Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ipIEqIZd76_AZaaqBK3Ky5l3qvE.roa
File:                     ipIEqIZd76_AZaaqBK3Ky5l3qvE.roa (raw, json)
Hash identifier:          RSCjnxHPIY7ktB7bMsgLDMb3E4nfTxDW3oR1OxSYCx0=
Subject key identifier:   8A:92:04:A8:86:5D:EF:AF:C0:65:A6:AA:04:AD:CA:CB:99:77:AA:F1
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019A003057B4754890E8AB849FD625F27F09
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ipIEqIZd76_AZaaqBK3Ky5l3qvE.roa
Signing time:             Mon 20 Oct 2025 05:55:59 +0000
ROA not before:           Mon 20 Oct 2025 05:55:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        163.5.66.0/24 maxlen: 24
                          163.5.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:00:30:57:b4:75:48:90:e8:ab:84:9f:d6:25:f2:7f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct 20 05:55:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a9204a8865defafc065a6aa04adcacb9977aaf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d1:78:9e:ee:e2:41:e3:94:3e:c7:2e:61:72:
                    4b:27:76:77:54:ad:5b:25:d1:48:d7:6d:bd:69:20:
                    b9:06:53:e5:da:a4:12:7c:c0:03:f3:44:ee:44:d9:
                    7e:8f:b4:0d:4a:31:70:e7:76:7c:0a:43:6b:5b:7b:
                    f7:81:59:92:11:ca:03:9d:09:a8:62:1f:68:bd:33:
                    74:24:39:2f:2c:ab:15:66:35:4d:c8:65:f6:65:c2:
                    e1:40:cc:0a:b2:e0:83:79:0c:56:44:9a:ba:1c:9f:
                    c9:7b:2a:9b:b6:1e:ce:bc:3d:28:bd:21:9b:91:9d:
                    71:bb:36:ad:96:54:0e:b3:41:ac:ce:2c:33:84:07:
                    8f:b1:af:91:6f:50:7a:7a:1d:b1:98:ae:c1:b3:e2:
                    bb:49:b3:25:05:af:a1:90:01:e3:bf:f8:8c:26:3b:
                    5b:5e:e9:24:17:85:25:37:b6:67:b0:39:24:71:75:
                    f8:39:f0:c4:d2:60:b0:1b:82:0e:e5:fa:1e:73:64:
                    c7:22:fa:9d:b0:01:22:b7:55:c1:77:1b:67:33:21:
                    49:51:d2:a5:f3:05:cb:85:eb:8d:de:7d:a5:5a:91:
                    fc:98:d4:d0:90:d3:71:2c:13:a3:0b:82:b1:fd:ee:
                    3b:a1:02:5e:c8:56:f7:4b:e8:96:f8:88:d5:8b:11:
                    f1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:92:04:A8:86:5D:EF:AF:C0:65:A6:AA:04:AD:CA:CB:99:77:AA:F1
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ipIEqIZd76_AZaaqBK3Ky5l3qvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.66.0/24
                  163.5.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:b4:06:69:89:d4:b9:41:a1:06:de:43:7b:60:35:be:d1:90:
         8a:f3:92:f6:32:2a:f1:38:62:88:9d:ce:0d:b2:f5:5b:f2:fb:
         2e:4e:7b:e9:34:6f:d9:de:d7:45:b4:f3:09:75:52:f4:99:de:
         67:61:28:76:5a:bd:f4:71:7b:03:87:d1:c1:31:56:ce:ee:48:
         6c:90:7b:aa:b0:3d:79:97:66:8e:89:70:c9:2a:b6:c5:c4:99:
         55:0a:ec:d3:b2:d8:5f:59:99:7c:dd:55:99:2c:6b:b3:26:f3:
         25:6f:da:7f:f7:c5:c1:25:59:e7:0c:aa:f8:84:85:66:9d:7f:
         64:5d:e9:21:90:ec:af:c8:0a:1d:17:23:9e:37:12:de:eb:16:
         8a:5b:f6:fe:74:da:f3:33:d0:ea:89:83:87:cd:96:9c:91:d7:
         6f:36:05:0c:5b:fc:04:28:ce:d7:b4:57:99:e5:7e:f4:be:b9:
         05:69:d1:e6:ee:fa:95:32:8a:4b:18:fc:a1:49:40:8a:25:54:
         3a:86:e4:1f:05:d1:a9:08:62:a8:9b:62:79:09:75:12:79:be:
         6c:6d:48:07:f2:fe:aa:9b:d5:33:24:4c:82:8d:c6:11:c2:1b:
         b5:3f:b5:a8:f8:76:95:3e:8e:ec:58:33:f3:11:2a:cc:5a:5d:
         f8:d5:cc:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoAMFe0dUiQ6KuEn9Yl8n8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUxMDIwMDU1NTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTkyMDRhODg2NWRlZmFmYzA2NWE2YWEwNGFkY2FjYjk5NzdhYWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dF4nu7iQeOUPscuYXJLJ3Z3VK1b
JdFI1229aSC5BlPl2qQSfMAD80TuRNl+j7QNSjFw53Z8CkNrW3v3gVmSEcoDnQmo
Yh9ovTN0JDkvLKsVZjVNyGX2ZcLhQMwKsuCDeQxWRJq6HJ/Jeyqbth7OvD0ovSGb
kZ1xuzatllQOs0GsziwzhAePsa+Rb1B6eh2xmK7Bs+K7SbMlBa+hkAHjv/iMJjtb
XukkF4UlN7ZnsDkkcXX4OfDE0mCwG4IO5foec2THIvqdsAEit1XBdxtnMyFJUdKl
8wXLheuN3n2lWpH8mNTQkNNxLBOjC4Kx/e47oQJeyFb3S+iW+IjVixHxXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIqSBKiGXe+vwGWmqgStysuZd6rxMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaXBJRXFJWmQ3Nl9BWmFhcUJLM0t5NWwzcXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVCAwQA
owVhMA0GCSqGSIb3DQEBCwUAA4IBAQAdtAZpidS5QaEG3kN7YDW+0ZCK85L2Mirx
OGKInc4NsvVb8vsuTnvpNG/Z3tdFtPMJdVL0md5nYSh2Wr30cXsDh9HBMVbO7khs
kHuqsD15l2aOiXDJKrbFxJlVCuzTsthfWZl83VWZLGuzJvMlb9p/98XBJVnnDKr4
hIVmnX9kXekhkOyvyAodFyOeNxLe6xaKW/b+dNrzM9DqiYOHzZackddvNgUMW/wE
KM7XtFeZ5X70vrkFadHm7vqVMopLGPyhSUCKJVQ6huQfBdGpCGKom2J5CXUSeb5s
bUgH8v6qm9UzJEyCjcYRwhu1P7Wo+HaVPo7sWDPzESrMWl341czk
-----END CERTIFICATE-----