Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/aAXo3upUn4JNnU5uWIAlo5HZmwE.roa
File:                     aAXo3upUn4JNnU5uWIAlo5HZmwE.roa (raw, json)
Hash identifier:          MJChh7/K6M3acIaN4lNv2PoAh0m+jITKw062+6gnEUo=
Subject key identifier:   68:05:E8:DE:EA:54:9F:82:4D:9D:4E:6E:58:80:25:A3:91:D9:9B:01
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CD27F6BE7182AB5CAB91470A1C4F4AC84
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/aAXo3upUn4JNnU5uWIAlo5HZmwE.roa
Signing time:             Mon 09 Mar 2026 12:08:11 +0000
ROA not before:           Mon 09 Mar 2026 12:08:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216159
IP address blocks:        163.5.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Mar 2026 23:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:7f:6b:e7:18:2a:b5:ca:b9:14:70:a1:c4:f4:ac:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar  9 12:08:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6805e8deea549f824d9d4e6e588025a391d99b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2d:3a:8e:3f:3c:c8:b4:99:b4:14:6e:4b:1a:
                    39:6f:e3:2c:00:40:8d:79:41:e1:8e:c5:6b:61:51:
                    5e:53:da:6a:fa:81:44:50:71:3e:81:7a:ea:32:4e:
                    aa:c2:6e:09:ef:58:cd:9f:fc:a3:08:c7:a5:2e:33:
                    e3:92:92:17:9a:c7:18:d9:d2:52:d3:c7:2b:5b:d2:
                    f2:96:10:32:91:28:0f:1f:a9:2f:4d:85:98:da:28:
                    46:80:5b:e7:8b:57:60:f6:be:0d:38:84:63:65:80:
                    4d:7b:5f:f8:ed:cf:57:27:a0:5b:d9:69:66:f6:89:
                    79:6b:f1:c8:df:1c:ca:75:26:54:ac:91:cc:ea:3f:
                    da:ce:47:63:5d:6b:fd:7f:30:43:a5:cd:d7:a5:82:
                    86:7f:66:1b:1e:03:9b:43:aa:93:92:3d:eb:b1:ca:
                    a9:b0:21:e2:a7:a6:00:bf:ac:2f:f5:a8:b9:63:a4:
                    a2:80:dd:f8:d4:ca:d3:34:9e:5e:b1:97:9e:9e:6e:
                    c1:fc:cf:a6:db:07:44:97:8c:ff:dd:d7:5e:3e:83:
                    41:31:41:36:55:a2:0b:4e:81:fc:9f:33:38:7c:33:
                    07:93:a6:b4:b6:e0:91:8d:25:4a:1b:f1:69:a5:51:
                    63:04:9d:b6:15:2c:6d:14:b1:ac:50:ec:0e:45:be:
                    23:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:05:E8:DE:EA:54:9F:82:4D:9D:4E:6E:58:80:25:A3:91:D9:9B:01
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/aAXo3upUn4JNnU5uWIAlo5HZmwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:bb:23:4d:1e:64:d4:0a:53:8d:69:78:37:24:27:05:15:fe:
         9d:70:75:e9:5a:bb:6c:f3:2f:1e:e4:28:10:b0:23:6c:57:73:
         6f:ca:df:bc:54:da:f2:a9:15:83:52:73:7c:dc:da:ce:43:b9:
         75:74:e9:3a:db:75:9f:50:b5:08:2b:ae:9f:14:d1:cd:c1:03:
         ef:5b:1c:d6:9a:4a:b2:e0:1a:d4:6f:4b:ed:c4:69:8e:98:c7:
         67:1e:73:5e:58:c2:2e:d5:d0:2c:1a:65:84:f0:ce:54:2c:a5:
         b5:9d:44:27:23:16:3c:18:f8:dc:d2:f4:30:6f:1a:f5:ae:ed:
         7e:4b:d3:08:46:c8:c3:dd:a1:6e:d2:d6:43:ee:08:58:6a:fc:
         f7:a5:5a:88:79:cc:43:d2:39:2f:c5:d1:f1:45:e9:d2:85:c8:
         76:cf:82:18:4e:81:b7:12:5b:75:23:6f:47:fd:25:f9:7d:fa:
         ed:17:47:c9:24:50:b0:eb:9a:e0:a3:57:3b:0e:a6:c4:3e:4f:
         80:dc:02:bc:89:dd:07:25:b9:80:17:66:2f:ab:84:32:90:6e:
         4e:db:b6:a6:9f:e3:52:30:e6:d5:fa:1a:00:c0:6e:e0:d8:c6:
         60:b9:b9:61:b9:29:94:f5:e6:c0:9d:98:57:84:5d:0c:29:56:
         a9:c6:ee:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzSf2vnGCq1yrkUcKHE9KyEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzA5MTIwODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODA1ZThkZWVhNTQ5ZjgyNGQ5ZDRlNmU1ODgwMjVhMzkxZDk5YjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqi06jj88yLSZtBRuSxo5b+MsAECN
eUHhjsVrYVFeU9pq+oFEUHE+gXrqMk6qwm4J71jNn/yjCMelLjPjkpIXmscY2dJS
08crW9LylhAykSgPH6kvTYWY2ihGgFvni1dg9r4NOIRjZYBNe1/47c9XJ6Bb2Wlm
9ol5a/HI3xzKdSZUrJHM6j/azkdjXWv9fzBDpc3XpYKGf2YbHgObQ6qTkj3rscqp
sCHip6YAv6wv9ai5Y6SigN341MrTNJ5esZeenm7B/M+m2wdEl4z/3ddePoNBMUE2
VaILToH8nzM4fDMHk6a0tuCRjSVKG/FppVFjBJ22FSxtFLGsUOwORb4jawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgF6N7qVJ+CTZ1ObliAJaOR2ZsBMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvYUFYbzN1cFVuNEpOblU1dVdJQWxvNUhabXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXVMA0G
CSqGSIb3DQEBCwUAA4IBAQAzuyNNHmTUClONaXg3JCcFFf6dcHXpWrts8y8e5CgQ
sCNsV3Nvyt+8VNryqRWDUnN83NrOQ7l1dOk623WfULUIK66fFNHNwQPvWxzWmkqy
4BrUb0vtxGmOmMdnHnNeWMIu1dAsGmWE8M5ULKW1nUQnIxY8GPjc0vQwbxr1ru1+
S9MIRsjD3aFu0tZD7ghYavz3pVqIecxD0jkvxdHxRenShch2z4IYToG3Elt1I29H
/SX5ffrtF0fJJFCw65rgo1c7DqbEPk+A3AK8id0HJbmAF2Yvq4QykG5O27amn+NS
MObV+hoAwG7g2MZgublhuSmU9ebAnZhXhF0MKVapxu5w
-----END CERTIFICATE-----