Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/uPWUT_9lOfhBGSScqHxYhVC6k-c.roa
File:                     uPWUT_9lOfhBGSScqHxYhVC6k-c.roa (raw, json)
Hash identifier:          BeavIUW8I8TddD2SVs9Ar4TywwJOaJJ0ClFWD6R8x2A=
Subject key identifier:   B8:F5:94:4F:FF:65:39:F8:41:19:24:9C:A8:7C:58:85:50:BA:93:E7
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019EFE7892161E7D452E234A95EC2E274858
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/uPWUT_9lOfhBGSScqHxYhVC6k-c.roa
Signing time:             Thu 25 Jun 2026 11:09:35 +0000
ROA not before:           Thu 25 Jun 2026 11:09:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31221
IP address blocks:        163.5.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 07:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fe:78:92:16:1e:7d:45:2e:23:4a:95:ec:2e:27:48:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun 25 11:09:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8f5944fff6539f84119249ca87c588550ba93e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c7:69:7e:70:bf:13:29:a2:33:47:2d:73:50:
                    04:b6:4c:14:0f:0d:f9:cd:bb:d8:ca:a5:8c:fe:40:
                    60:b7:91:e1:3c:8e:9e:3d:05:a6:e0:c9:c5:52:54:
                    3e:8b:f1:4d:4a:d1:7e:cb:ab:ea:73:81:74:9e:19:
                    af:31:44:00:40:67:ac:3e:e0:c5:dc:f5:4d:61:80:
                    d6:f4:45:94:86:fc:1c:93:db:42:33:62:6b:f8:0e:
                    31:f1:47:21:57:18:c8:bc:80:f7:84:8d:bc:c5:3b:
                    75:a5:97:43:61:22:7b:ec:2c:f6:41:06:2d:61:92:
                    19:03:9f:53:89:89:12:f4:f8:66:cd:d6:a9:7f:8e:
                    24:cd:23:9f:f0:77:36:e4:ab:80:85:57:84:ef:af:
                    91:7a:f9:82:61:85:65:4c:00:9a:2c:99:5b:9f:64:
                    98:dd:b8:ce:5f:3f:64:1a:04:68:0b:97:36:51:69:
                    6c:d9:b0:c2:97:84:ec:cb:ec:a7:0c:1b:2d:a3:62:
                    6f:9c:ac:3c:82:cf:bc:18:98:10:5f:32:ae:e6:2f:
                    11:7b:a8:75:d4:52:83:2e:0e:8a:ef:81:cb:83:ea:
                    ce:a7:76:7e:c2:40:9f:c2:c7:6a:54:f9:a2:b1:8d:
                    6c:3f:c2:9b:d3:ed:ff:bd:cf:a8:eb:fa:4d:18:6f:
                    48:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F5:94:4F:FF:65:39:F8:41:19:24:9C:A8:7C:58:85:50:BA:93:E7
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/uPWUT_9lOfhBGSScqHxYhVC6k-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:84:3b:cd:46:12:32:8a:f8:6b:3d:69:fe:e8:ff:8b:6f:17:
         36:0c:32:46:19:57:40:e1:cc:d0:0a:95:97:e5:6c:46:59:bf:
         ea:56:d6:c4:cc:03:9e:53:d2:52:e2:93:23:f1:b5:f5:12:59:
         80:15:53:a0:bf:d1:df:c5:83:f7:79:15:f4:aa:27:69:e6:62:
         9e:27:18:11:5a:5c:00:5c:ac:f3:18:ae:4a:f5:1f:e7:b0:e6:
         76:11:b1:f6:a3:76:4d:09:7c:b7:44:55:da:89:43:4a:a7:05:
         74:a1:a7:6e:99:f4:c7:30:2d:8f:27:4b:84:5c:91:95:a3:a5:
         d2:9e:9c:42:3a:25:c3:92:7b:17:52:c6:08:67:5c:01:ab:85:
         5f:84:60:44:ae:67:55:62:6d:32:9d:0e:82:a0:1b:a6:0b:c5:
         34:ea:22:2a:8a:ad:b6:cf:8d:04:2b:a0:3a:7d:ec:33:96:11:
         ef:b4:4b:81:d4:6e:19:51:0a:55:c0:6b:25:82:53:92:95:c7:
         93:17:a2:96:25:c5:5c:b1:61:e1:b2:d6:e3:ea:a5:00:62:8e:
         d1:68:a5:8c:17:de:8b:a0:19:44:4d:44:f3:37:80:65:f1:db:
         9a:9e:20:72:29:eb:c8:78:7d:49:b1:4f:6e:ce:b5:5e:52:1e:
         e8:02:52:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7+eJIWHn1FLiNKlewuJ0hYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNjI1MTEwOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGY1OTQ0ZmZmNjUzOWY4NDExOTI0OWNhODdjNTg4NTUwYmE5M2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssdpfnC/EymiM0ctc1AEtkwUDw35
zbvYyqWM/kBgt5HhPI6ePQWm4MnFUlQ+i/FNStF+y6vqc4F0nhmvMUQAQGesPuDF
3PVNYYDW9EWUhvwck9tCM2Jr+A4x8UchVxjIvID3hI28xTt1pZdDYSJ77Cz2QQYt
YZIZA59TiYkS9Phmzdapf44kzSOf8Hc25KuAhVeE76+RevmCYYVlTACaLJlbn2SY
3bjOXz9kGgRoC5c2UWls2bDCl4Tsy+ynDBsto2JvnKw8gs+8GJgQXzKu5i8Re6h1
1FKDLg6K74HLg+rOp3Z+wkCfwsdqVPmisY1sP8Kb0+3/vc+o6/pNGG9I3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLj1lE//ZTn4QRkknKh8WIVQupPnMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdVBXVVRfOWxPZmhCR1NTY3FIeFloVkM2ay1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUWMA0G
CSqGSIb3DQEBCwUAA4IBAQCJhDvNRhIyivhrPWn+6P+Lbxc2DDJGGVdA4czQCpWX
5WxGWb/qVtbEzAOeU9JS4pMj8bX1ElmAFVOgv9HfxYP3eRX0qidp5mKeJxgRWlwA
XKzzGK5K9R/nsOZ2EbH2o3ZNCXy3RFXaiUNKpwV0oadumfTHMC2PJ0uEXJGVo6XS
npxCOiXDknsXUsYIZ1wBq4VfhGBErmdVYm0ynQ6CoBumC8U06iIqiq22z40EK6A6
fewzlhHvtEuB1G4ZUQpVwGslglOSlceTF6KWJcVcsWHhstbj6qUAYo7RaKWMF96L
oBlETUTzN4Bl8duaniByKevIeH1JsU9uzrVeUh7oAlIP
-----END CERTIFICATE-----