Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cLOifgxtCRyNcN_xrrgq3w2thLA.roa
File:                     cLOifgxtCRyNcN_xrrgq3w2thLA.roa (raw, json)
Hash identifier:          64G1xB5eVyeQb0OXJ1elb1rEz0wTyUKv7M9ra+jJzjg=
Subject key identifier:   70:B3:A2:7E:0C:6D:09:1C:8D:70:DF:F1:AE:B8:2A:DF:0D:AD:84:B0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019E637D4F9FDCFFF359DC68A8F4CB660C57
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cLOifgxtCRyNcN_xrrgq3w2thLA.roa
Signing time:             Tue 26 May 2026 08:53:37 +0000
ROA not before:           Tue 26 May 2026 08:53:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137517
IP address blocks:        163.5.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:7d:4f:9f:dc:ff:f3:59:dc:68:a8:f4:cb:66:0c:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 26 08:53:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70b3a27e0c6d091c8d70dff1aeb82adf0dad84b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:08:d4:1e:ad:8f:7f:c6:f5:06:3c:17:22:4f:
                    e4:2d:ad:2a:af:26:50:20:5d:eb:e0:18:85:a6:4d:
                    56:bb:9b:61:b9:ec:d5:b4:23:6c:60:81:1e:5d:f8:
                    f1:63:15:89:ac:70:5d:2d:0d:11:aa:de:d0:26:f0:
                    9a:85:5e:54:92:19:89:06:d0:d2:a5:7c:33:c5:98:
                    ab:33:96:9b:32:d1:cf:33:a2:90:59:de:b3:21:96:
                    1f:ab:90:46:7c:76:31:e6:db:a1:36:6a:18:01:0f:
                    a9:1d:77:79:5e:93:f8:ac:d6:c6:91:3c:5b:30:67:
                    c5:57:6a:bc:17:3d:4d:fd:e1:65:0a:08:7f:5d:d0:
                    e8:b8:c0:0f:62:70:b2:0c:d7:e9:73:c7:a4:27:dd:
                    c6:95:6f:8c:40:54:a1:e9:55:17:96:d0:5c:0d:f0:
                    f4:77:38:7c:de:e0:b9:3f:42:a3:44:69:52:2f:a7:
                    bd:5e:87:f6:32:02:4a:ea:38:f9:89:12:0e:62:9d:
                    bf:7e:d5:e5:93:77:82:5d:1b:f2:85:04:6b:a9:75:
                    73:a6:0e:c7:82:fa:f7:f1:8f:bd:c6:92:4e:fe:6a:
                    89:27:9e:e4:41:f9:22:e2:b0:f8:52:cb:67:ba:18:
                    cb:39:9a:80:3d:ee:51:64:a6:ff:a7:f0:f4:c3:6c:
                    11:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B3:A2:7E:0C:6D:09:1C:8D:70:DF:F1:AE:B8:2A:DF:0D:AD:84:B0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cLOifgxtCRyNcN_xrrgq3w2thLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:c3:de:a8:51:97:e8:b7:22:a1:6f:47:17:5e:79:93:67:4a:
         9b:27:16:da:2f:16:ac:c9:f7:41:f5:e7:4b:ac:9c:5b:e3:61:
         d2:e5:8f:b7:01:5b:af:4e:73:de:6d:72:f4:85:cb:cd:6e:47:
         81:c3:ec:42:b2:67:ae:f4:a2:d1:e6:72:6e:5b:95:2e:61:3d:
         23:0f:01:9e:a8:52:2e:8e:ba:92:e0:41:9e:31:03:dd:90:65:
         13:2d:f4:c8:fa:60:4d:ae:2f:f2:6d:aa:cc:e1:c1:8b:5c:61:
         4d:a4:e4:a5:06:02:e0:2a:8d:6a:b6:f5:21:21:cd:1d:d4:02:
         7a:be:6a:e7:4b:fc:be:aa:91:86:48:4c:19:75:b4:8e:64:d1:
         18:48:86:78:5d:d7:83:5b:9a:28:55:43:7e:9e:7c:d2:ae:64:
         88:6c:29:f4:57:c1:72:a7:10:0b:17:a7:ef:cd:e3:0c:d5:72:
         1c:65:a8:31:8c:16:3b:3a:f1:8a:c3:11:7b:37:65:60:34:18:
         20:40:9f:63:e8:58:f2:f2:1e:d2:24:b0:99:c4:f4:9c:9b:43:
         90:a1:f9:73:56:9a:ab:83:14:6c:da:48:0a:fe:a5:ba:77:71:
         52:fa:96:70:9f:b6:21:e4:dc:45:1a:7b:58:c7:31:26:b0:ec:
         e9:0a:33:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jfU+f3P/zWdxoqPTLZgxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNTI2MDg1MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGIzYTI3ZTBjNmQwOTFjOGQ3MGRmZjFhZWI4MmFkZjBkYWQ4NGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQjUHq2Pf8b1BjwXIk/kLa0qryZQ
IF3r4BiFpk1Wu5thuezVtCNsYIEeXfjxYxWJrHBdLQ0Rqt7QJvCahV5UkhmJBtDS
pXwzxZirM5abMtHPM6KQWd6zIZYfq5BGfHYx5tuhNmoYAQ+pHXd5XpP4rNbGkTxb
MGfFV2q8Fz1N/eFlCgh/XdDouMAPYnCyDNfpc8ekJ93GlW+MQFSh6VUXltBcDfD0
dzh83uC5P0KjRGlSL6e9Xof2MgJK6jj5iRIOYp2/ftXlk3eCXRvyhQRrqXVzpg7H
gvr38Y+9xpJO/mqJJ57kQfki4rD4UstnuhjLOZqAPe5RZKb/p/D0w2wRkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCzon4MbQkcjXDf8a64Kt8NrYSwMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvY0xPaWZneHRDUnlOY05feHJyZ3EzdzJ0aExBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWQMA0G
CSqGSIb3DQEBCwUAA4IBAQBMw96oUZfotyKhb0cXXnmTZ0qbJxbaLxasyfdB9edL
rJxb42HS5Y+3AVuvTnPebXL0hcvNbkeBw+xCsmeu9KLR5nJuW5UuYT0jDwGeqFIu
jrqS4EGeMQPdkGUTLfTI+mBNri/ybarM4cGLXGFNpOSlBgLgKo1qtvUhIc0d1AJ6
vmrnS/y+qpGGSEwZdbSOZNEYSIZ4XdeDW5ooVUN+nnzSrmSIbCn0V8FypxALF6fv
zeMM1XIcZagxjBY7OvGKwxF7N2VgNBggQJ9j6Fjy8h7SJLCZxPScm0OQoflzVpqr
gxRs2kgK/qW6d3FS+pZwn7Yh5NxFGntYxzEmsOzpCjM0
-----END CERTIFICATE-----