Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/i7N9h-xiY_V2XuVDTopi4MVGQX0.roa
File:                     i7N9h-xiY_V2XuVDTopi4MVGQX0.roa (raw, json)
Hash identifier:          4QJuGNFujYEM6CPnBxdLSPSEPdNsZWPEjcfi3uZ7JXE=
Subject key identifier:   8B:B3:7D:87:EC:62:63:F5:76:5E:E5:43:4E:8A:62:E0:C5:46:41:7D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019E5BBA9E8BA917396B4C6FF697947812EC
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/i7N9h-xiY_V2XuVDTopi4MVGQX0.roa
Signing time:             Sun 24 May 2026 20:43:37 +0000
ROA not before:           Sun 24 May 2026 20:43:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198566
IP address blocks:        163.5.190.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5b:ba:9e:8b:a9:17:39:6b:4c:6f:f6:97:94:78:12:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 24 20:43:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8bb37d87ec6263f5765ee5434e8a62e0c546417d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:0d:71:24:68:ac:a2:66:4e:b6:f2:a9:e4:23:
                    d5:2d:85:b4:d9:c0:c4:94:f9:98:e7:df:e9:b5:92:
                    50:9c:60:02:2f:e2:da:00:6a:45:46:23:35:8f:6a:
                    bd:dc:76:0b:39:83:d6:f0:f7:b6:92:c6:75:89:8b:
                    21:6e:69:5f:c6:e8:96:22:7e:37:98:50:14:97:95:
                    5f:41:c7:98:d8:38:b7:ff:c8:64:6d:eb:d1:fd:8e:
                    9d:a6:5f:f8:8f:43:08:28:2a:d2:73:d6:e0:22:eb:
                    bf:7c:e1:cb:24:d4:25:ce:23:15:2e:41:26:16:ca:
                    42:31:15:ad:85:bc:40:89:96:e7:ea:e5:e8:be:41:
                    fe:40:b9:d9:18:b4:bc:fe:f1:6e:cb:21:a7:87:d6:
                    b0:f3:5d:f8:95:cd:b7:d5:25:03:45:ad:6a:ca:ec:
                    b8:bb:64:1a:b4:1a:a6:1d:ed:3d:22:b8:b7:63:bf:
                    b5:8f:85:ed:30:75:8c:32:62:5c:7b:72:96:f6:7a:
                    9b:25:4b:8f:7c:5c:35:24:0e:72:3c:4b:57:7f:72:
                    c1:27:e4:04:e5:04:07:3a:9e:e5:cf:4b:43:ec:4b:
                    b8:99:af:01:05:bd:73:e8:e2:20:6e:8e:e5:e4:75:
                    4d:80:d7:0a:52:60:59:3d:ec:25:03:e3:cc:40:0c:
                    7a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:B3:7D:87:EC:62:63:F5:76:5E:E5:43:4E:8A:62:E0:C5:46:41:7D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/i7N9h-xiY_V2XuVDTopi4MVGQX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.190.0/24
                  163.5.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:20:d8:fc:13:54:4b:f7:ff:bc:7f:d1:a6:27:31:52:ae:7a:
         5d:1f:5a:a1:57:0f:9f:9b:73:da:20:4e:35:4a:0c:56:d1:e4:
         ee:89:7c:30:1b:bb:db:07:54:d2:9f:de:16:6c:31:92:73:0f:
         82:db:ee:5c:12:0e:82:36:e4:38:54:f4:d3:b0:4c:ef:f7:d5:
         ec:00:94:90:49:1b:ab:bd:49:84:61:ac:45:09:ac:c1:2c:ca:
         6e:b9:29:26:b2:64:dc:30:64:f6:df:a3:fd:44:1b:3f:93:d7:
         bf:19:40:36:f9:f5:2b:33:b8:2f:8d:d6:b8:53:78:f4:c8:c6:
         6d:d6:2d:55:8a:b7:cc:bb:04:66:ec:db:b9:ec:6a:fb:34:ea:
         7f:f5:52:05:a7:e3:9e:26:e6:34:9f:a6:1b:66:2c:49:c7:e0:
         e3:5d:f1:8b:33:f3:7e:e0:74:5e:31:41:24:13:0f:56:4c:71:
         02:6d:7e:ee:6d:2c:dd:ef:62:9f:ba:64:2a:eb:2f:d9:20:45:
         7b:5b:b2:5e:5a:8b:0d:f9:0b:b0:27:61:95:7b:ad:7e:51:81:
         be:46:f2:93:b5:0b:1f:b1:2b:c6:be:71:b5:94:de:3b:40:76:
         bb:aa:7b:f9:00:82:18:a6:aa:53:fe:93:13:22:b3:50:e0:9d:
         79:07:47:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5bup6LqRc5a0xv9peUeBLsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNTI0MjA0MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmIzN2Q4N2VjNjI2M2Y1NzY1ZWU1NDM0ZThhNjJlMGM1NDY0MTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Q1xJGisomZOtvKp5CPVLYW02cDE
lPmY59/ptZJQnGACL+LaAGpFRiM1j2q93HYLOYPW8Pe2ksZ1iYshbmlfxuiWIn43
mFAUl5VfQceY2Di3/8hkbevR/Y6dpl/4j0MIKCrSc9bgIuu/fOHLJNQlziMVLkEm
FspCMRWthbxAiZbn6uXovkH+QLnZGLS8/vFuyyGnh9aw8134lc231SUDRa1qyuy4
u2QatBqmHe09Iri3Y7+1j4XtMHWMMmJce3KW9nqbJUuPfFw1JA5yPEtXf3LBJ+QE
5QQHOp7lz0tD7Eu4ma8BBb1z6OIgbo7l5HVNgNcKUmBZPewlA+PMQAx66QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIuzfYfsYmP1dl7lQ06KYuDFRkF9MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaTdOOWgteGlZX1YyWHVWRFRvcGk0TVZHUVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowW+AwQA
owXAMA0GCSqGSIb3DQEBCwUAA4IBAQCUINj8E1RL9/+8f9GmJzFSrnpdH1qhVw+f
m3PaIE41SgxW0eTuiXwwG7vbB1TSn94WbDGScw+C2+5cEg6CNuQ4VPTTsEzv99Xs
AJSQSRurvUmEYaxFCazBLMpuuSkmsmTcMGT236P9RBs/k9e/GUA2+fUrM7gvjda4
U3j0yMZt1i1VirfMuwRm7Nu57Gr7NOp/9VIFp+OeJuY0n6YbZixJx+DjXfGLM/N+
4HReMUEkEw9WTHECbX7ubSzd72KfumQq6y/ZIEV7W7JeWosN+QuwJ2GVe61+UYG+
RvKTtQsfsSvGvnG1lN47QHa7qnv5AIIYpqpT/pMTIrNQ4J15B0f5
-----END CERTIFICATE-----