Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/dvv7wJs2a5cdVgojsXh2s7hoKWA.roa
File:                     dvv7wJs2a5cdVgojsXh2s7hoKWA.roa (raw, json)
Hash identifier:          z4WE2+r6Q1C9RYr1u5XZDRKxXH63m+2vRz4o25liasU=
Subject key identifier:   76:FB:FB:C0:9B:36:6B:97:1D:56:0A:23:B1:78:76:B3:B8:68:29:60
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019DAA77C28A944F48993C03E5EA9767592F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/dvv7wJs2a5cdVgojsXh2s7hoKWA.roa
Signing time:             Mon 20 Apr 2026 10:37:48 +0000
ROA not before:           Mon 20 Apr 2026 10:37:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203446
IP address blocks:        163.5.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 21:56:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:77:c2:8a:94:4f:48:99:3c:03:e5:ea:97:67:59:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 20 10:37:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76fbfbc09b366b971d560a23b17876b3b8682960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:46:66:dc:29:d9:3e:56:48:f4:42:eb:12:2a:
                    8e:8b:3b:fe:29:33:b5:65:f9:5b:14:31:7a:8c:80:
                    bb:3a:04:28:e7:c0:c7:44:fe:9e:c2:2f:ce:2c:0c:
                    c3:53:fb:31:a5:da:78:b7:81:74:9e:f4:54:b3:0e:
                    08:4a:91:ec:87:bb:e2:ba:88:9e:25:9a:b7:c8:53:
                    ef:a5:3c:42:3a:d6:ae:68:bb:59:6f:6c:2b:93:3e:
                    e7:0c:ea:63:40:f2:65:e0:9b:c0:46:fd:ac:02:50:
                    b9:e3:6a:a8:7a:cb:75:8f:ee:f7:f1:87:74:12:c8:
                    92:f0:14:d1:c3:33:b7:f9:4a:b5:ad:7c:ad:00:36:
                    21:9f:29:66:f3:b7:a5:88:2a:ce:c4:1d:59:11:17:
                    70:8c:84:8e:49:1c:3d:92:e7:46:e0:69:f2:b2:bd:
                    48:a8:f1:80:ea:04:26:b6:71:30:32:1c:f8:ad:9b:
                    96:6c:76:d2:5a:ef:0f:38:7c:1f:c9:d7:71:fc:a4:
                    bf:4e:7d:1e:cb:2b:4e:3c:0f:73:6e:e0:05:33:56:
                    7a:62:3b:0c:3d:50:9c:ee:f6:34:cb:3f:a9:f1:91:
                    d2:1c:1a:20:aa:ad:d3:13:ce:42:cd:c0:7a:98:77:
                    8e:fa:79:ba:53:c5:d0:53:c4:95:b0:ac:8d:a5:15:
                    68:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:FB:FB:C0:9B:36:6B:97:1D:56:0A:23:B1:78:76:B3:B8:68:29:60
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/dvv7wJs2a5cdVgojsXh2s7hoKWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:7a:41:60:43:72:15:3f:d8:11:61:f1:b8:ea:f9:66:c0:7a:
         0b:ea:23:d2:53:24:84:5e:da:4c:06:12:0d:de:c8:5f:96:0c:
         b8:15:20:79:6d:ff:48:f9:e0:e2:ac:2b:e4:63:7b:66:0a:fd:
         56:25:32:06:b9:b5:2a:51:a6:4b:a5:04:4d:c5:c4:51:bf:a7:
         e1:7f:c0:47:1e:88:0a:74:43:b0:95:f9:0c:fe:8a:08:76:fc:
         4b:db:09:28:53:0f:ed:da:a3:8c:52:a4:3e:43:48:f1:4f:4f:
         e6:7d:2e:ca:e6:0d:2f:60:b1:86:47:f7:ce:9d:ae:ee:30:fc:
         9c:2d:f8:02:58:60:b7:92:e1:2b:91:13:c9:63:3d:44:c1:69:
         1a:46:e4:3c:8f:b0:a2:0b:bc:ff:52:3f:32:55:bf:45:b8:7b:
         c8:dc:d3:8f:d9:2b:06:c6:54:0f:6a:39:e3:aa:86:7e:82:77:
         e2:b8:9d:39:39:7a:1f:12:01:73:77:93:fa:3a:25:41:b3:f9:
         1c:06:22:62:0a:ff:63:8b:e1:e5:88:42:6a:f4:0c:67:8c:1b:
         f6:49:e9:34:7a:5f:e4:48:88:73:67:ef:f9:49:3e:65:c9:60:
         b5:9a:2c:b2:ae:0a:a1:64:8f:63:41:be:4c:12:a3:fc:4c:45:
         cc:1d:2d:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2qd8KKlE9ImTwD5eqXZ1kvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDIwMTAzNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmZiZmJjMDliMzY2Yjk3MWQ1NjBhMjNiMTc4NzZiM2I4NjgyOTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUZm3CnZPlZI9ELrEiqOizv+KTO1
ZflbFDF6jIC7OgQo58DHRP6ewi/OLAzDU/sxpdp4t4F0nvRUsw4ISpHsh7viuoie
JZq3yFPvpTxCOtauaLtZb2wrkz7nDOpjQPJl4JvARv2sAlC542qoest1j+738Yd0
EsiS8BTRwzO3+Uq1rXytADYhnylm87eliCrOxB1ZERdwjISOSRw9kudG4Gnysr1I
qPGA6gQmtnEwMhz4rZuWbHbSWu8POHwfyddx/KS/Tn0eyytOPA9zbuAFM1Z6YjsM
PVCc7vY0yz+p8ZHSHBogqq3TE85CzcB6mHeO+nm6U8XQU8SVsKyNpRVoqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHb7+8CbNmuXHVYKI7F4drO4aClgMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZHZ2N3dKczJhNWNkVmdvanNYaDJzN2hvS1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXDMA0G
CSqGSIb3DQEBCwUAA4IBAQCLekFgQ3IVP9gRYfG46vlmwHoL6iPSUySEXtpMBhIN
3shflgy4FSB5bf9I+eDirCvkY3tmCv1WJTIGubUqUaZLpQRNxcRRv6fhf8BHHogK
dEOwlfkM/ooIdvxL2wkoUw/t2qOMUqQ+Q0jxT0/mfS7K5g0vYLGGR/fOna7uMPyc
LfgCWGC3kuErkRPJYz1EwWkaRuQ8j7CiC7z/Uj8yVb9FuHvI3NOP2SsGxlQPajnj
qoZ+gnfiuJ05OXofEgFzd5P6OiVBs/kcBiJiCv9ji+HliEJq9AxnjBv2Sek0el/k
SIhzZ+/5ST5lyWC1miyyrgqhZI9jQb5MEqP8TEXMHS0T
-----END CERTIFICATE-----