Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lBmtuVvwomX7yh7mn99chqwLkrI.roa
File:                     lBmtuVvwomX7yh7mn99chqwLkrI.roa (raw, json)
Hash identifier:          rfEv/OFpl1e9yN9AxXuSP0RuxY37Pq9biuwIGUhRscg=
Subject key identifier:   94:19:AD:B9:5B:F0:A2:65:FB:CA:1E:E6:9F:DF:5C:86:AC:0B:92:B2
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019DBF8350503FA59996E315C41C6364930D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lBmtuVvwomX7yh7mn99chqwLkrI.roa
Signing time:             Fri 24 Apr 2026 12:42:27 +0000
ROA not before:           Fri 24 Apr 2026 12:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        163.5.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 14:52:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:83:50:50:3f:a5:99:96:e3:15:c4:1c:63:64:93:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 24 12:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9419adb95bf0a265fbca1ee69fdf5c86ac0b92b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a3:fd:fc:40:aa:20:38:29:1f:cc:84:e6:3b:
                    1f:15:69:11:b0:bc:46:2a:2f:c6:b6:10:67:5d:a0:
                    9e:4d:f7:2b:01:78:a2:93:e9:81:33:2f:9c:86:56:
                    5f:db:ed:aa:64:e5:5a:e6:bf:ad:50:a8:71:41:fe:
                    9a:17:2d:f3:91:4e:b2:42:18:86:bc:34:22:30:04:
                    f5:98:7c:12:79:ce:2a:5f:0d:b1:64:2c:b2:66:ef:
                    6a:a7:6b:5b:7c:78:66:05:fe:20:ae:5f:20:1b:75:
                    c3:2d:dd:60:60:98:6a:b0:a3:9f:f2:42:8a:92:29:
                    25:43:ce:ae:23:dc:2a:e5:08:b7:44:94:e0:73:50:
                    3e:d0:ff:f4:78:70:6e:5a:02:a6:54:41:64:44:d4:
                    06:5f:4f:ba:7a:96:b5:db:16:a0:4d:63:a1:b7:5e:
                    3a:83:03:16:fe:97:c9:6e:47:16:4a:7e:60:c6:e9:
                    18:6d:b5:33:02:72:bd:fe:b9:ae:8b:e2:df:71:7f:
                    4f:8b:19:15:1f:35:cb:db:9a:f7:d4:f4:f6:d5:8e:
                    d5:97:a4:ae:27:59:21:13:8d:29:34:22:55:ad:fe:
                    02:86:79:04:9a:64:ad:3c:92:5e:1f:47:2b:d3:95:
                    23:ce:1b:0e:f4:4e:d4:f1:17:4c:45:28:c5:bf:3b:
                    f9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:19:AD:B9:5B:F0:A2:65:FB:CA:1E:E6:9F:DF:5C:86:AC:0B:92:B2
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lBmtuVvwomX7yh7mn99chqwLkrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:b1:52:f1:ed:12:7b:40:83:42:f1:04:02:31:0a:3b:b7:5d:
         44:be:79:9a:f2:2d:2c:d2:9d:44:8d:39:75:07:d5:46:4c:9c:
         44:ad:9f:7d:e8:b4:22:bd:6e:8a:7e:f0:70:0f:01:53:5f:8d:
         45:6f:77:cd:c7:bc:31:62:0b:38:d0:1f:a9:e2:20:9d:22:85:
         1d:f9:98:38:10:aa:49:50:62:e1:37:4b:e4:e3:34:1d:4c:91:
         1d:14:3a:77:24:69:f3:e5:17:54:35:ee:b8:6c:7d:67:6a:64:
         6c:2e:07:e9:be:1d:bc:ce:d1:23:f8:01:79:35:bc:ba:ca:5b:
         05:38:78:14:5e:f3:94:f8:3e:7d:4b:95:03:c0:89:ca:14:b6:
         c3:60:0a:dc:d7:ed:75:93:02:15:a3:ef:07:e6:c1:14:e5:e7:
         79:2d:39:63:e1:3a:94:1a:71:95:05:38:09:58:56:cb:25:2c:
         dc:6f:1e:01:49:47:0d:df:cb:d8:33:4e:d2:c7:ba:cd:56:94:
         6a:d8:69:46:18:1c:08:6a:d7:48:73:84:5a:97:be:07:6f:3c:
         7e:cd:2c:58:d8:6e:10:0e:6d:91:6f:f4:64:07:b2:00:50:d9:
         81:19:5b:22:26:21:a4:b3:9a:98:ce:93:2f:e2:d0:4a:c2:ff:
         23:5f:f8:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2/g1BQP6WZluMVxBxjZJMNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDI0MTI0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDE5YWRiOTViZjBhMjY1ZmJjYTFlZTY5ZmRmNWM4NmFjMGI5MmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaP9/ECqIDgpH8yE5jsfFWkRsLxG
Ki/GthBnXaCeTfcrAXiik+mBMy+chlZf2+2qZOVa5r+tUKhxQf6aFy3zkU6yQhiG
vDQiMAT1mHwSec4qXw2xZCyyZu9qp2tbfHhmBf4grl8gG3XDLd1gYJhqsKOf8kKK
kiklQ86uI9wq5Qi3RJTgc1A+0P/0eHBuWgKmVEFkRNQGX0+6epa12xagTWOht146
gwMW/pfJbkcWSn5gxukYbbUzAnK9/rmui+LfcX9PixkVHzXL25r31PT21Y7Vl6Su
J1khE40pNCJVrf4ChnkEmmStPJJeH0cr05UjzhsO9E7U8RdMRSjFvzv5mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQZrblb8KJl+8oe5p/fXIasC5KyMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbEJtdHVWdndvbVg3eWg3bW45OWNocXdMa3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXXMA0G
CSqGSIb3DQEBCwUAA4IBAQAdsVLx7RJ7QINC8QQCMQo7t11Evnma8i0s0p1EjTl1
B9VGTJxErZ996LQivW6KfvBwDwFTX41Fb3fNx7wxYgs40B+p4iCdIoUd+Zg4EKpJ
UGLhN0vk4zQdTJEdFDp3JGnz5RdUNe64bH1namRsLgfpvh28ztEj+AF5Nby6ylsF
OHgUXvOU+D59S5UDwInKFLbDYArc1+11kwIVo+8H5sEU5ed5LTlj4TqUGnGVBTgJ
WFbLJSzcbx4BSUcN38vYM07Sx7rNVpRq2GlGGBwIatdIc4Ral74Hbzx+zSxY2G4Q
Dm2Rb/RkB7IAUNmBGVsiJiGks5qYzpMv4tBKwv8jX/iQ
-----END CERTIFICATE-----