Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ncXKKuB3r39Xo3PC2ptoQnu9hDA.roa
File:                     ncXKKuB3r39Xo3PC2ptoQnu9hDA.roa (raw, json)
Hash identifier:          g7eE06ct2qvuM8WhUDCW3Ip45HeATQMar1UEBH7haPE=
Subject key identifier:   9D:C5:CA:2A:E0:77:AF:7F:57:A3:73:C2:DA:9B:68:42:7B:BD:84:30
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019E92832C8D775736008E6283237F0463E5
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ncXKKuB3r39Xo3PC2ptoQnu9hDA.roa
Signing time:             Thu 04 Jun 2026 12:02:10 +0000
ROA not before:           Thu 04 Jun 2026 12:02:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209378
IP address blocks:        163.5.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:83:2c:8d:77:57:36:00:8e:62:83:23:7f:04:63:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun  4 12:02:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9dc5ca2ae077af7f57a373c2da9b68427bbd8430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fc:ae:cd:b4:73:75:4b:11:09:04:c9:71:76:
                    86:67:00:69:47:16:9d:07:a6:16:77:86:67:64:33:
                    70:bf:9f:89:fa:16:8b:ed:e6:cf:a3:f8:30:80:fe:
                    62:2f:7c:1f:67:90:84:b9:d0:ca:c6:e0:7c:19:f6:
                    d1:b5:8b:a5:c4:d6:d8:27:ce:76:a9:ee:ba:34:88:
                    88:0a:9d:f4:50:df:33:f8:89:15:cf:fe:b8:27:fb:
                    63:be:a1:70:a1:ba:b5:0d:28:d4:c6:ff:4d:e6:04:
                    cf:85:a8:4f:cc:3b:32:8b:61:d1:ea:85:77:bc:40:
                    18:0f:c6:9d:3b:30:7b:63:cb:e1:3c:17:be:7a:59:
                    34:d7:f4:1b:2b:2d:73:9c:31:7d:b7:ab:bb:5c:d1:
                    9a:51:f1:62:11:d4:cd:ab:d3:65:d0:80:65:d4:49:
                    a1:95:57:bf:3d:1d:29:b1:2e:c5:18:24:98:b3:64:
                    f7:43:a6:5b:b3:68:83:a0:42:69:e7:fe:f5:a0:6a:
                    d6:15:66:37:f5:33:2e:0b:24:02:77:72:ce:2f:14:
                    cc:3e:11:e4:f1:e1:7f:20:75:4d:e2:cc:24:e6:2c:
                    65:c5:42:89:8e:f8:e4:c2:ca:6e:91:c2:38:8d:0a:
                    b7:83:6d:78:4b:91:93:05:b9:4d:a6:87:0d:75:47:
                    e4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C5:CA:2A:E0:77:AF:7F:57:A3:73:C2:DA:9B:68:42:7B:BD:84:30
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ncXKKuB3r39Xo3PC2ptoQnu9hDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:05:ce:eb:dc:a1:7e:e0:c5:67:3a:c2:c2:ec:ab:08:6b:d8:
         e5:6c:52:bc:ac:4b:68:86:b6:b0:4e:96:ca:6a:a4:18:53:96:
         1b:36:3b:24:f0:4f:ed:0f:15:65:e1:83:0a:d1:e7:a8:48:e6:
         70:a0:be:6c:46:50:6c:43:76:fb:e7:ea:17:98:e4:2e:a2:f0:
         4a:23:56:da:6d:f4:ca:fd:b9:fc:2e:6e:3f:5b:ec:81:b7:85:
         dc:48:20:b5:89:39:a1:ec:4b:ec:af:55:da:6f:51:ae:95:f8:
         3b:70:ef:02:f6:17:1f:e5:ef:9a:5d:0f:d7:0b:ba:57:02:f4:
         44:56:89:26:dc:78:8b:83:c2:1c:b9:06:69:b7:36:a9:88:16:
         2e:3b:7b:d3:e1:69:21:60:f2:f2:34:0e:b3:15:21:a4:a4:ab:
         bb:cf:4b:bc:9e:0c:6a:e6:06:97:b1:ec:42:d4:5c:cb:81:8c:
         05:b1:8c:65:29:6c:f1:9d:59:29:eb:51:f1:c3:66:2a:cd:a3:
         8b:dc:64:48:d5:de:f3:42:b7:02:e9:3e:04:d9:11:5e:d5:6b:
         90:ce:40:af:c8:42:26:76:7b:d3:16:92:eb:50:ec:be:32:db:
         91:8a:98:b0:d1:47:57:f0:a6:e4:90:1a:a4:08:06:da:a6:cd:
         3d:c0:ea:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6SgyyNd1c2AI5igyN/BGPlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNjA0MTIwMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGM1Y2EyYWUwNzdhZjdmNTdhMzczYzJkYTliNjg0MjdiYmQ4NDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPyuzbRzdUsRCQTJcXaGZwBpRxad
B6YWd4ZnZDNwv5+J+haL7ebPo/gwgP5iL3wfZ5CEudDKxuB8GfbRtYulxNbYJ852
qe66NIiICp30UN8z+IkVz/64J/tjvqFwobq1DSjUxv9N5gTPhahPzDsyi2HR6oV3
vEAYD8adOzB7Y8vhPBe+elk01/QbKy1znDF9t6u7XNGaUfFiEdTNq9Nl0IBl1Emh
lVe/PR0psS7FGCSYs2T3Q6Zbs2iDoEJp5/71oGrWFWY39TMuCyQCd3LOLxTMPhHk
8eF/IHVN4swk5ixlxUKJjvjkwspukcI4jQq3g214S5GTBblNpocNdUfkPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3Fyirgd69/V6NzwtqbaEJ7vYQwMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbmNYS0t1QjNyMzlYbzNQQzJwdG9RbnU5aERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWZMA0G
CSqGSIb3DQEBCwUAA4IBAQCKBc7r3KF+4MVnOsLC7KsIa9jlbFK8rEtohrawTpbK
aqQYU5YbNjsk8E/tDxVl4YMK0eeoSOZwoL5sRlBsQ3b75+oXmOQuovBKI1babfTK
/bn8Lm4/W+yBt4XcSCC1iTmh7Evsr1Xab1Gulfg7cO8C9hcf5e+aXQ/XC7pXAvRE
Vokm3HiLg8IcuQZptzapiBYuO3vT4WkhYPLyNA6zFSGkpKu7z0u8ngxq5gaXsexC
1FzLgYwFsYxlKWzxnVkp61Hxw2YqzaOL3GRI1d7zQrcC6T4E2RFe1WuQzkCvyEIm
dnvTFpLrUOy+MtuRipiw0UdX8KbkkBqkCAbaps09wOpY
-----END CERTIFICATE-----