Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kTZg7UPetIoHsyNcmaQUTNeYNXg.roa
File:                     kTZg7UPetIoHsyNcmaQUTNeYNXg.roa (raw, json)
Hash identifier:          DrNQCCmTh54xB7+WSebByMU4vhxh6yi4N8AowTOcwTE=
Subject key identifier:   91:36:60:ED:43:DE:B4:8A:07:B3:23:5C:99:A4:14:4C:D7:98:35:78
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019DDAA6AD5303DDBBECCB8D68D1530F55D3
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kTZg7UPetIoHsyNcmaQUTNeYNXg.roa
Signing time:             Wed 29 Apr 2026 19:10:49 +0000
ROA not before:           Wed 29 Apr 2026 19:10:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203156
IP address blocks:        163.5.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 May 2026 12:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:a6:ad:53:03:dd:bb:ec:cb:8d:68:d1:53:0f:55:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 29 19:10:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=913660ed43deb48a07b3235c99a4144cd7983578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4f:e2:0c:60:36:eb:d9:f3:8a:43:8b:15:59:
                    e3:cf:cf:e2:5b:62:0e:c9:44:64:bd:87:88:f4:24:
                    10:cf:19:6a:7a:ca:a2:03:99:dd:92:ab:df:dc:78:
                    3d:01:0d:cb:51:3a:6a:52:ed:0f:03:14:fb:2d:08:
                    9b:87:0d:c2:23:3c:0b:79:6a:36:47:55:9c:22:61:
                    6d:2e:f3:24:db:e2:50:35:db:b0:fd:72:ab:0b:b3:
                    7a:ca:1e:ec:11:b3:c2:9c:9c:85:17:ad:b2:59:d5:
                    10:3b:ea:5e:58:27:d6:12:22:5a:6c:8e:bd:ec:ba:
                    62:e9:2c:77:0b:16:92:b9:ca:7e:54:9f:9d:bf:e9:
                    ee:96:5f:47:c1:23:43:a6:cd:90:7c:35:12:8b:59:
                    d9:6d:0f:24:bc:a7:92:2b:ba:60:76:f7:b5:22:9a:
                    d2:87:c4:94:84:25:c4:e6:48:9e:48:37:e5:56:45:
                    d6:47:4e:51:e9:70:97:bf:46:f8:f6:ea:8b:7e:a7:
                    d1:66:74:58:29:f2:d8:e6:57:aa:51:97:51:2e:29:
                    ca:08:2c:23:a9:b9:d9:13:11:78:8e:05:98:dd:cf:
                    0b:18:4b:b0:38:db:a2:fe:ce:b7:41:23:1c:64:79:
                    ac:08:5e:87:3b:81:7e:76:30:0b:46:b8:5e:46:15:
                    46:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:36:60:ED:43:DE:B4:8A:07:B3:23:5C:99:A4:14:4C:D7:98:35:78
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kTZg7UPetIoHsyNcmaQUTNeYNXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ef:3d:23:dd:b0:be:48:d8:f5:fa:42:ed:d6:7d:62:89:e2:
         23:75:e8:a3:a3:16:0c:b9:a1:eb:49:61:23:3b:c2:1c:c4:5a:
         8f:1b:67:4b:01:96:19:e9:46:ee:2d:eb:93:66:94:e9:53:23:
         d2:ac:c3:58:1e:66:4e:60:63:e2:ff:4c:ae:57:55:52:a2:8a:
         c1:63:ab:73:8b:6f:7e:da:49:8c:80:b9:a0:f9:fe:1a:c0:de:
         16:8c:ac:33:87:04:60:b8:d6:83:ba:d7:7c:28:5e:a0:4c:ce:
         6e:de:ea:de:c6:0f:34:68:df:cb:7f:97:b3:77:ba:29:ef:9f:
         d2:06:05:a8:b0:dd:1d:69:71:51:36:b1:20:49:04:76:74:9f:
         a3:c7:5e:21:97:41:af:b5:0b:23:1a:85:e6:2e:f2:a4:a4:dd:
         11:70:88:06:39:74:54:3a:75:b7:dc:0a:ad:68:76:49:14:d5:
         f7:f6:2c:f7:b6:8b:aa:de:be:e3:f7:38:59:d7:51:40:c1:a1:
         ac:93:e8:1f:f7:77:d5:a1:dd:97:68:2c:8b:30:09:21:a5:a3:
         40:79:cb:89:21:c8:b4:e0:ee:8c:9b:20:67:25:bf:19:7b:58:
         ab:a1:ba:33:2e:83:11:58:2d:20:5b:6c:99:8c:25:b7:c7:44:
         a2:87:9d:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3apq1TA9277MuNaNFTD1XTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDI5MTkxMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTM2NjBlZDQzZGViNDhhMDdiMzIzNWM5OWE0MTQ0Y2Q3OTgzNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3E/iDGA269nzikOLFVnjz8/iW2IO
yURkvYeI9CQQzxlqesqiA5ndkqvf3Hg9AQ3LUTpqUu0PAxT7LQibhw3CIzwLeWo2
R1WcImFtLvMk2+JQNduw/XKrC7N6yh7sEbPCnJyFF62yWdUQO+peWCfWEiJabI69
7Lpi6Sx3CxaSucp+VJ+dv+null9HwSNDps2QfDUSi1nZbQ8kvKeSK7pgdve1IprS
h8SUhCXE5kieSDflVkXWR05R6XCXv0b49uqLfqfRZnRYKfLY5leqUZdRLinKCCwj
qbnZExF4jgWY3c8LGEuwONui/s63QSMcZHmsCF6HO4F+djALRrheRhVGrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJE2YO1D3rSKB7MjXJmkFEzXmDV4MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEva1RaZzdVUGV0SW9Ic3lOY21hUVVUTmVZTlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowV9MA0G
CSqGSIb3DQEBCwUAA4IBAQAq7z0j3bC+SNj1+kLt1n1iieIjdeijoxYMuaHrSWEj
O8IcxFqPG2dLAZYZ6UbuLeuTZpTpUyPSrMNYHmZOYGPi/0yuV1VSoorBY6tzi29+
2kmMgLmg+f4awN4WjKwzhwRguNaDutd8KF6gTM5u3urexg80aN/Lf5ezd7op75/S
BgWosN0daXFRNrEgSQR2dJ+jx14hl0GvtQsjGoXmLvKkpN0RcIgGOXRUOnW33Aqt
aHZJFNX39iz3touq3r7j9zhZ11FAwaGsk+gf93fVod2XaCyLMAkhpaNAecuJIci0
4O6MmyBnJb8Ze1irobozLoMRWC0gW2yZjCW3x0Sih52F
-----END CERTIFICATE-----