41:50:23:a8:d5:17:bd:75:8e:5f:d7:4c:
         f8:72:a6:fd:74:c2:aa:74:01:64:eb:fc:01:8b:69:1d:4b:92:
         a2:f2:26:9f:a3:79:ff:25:4e:a9:43:3c:cc:d2:06:ee:85:01:
         cd:be:e1:04:b3:6e:45:56:52:62:b1:fe:1f:b8:31:3a:a5:0b:
         ba:dd:a1:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmVOPqTFlorYE/+p3zz/YF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwOTI5MTEyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGUwMmQ5YzI5ZjM0YzBhZjBlY2EzMzkyMWMzOTdhZmU4ZmE2YWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0+Q6wh7oPPmfIkZxHURXNoYlWFp
4McbnQC3DM+T6ttubp1zMKBdpMTgeApOBl+K6kZsCyA3r22+AgEd0lt7Nv1PDDKv
DKOPPBdl+EiYpOifbd6pw4xiu3WhwF0jAxGfLDujCsbBDQ+1k0iBR3JOGdxDyPok
T4R15rGPA5mkRV48qdNJ8P1+ppulLQSMyVRYyl0BOca4gBmZrfZhBa+1HvxzE5G1
mUh59BHP5HjDnzb96V1PHBX/D2KgavJPCjIYb2zVE3+10YzOfQtVBDYMNpzwXqHN
0Rq4eTHrfYjKob5BuHrh3HtYSG4CTuuL0+SC1+sZqsVOlqkTvk7hq7lJKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETgLZwp80wK8OyjOSHDl6/o+mq0MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUk9BdG5DbnpUQXJ3N0tNNUljT1hyLWo2YXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVPMA0G
CSqGSIb3DQEBCwUAA4IBAQCcIQv5Qwm+qZv3W4c+6IcQ1iGSbPqpUuJx/bXM8OBm
UaXxc2uNvKvT788UVPOy69a+e0YHK/hp0bmZIR0PtQU5/pfcaFxTg0Qwmr9OZVz1
+Hd/xNhaQ9pFIDjMtIF0uDIPbzqxFR7UQNzFjco7CIfI6vwRKyCFzBHFFKzg0xei
bDbq+zyRfiZk5mfqpnO6cK1EvCLKwQOO1FZ+frtXG2UEx/a59wEB6Vgs7VL/VxeT
gvDdZKlakg7WMPdBUCOo1Re9dY5f10z4cqb9dMKqdAFk6/wBi2kdS5Ki8iafo3n/
JU6pQzzM0gbuhQHNvuEEs25FVlJisf4fuDE6pQu63aH7
-----END CERTIFICATE-----