Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/XoPbI-HlSTZkAaChjT54mn-JIAo.roa
File:                     XoPbI-HlSTZkAaChjT54mn-JIAo.roa (raw, json)
Hash identifier:          WkpjJbzPiRU0TVa4hEPMPSlHtkupP6gGgMtgob5KwOw=
Subject key identifier:   5E:83:DB:23:E1:E5:49:36:64:01:A0:A1:8D:3E:78:9A:7F:89:20:0A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019875748E426EF0A3AED0B0C809AA650328
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/XoPbI-HlSTZkAaChjT54mn-JIAo.roa
Signing time:             Mon 04 Aug 2025 14:20:29 +0000
ROA not before:           Mon 04 Aug 2025 14:20:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        163.5.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:74:8e:42:6e:f0:a3:ae:d0:b0:c8:09:aa:65:03:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug  4 14:20:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e83db23e1e549366401a0a18d3e789a7f89200a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:c3:95:b1:82:b4:90:72:ce:8a:59:fd:02:ca:
                    b3:90:ca:a0:89:22:85:e9:98:83:bc:aa:74:0f:7d:
                    37:d5:87:c9:a0:b8:0c:47:b8:27:6c:69:d1:26:7e:
                    9f:d6:d7:8c:e5:08:50:24:46:57:b3:ec:63:69:82:
                    95:0c:0c:5e:b0:95:f2:59:eb:f8:ee:58:eb:de:44:
                    08:5b:13:0c:84:c1:8c:1b:fe:64:fc:9a:7e:21:0c:
                    e2:85:cb:c3:28:b7:26:2f:6b:2c:e5:76:64:35:ee:
                    c9:c2:24:08:5f:b3:07:16:dd:0a:f5:4b:f0:52:e3:
                    44:d7:03:fd:1c:8f:90:6c:e1:fc:22:7a:fc:e4:31:
                    ce:2a:b6:06:05:d0:e6:a4:a0:a9:78:24:a7:3b:43:
                    7c:8b:e4:46:33:15:c0:b8:a8:35:c7:51:11:38:9a:
                    9d:26:51:79:24:97:84:09:a1:66:52:ca:ab:04:1a:
                    17:95:30:c5:ac:55:7c:78:2e:05:85:b4:ec:ed:5f:
                    e6:b8:b5:a4:7e:e6:f8:92:c8:37:d8:61:ca:31:e1:
                    28:b2:24:9d:6d:14:c7:9b:4a:ea:87:a6:4d:2f:ac:
                    49:9c:0c:88:00:7f:99:60:07:d6:ef:f7:56:45:02:
                    2d:45:cb:14:d0:60:ef:1c:fa:01:90:20:7e:f4:2f:
                    e6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:83:DB:23:E1:E5:49:36:64:01:A0:A1:8D:3E:78:9A:7F:89:20:0A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/XoPbI-HlSTZkAaChjT54mn-JIAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:8d:1e:05:30:84:f9:ce:73:dc:60:6b:88:dc:95:7c:74:d0:
         3f:ae:e2:5a:85:dc:a3:cc:2b:d1:1d:91:75:fd:c5:b0:3e:e1:
         48:21:74:6c:95:f6:e6:13:bc:60:94:73:be:79:20:3a:81:0d:
         25:00:1d:ac:f7:42:a2:00:7d:90:b4:cf:b2:ba:31:52:cb:7a:
         2a:61:d8:32:e9:ff:5a:85:ea:94:94:66:6f:d8:bd:41:ea:cb:
         9e:c3:62:ab:ce:6f:de:87:68:b4:f5:4e:f0:e9:d9:6a:a2:db:
         4e:5e:0b:6d:61:e7:2c:2e:7f:9f:8f:fd:44:53:91:23:b6:e8:
         34:5c:d9:28:dd:bf:67:8a:f2:7a:0b:80:5f:4a:b5:36:3e:19:
         2f:7e:a7:92:2c:3a:2a:34:26:ea:48:ac:cc:cc:e4:14:15:e3:
         fe:9d:af:99:5b:2b:21:d4:c0:fa:21:1d:8d:57:31:d5:39:21:
         03:fe:9f:aa:da:0d:a6:ef:1d:57:73:de:43:67:a9:e6:17:0b:
         8b:e1:b7:14:22:2c:b2:de:2e:45:86:dc:10:b6:a4:58:df:ec:
         eb:8a:0a:4f:09:b9:82:f2:51:b5:8a:55:01:25:0b:f7:1e:18:
         58:33:62:ef:09:d4:54:67:53:cc:2b:e1:2a:be:a8:f1:79:c7:
         7f:ac:02:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh1dI5CbvCjrtCwyAmqZQMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwODA0MTQyMDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTgzZGIyM2UxZTU0OTM2NjQwMWEwYTE4ZDNlNzg5YTdmODkyMDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9sOVsYK0kHLOiln9AsqzkMqgiSKF
6ZiDvKp0D3031YfJoLgMR7gnbGnRJn6f1teM5QhQJEZXs+xjaYKVDAxesJXyWev4
7ljr3kQIWxMMhMGMG/5k/Jp+IQzihcvDKLcmL2ss5XZkNe7JwiQIX7MHFt0K9Uvw
UuNE1wP9HI+QbOH8Inr85DHOKrYGBdDmpKCpeCSnO0N8i+RGMxXAuKg1x1EROJqd
JlF5JJeECaFmUsqrBBoXlTDFrFV8eC4FhbTs7V/muLWkfub4ksg32GHKMeEosiSd
bRTHm0rqh6ZNL6xJnAyIAH+ZYAfW7/dWRQItRcsU0GDvHPoBkCB+9C/mSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6D2yPh5Uk2ZAGgoY0+eJp/iSAKMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWG9QYkktSGxTVFprQWFDaGpUNTRtbi1KSUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVCMA0G
CSqGSIb3DQEBCwUAA4IBAQApjR4FMIT5znPcYGuI3JV8dNA/ruJahdyjzCvRHZF1
/cWwPuFIIXRslfbmE7xglHO+eSA6gQ0lAB2s90KiAH2QtM+yujFSy3oqYdgy6f9a
heqUlGZv2L1B6suew2Krzm/eh2i09U7w6dlqottOXgttYecsLn+fj/1EU5Ejtug0
XNko3b9nivJ6C4BfSrU2PhkvfqeSLDoqNCbqSKzMzOQUFeP+na+ZWysh1MD6IR2N
VzHVOSED/p+q2g2m7x1Xc95DZ6nmFwuL4bcUIiyy3i5FhtwQtqRY3+zrigpPCbmC
8lG1ilUBJQv3HhhYM2LvCdRUZ1PMK+Eqvqjxecd/rAJE
-----END CERTIFICATE-----