Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qM0cDmB-i8b0r6OKsDM75q-zM_I.roa
File:                     qM0cDmB-i8b0r6OKsDM75q-zM_I.roa (raw, json)
Hash identifier:          05SEVGhg3My16i5n8e6VXiT7z0gvdvOj1GvXOZwvBxE=
Subject key identifier:   A8:CD:1C:0E:60:7E:8B:C6:F4:AF:A3:8A:B0:33:3B:E6:AF:B3:33:F2
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019E11E84D45C59482F816C79052851D1C36
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qM0cDmB-i8b0r6OKsDM75q-zM_I.roa
Signing time:             Sun 10 May 2026 12:41:37 +0000
ROA not before:           Sun 10 May 2026 12:41:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9457
IP address blocks:        163.5.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 00:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:11:e8:4d:45:c5:94:82:f8:16:c7:90:52:85:1d:1c:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 10 12:41:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8cd1c0e607e8bc6f4afa38ab0333be6afb333f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:8d:63:aa:b6:88:44:d6:10:1f:07:02:26:ad:
                    aa:80:e4:3b:7b:8d:48:f1:f1:18:44:89:81:53:d5:
                    2f:12:36:4f:c7:41:2c:b0:42:58:f7:df:98:dd:3c:
                    ab:b3:fc:39:9f:e7:5d:f8:27:5f:fc:47:eb:8e:19:
                    c2:24:73:01:6e:75:13:7d:21:b7:cc:07:4d:67:53:
                    38:c7:d0:9b:8a:96:a3:e0:4b:1a:80:7e:c9:a9:43:
                    0c:03:42:54:13:25:8d:76:e8:5b:59:52:59:8f:c0:
                    16:38:d8:42:cc:00:25:a7:f0:ba:7a:f9:7c:00:76:
                    91:69:c6:17:20:1c:09:6e:02:c8:5e:11:3c:ae:c8:
                    2d:95:f0:17:15:8c:3a:46:a1:2f:ae:8b:1a:ba:e7:
                    20:5f:1a:40:13:2c:75:31:a1:41:de:36:8f:3f:18:
                    c5:87:40:5b:d9:4e:9d:a1:25:5a:56:eb:12:03:1d:
                    49:ad:da:9c:c0:16:6d:e7:fa:46:ca:d5:91:77:7a:
                    0e:df:0a:d3:2e:db:5e:27:44:ba:35:42:d6:59:f2:
                    47:0d:66:0a:6d:93:3f:ca:df:ae:59:36:06:66:35:
                    3b:b7:5b:f7:d4:e6:fa:9b:7f:dd:4b:2f:14:b0:1d:
                    f9:c9:db:1d:fa:3b:10:ca:46:88:44:fe:d3:ca:e5:
                    65:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:CD:1C:0E:60:7E:8B:C6:F4:AF:A3:8A:B0:33:3B:E6:AF:B3:33:F2
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qM0cDmB-i8b0r6OKsDM75q-zM_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:13:42:34:a3:1b:c9:67:94:11:6c:cf:20:ef:77:1c:7c:31:
         05:36:7b:c6:b0:4f:d3:99:b1:dc:78:c4:21:ca:a2:cc:29:61:
         ad:f0:dc:63:6e:0c:1e:6d:b2:fd:27:62:c2:2a:94:22:f7:cd:
         3d:af:ef:75:db:de:ea:96:a2:75:62:39:8b:7e:db:b1:11:2e:
         42:5e:0d:0c:f0:a8:99:2a:36:71:98:40:fb:ca:0d:f4:e9:0f:
         fe:90:8c:c3:03:46:b6:55:4c:a0:df:af:b1:22:da:0f:fe:b7:
         a5:c6:48:14:50:86:73:46:75:1a:89:3e:b8:6a:cb:78:71:67:
         7a:96:cb:56:d3:aa:c5:8a:57:9f:d5:d3:fb:b2:ea:d6:11:88:
         4a:85:21:2d:c0:7b:59:19:6c:0b:f6:6c:35:f6:53:e0:db:b9:
         ab:5e:aa:15:42:fc:f0:54:b1:a1:ab:1d:f6:63:fe:c4:a2:81:
         0e:df:30:94:73:72:6e:82:15:5f:9d:93:6e:70:f1:4d:3b:4f:
         83:79:cd:42:a6:12:40:56:10:74:ce:5c:89:c9:3b:19:42:33:
         88:ea:d0:a5:3e:c9:39:ee:41:66:2f:9f:ff:a4:af:1c:68:f0:
         e0:ec:e3:cf:96:96:6f:91:72:8e:0c:89:7b:92:4f:5e:c0:28:
         7e:e4:cb:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4R6E1FxZSC+BbHkFKFHRw2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNTEwMTI0MTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGNkMWMwZTYwN2U4YmM2ZjRhZmEzOGFiMDMzM2JlNmFmYjMzM2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA941jqraIRNYQHwcCJq2qgOQ7e41I
8fEYRImBU9UvEjZPx0EssEJY99+Y3Tyrs/w5n+dd+Cdf/EfrjhnCJHMBbnUTfSG3
zAdNZ1M4x9Cbipaj4EsagH7JqUMMA0JUEyWNduhbWVJZj8AWONhCzAAlp/C6evl8
AHaRacYXIBwJbgLIXhE8rsgtlfAXFYw6RqEvrosauucgXxpAEyx1MaFB3jaPPxjF
h0Bb2U6doSVaVusSAx1JrdqcwBZt5/pGytWRd3oO3wrTLtteJ0S6NULWWfJHDWYK
bZM/yt+uWTYGZjU7t1v31Ob6m3/dSy8UsB35ydsd+jsQykaIRP7TyuVlgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjNHA5gfovG9K+jirAzO+avszPyMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcU0wY0RtQi1pOGIwcjZPS3NETTc1cS16TV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowX7MA0G
CSqGSIb3DQEBCwUAA4IBAQAxE0I0oxvJZ5QRbM8g73ccfDEFNnvGsE/TmbHceMQh
yqLMKWGt8NxjbgwebbL9J2LCKpQi9809r+91297qlqJ1YjmLftuxES5CXg0M8KiZ
KjZxmED7yg306Q/+kIzDA0a2VUyg36+xItoP/relxkgUUIZzRnUaiT64ast4cWd6
lstW06rFilef1dP7surWEYhKhSEtwHtZGWwL9mw19lPg27mrXqoVQvzwVLGhqx32
Y/7EooEO3zCUc3JughVfnZNucPFNO0+Dec1CphJAVhB0zlyJyTsZQjOI6tClPsk5
7kFmL5//pK8caPDg7OPPlpZvkXKODIl7kk9ewCh+5Mt5
-----END CERTIFICATE-----