Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UXyKSyk65u1apEcTqPEMEyWr3iw.roa
File:                     UXyKSyk65u1apEcTqPEMEyWr3iw.roa (raw, json)
Hash identifier:          g38+5sei5yEMdFDKPqaZlCbquIe7RVBnNAnwCci7y/o=
Subject key identifier:   51:7C:8A:4B:29:3A:E6:ED:5A:A4:47:13:A8:F1:0C:13:25:AB:DE:2C
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019C4C2B51D5F5A5A2459BE50CB9BFF2B7BB
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UXyKSyk65u1apEcTqPEMEyWr3iw.roa
Signing time:             Wed 11 Feb 2026 10:07:13 +0000
ROA not before:           Wed 11 Feb 2026 10:07:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209829
IP address blocks:        163.5.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 19:57:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4c:2b:51:d5:f5:a5:a2:45:9b:e5:0c:b9:bf:f2:b7:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 11 10:07:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=517c8a4b293ae6ed5aa44713a8f10c1325abde2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a2:94:e5:90:1a:7c:20:1c:5a:45:17:65:ba:
                    af:a0:c0:9d:3e:8d:f7:f7:4e:12:2c:f5:57:28:4e:
                    84:3c:50:71:1f:05:91:bf:2d:2c:93:9d:de:7e:c1:
                    b7:28:80:9c:8c:c9:57:59:82:30:c5:87:e3:6b:a2:
                    07:9a:45:80:f1:70:9b:0e:46:5f:e1:02:87:77:51:
                    6d:a2:0b:dc:79:78:da:b8:d8:a2:1e:8f:5a:61:08:
                    e4:35:8b:ba:69:0e:78:ff:1c:d9:90:2a:98:f1:1f:
                    77:df:20:5a:d3:f7:d0:04:fd:5f:66:8a:e4:5d:c4:
                    81:65:ed:e4:4f:e7:76:fd:9a:24:c3:2e:89:c7:f0:
                    2a:a7:74:9e:d5:f4:9d:ab:e2:7f:1a:1d:5a:fd:db:
                    b3:34:5d:91:cb:c6:a4:bf:7e:b9:c2:50:72:30:63:
                    4e:2f:42:39:f2:7e:ba:89:fc:3b:1b:97:d8:7d:d2:
                    ce:50:64:76:0a:8f:67:a4:e9:a0:5d:dd:6e:a8:16:
                    5d:99:20:33:d9:fd:a6:05:f2:1b:64:4e:38:44:13:
                    37:07:4a:0b:32:df:62:6b:01:6a:76:32:50:14:1c:
                    de:cc:d9:e6:08:86:13:4d:12:c4:b0:4d:d6:63:13:
                    9f:95:0b:eb:41:fe:67:5e:7c:32:e9:25:b7:c1:4e:
                    2e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:7C:8A:4B:29:3A:E6:ED:5A:A4:47:13:A8:F1:0C:13:25:AB:DE:2C
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UXyKSyk65u1apEcTqPEMEyWr3iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:a5:70:8e:8a:6c:6e:14:97:3a:14:75:0a:6f:96:ed:e3:3e:
         98:58:2e:a1:c1:77:66:53:cc:a1:70:e8:29:55:39:e4:67:95:
         a2:d5:e5:98:9b:6e:a2:0f:5c:25:91:15:f7:e5:b8:ea:72:e6:
         3f:04:9c:18:ac:21:42:5b:ca:8a:3a:08:fa:db:50:46:99:a0:
         94:fb:1e:aa:31:a8:bd:02:40:f6:94:42:b5:29:0a:d0:d1:8b:
         f8:d1:a0:36:bb:36:29:72:0c:64:a4:90:e4:d4:6f:74:ed:fe:
         1f:1c:15:3e:79:d7:77:21:4a:e6:ee:d9:1e:62:a4:98:fa:09:
         e7:a9:ee:49:47:df:b8:59:76:2f:e1:2b:87:16:62:5f:52:d9:
         3a:c5:20:e4:9e:9f:7a:e9:27:70:1f:b4:04:66:8f:23:c7:42:
         4a:ec:1a:9a:81:5b:9e:2d:c4:47:1b:6a:be:b9:89:5e:8e:bc:
         38:eb:50:7d:27:bd:4a:99:47:e0:af:d5:55:b1:bd:ac:bc:b5:
         32:61:6a:a3:e5:a5:50:33:14:ad:03:31:1d:f0:65:ff:64:09:
         5c:9e:d0:99:53:e2:e2:e0:f5:8a:3e:7c:1c:46:39:fe:a9:9d:
         56:e1:06:15:35:75:a2:e9:47:b0:42:35:08:10:be:97:f2:ac:
         45:54:ad:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxMK1HV9aWiRZvlDLm/8re7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMjExMTAwNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTdjOGE0YjI5M2FlNmVkNWFhNDQ3MTNhOGYxMGMxMzI1YWJkZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKKU5ZAafCAcWkUXZbqvoMCdPo33
904SLPVXKE6EPFBxHwWRvy0sk53efsG3KICcjMlXWYIwxYfja6IHmkWA8XCbDkZf
4QKHd1FtogvceXjauNiiHo9aYQjkNYu6aQ54/xzZkCqY8R933yBa0/fQBP1fZork
XcSBZe3kT+d2/Zokwy6Jx/Aqp3Se1fSdq+J/Gh1a/duzNF2Ry8akv365wlByMGNO
L0I58n66ifw7G5fYfdLOUGR2Co9npOmgXd1uqBZdmSAz2f2mBfIbZE44RBM3B0oL
Mt9iawFqdjJQFBzezNnmCIYTTRLEsE3WYxOflQvrQf5nXnwy6SW3wU4u4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFF8ikspOubtWqRHE6jxDBMlq94sMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVVh5S1N5azY1dTFhcEVjVHFQRU1FeVdyM2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXlMA0G
CSqGSIb3DQEBCwUAA4IBAQBopXCOimxuFJc6FHUKb5bt4z6YWC6hwXdmU8yhcOgp
VTnkZ5Wi1eWYm26iD1wlkRX35bjqcuY/BJwYrCFCW8qKOgj621BGmaCU+x6qMai9
AkD2lEK1KQrQ0Yv40aA2uzYpcgxkpJDk1G907f4fHBU+edd3IUrm7tkeYqSY+gnn
qe5JR9+4WXYv4SuHFmJfUtk6xSDknp966SdwH7QEZo8jx0JK7BqagVueLcRHG2q+
uYlejrw461B9J71KmUfgr9VVsb2svLUyYWqj5aVQMxStAzEd8GX/ZAlcntCZU+Li
4PWKPnwcRjn+qZ1W4QYVNXWi6UewQjUIEL6X8qxFVK3q
-----END CERTIFICATE-----