Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/st5QzqJWHMrl8ZtoB3n6l1ULAi0.roa
File:                     st5QzqJWHMrl8ZtoB3n6l1ULAi0.roa (raw, json)
Hash identifier:          zIHoVqB8DQB5Zfm75s3yYhpD5m/ZU9nq97aZjwndxN8=
Subject key identifier:   B2:DE:50:CE:A2:56:1C:CA:E5:F1:9B:68:07:79:FA:97:55:0B:02:2D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019956F98121A23013B4D9F576BA85DAE8C8
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/st5QzqJWHMrl8ZtoB3n6l1ULAi0.roa
Signing time:             Wed 17 Sep 2025 09:20:16 +0000
ROA not before:           Wed 17 Sep 2025 09:20:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        163.5.66.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 05:39:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:56:f9:81:21:a2:30:13:b4:d9:f5:76:ba:85:da:e8:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 17 09:20:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2de50cea2561ccae5f19b680779fa97550b022d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f8:84:f9:5b:8a:e5:6f:94:ce:13:9b:60:e5:
                    90:c6:78:3e:23:37:d0:68:d5:e2:b0:14:1c:48:b9:
                    5e:fe:5f:79:9c:5a:4b:01:05:60:a7:58:2d:6b:5a:
                    58:ef:6f:26:2c:00:ac:6c:73:f1:c7:14:73:46:42:
                    67:5e:6e:32:a6:82:79:09:b2:74:b2:cf:b5:4a:92:
                    15:53:d4:91:b6:e0:aa:45:5e:2f:a7:65:63:81:04:
                    3c:b6:2b:aa:fa:77:f8:df:af:f0:78:62:c0:ea:8c:
                    a0:80:31:f7:c4:a5:4c:02:4e:30:5f:a7:76:8b:c8:
                    4f:3f:16:d7:81:8d:3a:61:72:4b:e6:21:80:02:c5:
                    a6:63:71:0c:f4:b0:44:da:7b:c0:f7:17:95:95:4f:
                    1e:0c:2a:b4:b4:e8:1a:41:a5:d1:27:bf:34:b2:b0:
                    3a:66:45:44:c4:06:8b:49:13:5d:62:7f:29:ca:44:
                    33:6c:9a:fb:a6:93:62:bf:f1:b7:98:c8:a4:73:df:
                    a0:69:ce:5e:2d:ed:f6:f6:ef:c0:b1:27:12:d3:2b:
                    3d:2d:82:be:a3:30:89:71:87:64:a4:e6:c1:99:a2:
                    dc:b4:e8:2a:f7:6e:b5:64:b6:df:31:9f:82:22:91:
                    ac:64:ce:e4:67:3b:6a:c1:22:9b:bf:be:ea:ff:41:
                    43:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:DE:50:CE:A2:56:1C:CA:E5:F1:9B:68:07:79:FA:97:55:0B:02:2D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/st5QzqJWHMrl8ZtoB3n6l1ULAi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.66.0/24
                  163.5.119.0/24
                  163.5.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:98:f1:20:d5:ff:d4:07:07:e8:42:fb:06:59:c6:c8:71:a3:
         d8:86:8d:00:81:8d:e5:10:c1:da:65:64:09:ee:c6:2f:6b:fc:
         3f:18:a0:9f:66:49:c4:64:fe:58:98:c0:dd:26:ac:bd:f2:43:
         48:3c:a1:92:82:dd:a2:38:5c:04:ea:44:95:48:c2:dc:4f:94:
         67:b2:50:25:25:b0:f7:43:03:af:62:0a:fa:89:5d:6e:35:63:
         61:b8:bf:19:e6:89:81:d0:59:d6:ae:64:04:95:2d:f4:3e:24:
         5b:5c:c8:05:d2:4d:b4:0e:50:5b:8a:81:c8:fa:b6:5a:50:ca:
         4a:3c:bb:2e:a8:cd:8e:b5:c9:20:4b:0f:61:d6:e6:b4:ba:20:
         3f:a3:a1:d4:fe:b5:95:f3:a0:2b:59:78:02:5e:c6:9c:3e:ad:
         e9:1d:75:5e:aa:95:72:c4:c0:f5:4f:0c:f2:4e:02:51:0c:ee:
         eb:54:65:7a:81:29:ed:52:87:dd:cb:26:8a:db:ce:74:d8:8e:
         85:c1:3a:d4:53:23:6f:57:ef:20:cf:5b:b4:90:0f:03:8e:0b:
         21:0c:dd:ab:3e:3d:6c:e8:df:12:e1:68:0c:7e:73:e9:ba:3c:
         eb:2a:6c:42:02:22:82:cb:9b:4d:75:b6:9d:ee:fd:cc:93:44:
         98:76:c3:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlW+YEhojATtNn1drqF2ujIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwOTE3MDkyMDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmRlNTBjZWEyNTYxY2NhZTVmMTliNjgwNzc5ZmE5NzU1MGIwMjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fiE+VuK5W+UzhObYOWQxng+IzfQ
aNXisBQcSLle/l95nFpLAQVgp1gta1pY728mLACsbHPxxxRzRkJnXm4ypoJ5CbJ0
ss+1SpIVU9SRtuCqRV4vp2VjgQQ8tiuq+nf436/weGLA6oyggDH3xKVMAk4wX6d2
i8hPPxbXgY06YXJL5iGAAsWmY3EM9LBE2nvA9xeVlU8eDCq0tOgaQaXRJ780srA6
ZkVExAaLSRNdYn8pykQzbJr7ppNiv/G3mMikc9+gac5eLe329u/AsScS0ys9LYK+
ozCJcYdkpObBmaLctOgq9261ZLbfMZ+CIpGsZM7kZztqwSKbv77q/0FDuwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLLeUM6iVhzK5fGbaAd5+pdVCwItMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvc3Q1UXpxSldITXJsOFp0b0IzbjZsMVVMQWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowVCAwQA
owV3AwQAowWvMA0GCSqGSIb3DQEBCwUAA4IBAQBPmPEg1f/UBwfoQvsGWcbIcaPY
ho0AgY3lEMHaZWQJ7sYva/w/GKCfZknEZP5YmMDdJqy98kNIPKGSgt2iOFwE6kSV
SMLcT5RnslAlJbD3QwOvYgr6iV1uNWNhuL8Z5omB0FnWrmQElS30PiRbXMgF0k20
DlBbioHI+rZaUMpKPLsuqM2OtckgSw9h1ua0uiA/o6HU/rWV86ArWXgCXsacPq3p
HXVeqpVyxMD1TwzyTgJRDO7rVGV6gSntUofdyyaK28502I6FwTrUUyNvV+8gz1u0
kA8DjgshDN2rPj1s6N8S4WgMfnPpujzrKmxCAiKCy5tNdbad7v3Mk0SYdsOH
-----END CERTIFICATE-----