Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ZCiSX7Zgb46dLwxexRii_GvoxKA.roa
File:                     ZCiSX7Zgb46dLwxexRii_GvoxKA.roa (raw, json)
Hash identifier:          +mOYi4rfI7bcij422helTcLs97eBvBjzRKMO+j3g8cw=
Subject key identifier:   64:28:92:5F:B6:60:6F:8E:9D:2F:0C:5E:C5:18:A2:FC:6B:E8:C4:A0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019DBF86106C0BA9F6738846A4E0C4E315AE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ZCiSX7Zgb46dLwxexRii_GvoxKA.roa
Signing time:             Fri 24 Apr 2026 12:45:27 +0000
ROA not before:           Fri 24 Apr 2026 12:45:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142146
IP address blocks:        163.5.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:86:10:6c:0b:a9:f6:73:88:46:a4:e0:c4:e3:15:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 24 12:45:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6428925fb6606f8e9d2f0c5ec518a2fc6be8c4a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:92:9c:9b:b1:11:77:2d:05:0b:f8:1f:5d:85:
                    11:7e:ee:e3:ec:2a:4e:bf:7f:a8:36:31:a5:08:1c:
                    ec:62:0d:5f:cc:2c:d3:09:a0:41:8d:99:91:86:21:
                    12:d3:b0:73:fe:e8:6d:fb:f9:e0:6e:5e:ca:f5:8b:
                    3f:68:37:5e:5d:15:d6:74:4e:8b:4e:24:f9:f1:e9:
                    a4:bc:b3:cd:ac:27:c3:4a:ff:27:e0:89:9d:dd:63:
                    9d:3b:2a:55:9f:46:94:37:2f:f3:c1:9d:12:b9:2c:
                    a8:ea:48:19:5e:82:fd:8d:01:fa:e9:f1:da:2c:7e:
                    a6:83:dd:e7:bd:57:2c:32:b6:63:fc:c6:33:1f:e1:
                    3a:51:b8:8e:7f:6e:24:ed:0c:41:ab:ee:7a:b6:3a:
                    91:4d:c1:86:a0:95:26:18:40:32:cd:37:01:d8:13:
                    20:60:95:4b:ae:64:bd:e0:f9:ba:01:3f:15:39:b4:
                    c0:ac:a9:5e:32:c1:95:4e:fc:32:37:d3:ae:72:cc:
                    21:ff:4f:8e:39:33:43:6c:85:75:78:2e:13:c0:6e:
                    48:56:53:a2:70:62:ac:a9:bd:2e:bb:e8:c1:23:54:
                    97:53:e1:43:9c:8a:7b:cb:3d:48:be:7b:72:3d:31:
                    cb:bd:2f:1e:2f:37:bd:9c:7e:c7:d2:77:3d:1f:be:
                    73:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:28:92:5F:B6:60:6F:8E:9D:2F:0C:5E:C5:18:A2:FC:6B:E8:C4:A0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ZCiSX7Zgb46dLwxexRii_GvoxKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:6e:7d:40:c2:08:24:41:ad:c1:cd:c7:7b:07:fb:97:f6:e9:
         9c:b7:2f:d4:ab:f3:9d:ee:ff:ef:c9:89:87:34:07:95:9f:bb:
         0d:a6:e2:2a:b4:19:ec:5e:7e:e2:e7:b2:59:84:6d:1e:a7:91:
         b5:bd:41:3b:41:82:85:d9:8b:ec:a9:74:e8:b8:62:c5:4a:2a:
         a1:51:bd:07:b0:ee:24:9f:ae:a7:4d:b2:c7:98:13:3b:c8:6e:
         b4:36:af:b2:27:21:ce:04:3c:08:67:29:6a:bd:7b:85:5f:87:
         9d:ba:e0:ab:fc:b4:d9:22:23:a6:1f:57:9a:20:19:00:ba:5f:
         df:ea:5c:c5:52:8c:77:9e:73:39:1e:c3:f5:2a:44:78:ff:e7:
         f3:ab:d9:ae:74:96:d1:e5:1a:3a:b5:dc:9f:69:f6:b9:6d:fa:
         9f:24:e8:49:ac:07:12:c6:79:6d:6a:53:0c:ce:63:f8:9d:c9:
         e9:4f:7b:bc:1b:66:5c:20:32:57:ce:e8:c2:fa:cd:02:d6:a9:
         de:c0:3b:5d:df:d1:ba:ba:60:98:f9:73:46:0a:b0:47:4e:c5:
         aa:a0:96:00:df:9c:64:18:30:95:82:13:e5:96:6e:1d:45:30:
         80:e2:0f:57:4b:c9:35:12:d5:da:70:f2:2c:43:fd:75:d5:47:
         f6:8d:b8:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2/hhBsC6n2c4hGpODE4xWuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDI0MTI0NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDI4OTI1ZmI2NjA2ZjhlOWQyZjBjNWVjNTE4YTJmYzZiZThjNGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5Kcm7ERdy0FC/gfXYURfu7j7CpO
v3+oNjGlCBzsYg1fzCzTCaBBjZmRhiES07Bz/uht+/ngbl7K9Ys/aDdeXRXWdE6L
TiT58emkvLPNrCfDSv8n4Imd3WOdOypVn0aUNy/zwZ0SuSyo6kgZXoL9jQH66fHa
LH6mg93nvVcsMrZj/MYzH+E6UbiOf24k7QxBq+56tjqRTcGGoJUmGEAyzTcB2BMg
YJVLrmS94Pm6AT8VObTArKleMsGVTvwyN9Oucswh/0+OOTNDbIV1eC4TwG5IVlOi
cGKsqb0uu+jBI1SXU+FDnIp7yz1IvntyPTHLvS8eLze9nH7H0nc9H75z0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQokl+2YG+OnS8MXsUYovxr6MSgMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWkNpU1g3WmdiNDZkTHd4ZXhSaWlfR3ZveEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXKMA0G
CSqGSIb3DQEBCwUAA4IBAQBabn1AwggkQa3Bzcd7B/uX9umcty/Uq/Od7v/vyYmH
NAeVn7sNpuIqtBnsXn7i57JZhG0ep5G1vUE7QYKF2YvsqXTouGLFSiqhUb0HsO4k
n66nTbLHmBM7yG60Nq+yJyHOBDwIZylqvXuFX4eduuCr/LTZIiOmH1eaIBkAul/f
6lzFUox3nnM5HsP1KkR4/+fzq9mudJbR5Ro6tdyfafa5bfqfJOhJrAcSxnltalMM
zmP4ncnpT3u8G2ZcIDJXzujC+s0C1qnewDtd39G6umCY+XNGCrBHTsWqoJYA35xk
GDCVghPllm4dRTCA4g9XS8k1EtXacPIsQ/111Uf2jbi/
-----END CERTIFICATE-----