Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Z1Myvf-ZaDN1LCZgpzVK59FB-HE.roa
File:                     Z1Myvf-ZaDN1LCZgpzVK59FB-HE.roa (raw, json)
Hash identifier:          7BzwjHk2esCteWDstHhEBZQCQ0lClTU+2y4rrUXTm4c=
Subject key identifier:   67:53:32:BD:FF:99:68:33:75:2C:26:60:A7:35:4A:E7:D1:41:F8:71
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019DB457D04FF46258AFD6D47E9113BFD4AE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Z1Myvf-ZaDN1LCZgpzVK59FB-HE.roa
Signing time:             Wed 22 Apr 2026 08:39:07 +0000
ROA not before:           Wed 22 Apr 2026 08:39:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13537
IP address blocks:        163.5.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 May 2026 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:57:d0:4f:f4:62:58:af:d6:d4:7e:91:13:bf:d4:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 22 08:39:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=675332bdff996833752c2660a7354ae7d141f871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c1:16:3f:c8:33:5f:ee:86:ef:cb:32:b0:a0:
                    21:5d:53:e7:09:67:d3:ce:19:23:78:68:1a:82:ed:
                    32:bd:77:0c:4e:e8:6f:a0:cf:27:a9:3b:40:9f:6e:
                    64:d3:6c:81:db:fa:3f:ca:ad:80:f4:0b:74:d7:b0:
                    85:df:52:a6:ba:64:da:0a:cf:a5:9c:9a:13:4a:96:
                    fd:35:a7:22:79:e4:c4:ff:d7:db:aa:ef:ba:e3:f5:
                    a8:03:ba:90:81:bc:ac:e8:8d:97:6d:48:a4:e1:1f:
                    21:80:7b:b1:f9:54:6a:b8:ef:4a:48:b0:d1:da:97:
                    ad:bd:67:fc:3f:a1:75:89:b4:a1:18:2c:2a:62:2e:
                    9f:f0:8b:4c:a7:bc:af:c7:36:43:3e:12:2f:16:19:
                    a4:da:2e:04:12:40:0e:eb:ef:4e:70:cf:e4:8d:d5:
                    f6:9a:83:c3:fa:b4:65:b8:a3:41:63:46:df:1e:6b:
                    5e:ea:0d:d3:90:d1:6a:4f:11:23:39:6e:7d:b7:08:
                    6e:99:4d:24:c2:25:1e:a9:8d:66:93:cb:1b:cd:d4:
                    2e:48:0a:29:af:be:5e:00:ab:b3:8b:83:aa:bf:f7:
                    c3:55:3d:92:e2:f9:3a:9d:9e:30:0d:42:29:be:72:
                    c1:43:d5:3a:79:b8:a1:70:9c:53:9a:20:4a:7a:6b:
                    e4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:53:32:BD:FF:99:68:33:75:2C:26:60:A7:35:4A:E7:D1:41:F8:71
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Z1Myvf-ZaDN1LCZgpzVK59FB-HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:11:fe:1c:24:5d:5d:1b:b7:b5:64:53:b3:9c:82:85:62:4e:
         5f:80:de:73:f8:6b:90:38:91:fe:42:b4:85:f2:53:84:36:87:
         29:df:cf:99:32:13:1a:08:68:16:1f:c1:bf:db:1d:25:8b:02:
         13:4d:26:16:12:a3:e3:66:3e:c9:cf:f1:45:73:7e:d2:b1:46:
         51:02:c1:09:05:08:d2:3c:cd:af:26:96:48:ac:c8:d9:a7:0f:
         e8:8a:cb:3c:54:79:f4:11:40:79:e4:a3:4e:f2:a9:97:a6:18:
         97:b1:a5:3c:59:b5:e8:44:b9:2e:0b:d4:30:36:b7:98:44:7c:
         3c:15:32:c3:49:5c:57:e7:e8:d6:4d:fe:55:7b:73:4a:24:3a:
         c3:8a:38:29:23:26:ac:37:41:fb:76:0d:f6:72:ec:63:87:aa:
         8a:a4:88:4f:92:fa:6b:39:1f:a4:e1:b5:0f:1d:32:16:e7:e8:
         f4:33:3f:e0:65:5c:29:07:75:98:a1:6c:e7:64:91:0a:78:e6:
         14:53:f4:f6:2d:44:4e:ca:62:82:b3:44:51:1a:da:d1:3e:8c:
         f7:00:3d:25:33:69:3c:7a:d1:70:61:39:ba:17:42:2b:7b:0b:
         cc:34:1f:59:57:4a:41:b6:ca:f5:d9:5f:a8:f8:32:e2:86:81:
         15:49:b4:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20V9BP9GJYr9bUfpETv9SuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDIyMDgzOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzUzMzJiZGZmOTk2ODMzNzUyYzI2NjBhNzM1NGFlN2QxNDFmODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8EWP8gzX+6G78sysKAhXVPnCWfT
zhkjeGgagu0yvXcMTuhvoM8nqTtAn25k02yB2/o/yq2A9At017CF31KmumTaCs+l
nJoTSpb9NacieeTE/9fbqu+64/WoA7qQgbys6I2XbUik4R8hgHux+VRquO9KSLDR
2petvWf8P6F1ibShGCwqYi6f8ItMp7yvxzZDPhIvFhmk2i4EEkAO6+9OcM/kjdX2
moPD+rRluKNBY0bfHmte6g3TkNFqTxEjOW59twhumU0kwiUeqY1mk8sbzdQuSAop
r75eAKuzi4Oqv/fDVT2S4vk6nZ4wDUIpvnLBQ9U6ebihcJxTmiBKemvkVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdTMr3/mWgzdSwmYKc1SufRQfhxMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWjFNeXZmLVphRE4xTENaZ3B6Vks1OUZCLUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXIMA0G
CSqGSIb3DQEBCwUAA4IBAQCKEf4cJF1dG7e1ZFOznIKFYk5fgN5z+GuQOJH+QrSF
8lOENocp38+ZMhMaCGgWH8G/2x0liwITTSYWEqPjZj7Jz/FFc37SsUZRAsEJBQjS
PM2vJpZIrMjZpw/oiss8VHn0EUB55KNO8qmXphiXsaU8WbXoRLkuC9QwNreYRHw8
FTLDSVxX5+jWTf5Ve3NKJDrDijgpIyasN0H7dg32cuxjh6qKpIhPkvprOR+k4bUP
HTIW5+j0Mz/gZVwpB3WYoWznZJEKeOYUU/T2LUROymKCs0RRGtrRPoz3AD0lM2k8
etFwYTm6F0IrewvMNB9ZV0pBtsr12V+o+DLihoEVSbSX
-----END CERTIFICATE-----