Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Rj-GqYr8puL67oELrPuIcViZvro.roa
File:                     Rj-GqYr8puL67oELrPuIcViZvro.roa (raw, json)
Hash identifier:          YwsNEms/CN4e9qbk6CfciW0ElUAOUH/HVOcpnz42LOU=
Subject key identifier:   46:3F:86:A9:8A:FC:A6:E2:FA:EE:81:0B:AC:FB:88:71:58:99:BE:BA
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CE1C2E39CF9EA5CA255B9E971BCA2AE59
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Rj-GqYr8puL67oELrPuIcViZvro.roa
Signing time:             Thu 12 Mar 2026 11:16:11 +0000
ROA not before:           Thu 12 Mar 2026 11:16:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216475
IP address blocks:        163.5.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 15:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:c2:e3:9c:f9:ea:5c:a2:55:b9:e9:71:bc:a2:ae:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 12 11:16:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=463f86a98afca6e2faee810bacfb88715899beba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f0:89:8c:89:3b:89:0c:8a:ab:a9:3e:24:c6:
                    1e:6f:a0:29:77:2e:4e:ed:d9:10:cb:82:f9:bb:e4:
                    00:51:08:4d:3d:98:7d:82:20:51:46:56:60:3b:22:
                    e8:1d:76:0e:43:70:24:67:51:c8:04:58:03:04:c6:
                    f6:26:60:ac:ee:26:15:6b:10:94:f8:47:33:b5:30:
                    5c:85:00:46:d4:ee:e4:79:0b:b2:52:a7:f3:a1:72:
                    55:23:a8:c6:af:04:3a:0c:3a:e9:b0:6a:f7:b2:70:
                    94:15:58:67:a5:5f:d8:aa:59:11:1b:ed:f0:78:41:
                    1b:df:ba:8c:9a:37:01:f3:90:cc:a9:55:48:0e:f2:
                    10:19:00:03:d8:ec:a5:28:7f:78:69:23:11:3b:3e:
                    70:d8:6f:eb:d2:a4:d3:dd:85:0c:c2:b5:21:9a:2d:
                    12:cd:8a:29:3a:7d:28:be:31:e8:c9:fe:fa:95:36:
                    8b:82:1f:2d:c1:97:80:2a:73:c3:43:19:d7:25:1f:
                    13:29:16:44:24:de:17:43:c2:c1:bc:ad:47:60:98:
                    29:6a:4b:1a:d6:bb:b9:ca:c5:cf:fb:42:21:6a:e8:
                    40:fc:d3:97:78:25:dd:b9:9c:8f:7a:ac:e1:54:42:
                    0a:ba:93:a9:4f:88:15:d4:88:35:f2:e5:4e:ea:1b:
                    55:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:3F:86:A9:8A:FC:A6:E2:FA:EE:81:0B:AC:FB:88:71:58:99:BE:BA
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Rj-GqYr8puL67oELrPuIcViZvro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:d8:66:77:7c:30:3e:4c:d0:9a:4a:5f:51:e4:e4:66:a8:9e:
         0a:91:ff:a0:bb:d9:9b:72:99:a6:a1:32:a5:ef:84:60:9a:f2:
         9c:ba:b9:ea:1a:bc:29:d2:d5:d0:1d:27:49:b2:fe:6e:8e:2b:
         f2:f1:d2:a8:d6:da:a9:5b:f7:96:6e:e2:89:bd:19:be:4b:8e:
         6f:8b:68:83:57:21:2b:3f:9f:33:fe:73:aa:30:c8:97:e5:f6:
         06:0a:ab:a1:f0:17:ee:46:cf:39:de:6f:9c:29:a5:b2:60:f4:
         04:38:a5:71:b6:b1:4a:52:5c:5e:72:0f:ad:4b:4e:63:d5:42:
         e2:63:a5:eb:1e:53:49:35:70:2f:65:80:e1:b1:1c:79:18:a3:
         16:23:fa:2d:3d:07:e7:b7:fc:20:3c:41:05:8b:4b:87:84:c2:
         5b:85:ac:cd:0a:a8:b1:4b:c0:65:cf:ac:f1:ff:a8:90:0e:4e:
         f2:89:64:b2:3d:50:eb:fd:d2:43:30:03:3f:ed:28:0b:a5:22:
         3a:b7:cd:06:9e:31:55:70:4c:4f:67:44:98:42:5f:57:9e:6c:
         87:ba:99:bd:84:79:fe:3f:f1:cb:83:ce:e7:11:00:d9:76:03:
         1c:dd:47:d4:ca:09:78:9e:a1:f1:0a:af:c0:dd:9f:58:d3:33:
         2d:a0:e4:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzhwuOc+epcolW56XG8oq5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzEyMTExNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjNmODZhOThhZmNhNmUyZmFlZTgxMGJhY2ZiODg3MTU4OTliZWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/CJjIk7iQyKq6k+JMYeb6Apdy5O
7dkQy4L5u+QAUQhNPZh9giBRRlZgOyLoHXYOQ3AkZ1HIBFgDBMb2JmCs7iYVaxCU
+EcztTBchQBG1O7keQuyUqfzoXJVI6jGrwQ6DDrpsGr3snCUFVhnpV/YqlkRG+3w
eEEb37qMmjcB85DMqVVIDvIQGQAD2OylKH94aSMROz5w2G/r0qTT3YUMwrUhmi0S
zYopOn0ovjHoyf76lTaLgh8twZeAKnPDQxnXJR8TKRZEJN4XQ8LBvK1HYJgpaksa
1ru5ysXP+0IhauhA/NOXeCXduZyPeqzhVEIKupOpT4gV1Ig18uVO6htVuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEY/hqmK/Kbi+u6BC6z7iHFYmb66MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUmotR3FZcjhwdUw2N29FTHJQdUljVmladnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUrMA0G
CSqGSIb3DQEBCwUAA4IBAQA52GZ3fDA+TNCaSl9R5ORmqJ4Kkf+gu9mbcpmmoTKl
74RgmvKcurnqGrwp0tXQHSdJsv5ujivy8dKo1tqpW/eWbuKJvRm+S45vi2iDVyEr
P58z/nOqMMiX5fYGCquh8BfuRs853m+cKaWyYPQEOKVxtrFKUlxecg+tS05j1ULi
Y6XrHlNJNXAvZYDhsRx5GKMWI/otPQfnt/wgPEEFi0uHhMJbhazNCqixS8Blz6zx
/6iQDk7yiWSyPVDr/dJDMAM/7SgLpSI6t80GnjFVcExPZ0SYQl9XnmyHupm9hHn+
P/HLg87nEQDZdgMc3UfUygl4nqHxCq/A3Z9Y0zMtoOSg
-----END CERTIFICATE-----