Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ums9r5nFhvaNEsArKL2EmZZbIw0.roa
File:                     ums9r5nFhvaNEsArKL2EmZZbIw0.roa (raw, json)
Hash identifier:          V1CPD1lC3ILxjzZq3zQPAmnk0uIFL3KsU3mHIttIdQ0=
Subject key identifier:   BA:6B:3D:AF:99:C5:86:F6:8D:12:C0:2B:28:BD:84:99:96:5B:23:0D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01992E523ECF9C044CD2D720BBEF48175A91
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ums9r5nFhvaNEsArKL2EmZZbIw0.roa
Signing time:             Tue 09 Sep 2025 11:52:45 +0000
ROA not before:           Tue 09 Sep 2025 11:52:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22773
IP address blocks:        163.5.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 03:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2e:52:3e:cf:9c:04:4c:d2:d7:20:bb:ef:48:17:5a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep  9 11:52:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba6b3daf99c586f68d12c02b28bd8499965b230d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ba:af:a5:bd:e0:a3:ff:4c:ba:73:d2:cc:f4:
                    b2:ec:16:c7:69:30:68:56:05:fc:0a:88:f2:a6:e2:
                    b6:69:1d:b1:1d:a9:0f:54:a7:42:db:27:db:ad:98:
                    fd:b6:b0:a1:73:ce:9e:7d:e3:ef:a9:47:5d:03:f3:
                    17:7c:71:14:8b:a9:6d:18:60:ce:aa:4c:b4:02:52:
                    b9:16:3b:ec:3d:db:66:ab:8d:bb:53:2f:63:ea:18:
                    85:c7:e5:5d:c1:ae:ee:51:62:25:16:1f:47:03:c1:
                    aa:a1:8c:28:19:bd:56:db:4b:ae:89:c8:e4:ca:79:
                    ec:94:b7:ba:37:d3:d3:8b:f9:bc:1a:e4:af:d5:67:
                    ce:d7:41:af:51:fa:2f:a2:cb:5f:8c:9c:cd:6b:e0:
                    22:bb:9d:9e:15:37:43:d0:90:88:cc:36:55:36:d0:
                    9e:60:d4:0b:b3:17:a9:5b:10:f0:4b:a8:08:38:fd:
                    25:3a:e4:49:fd:ce:31:27:ec:e2:41:cc:df:70:24:
                    83:09:86:3f:23:d2:7e:5f:fe:1a:36:69:fc:5f:6c:
                    99:90:8b:98:f5:0c:59:99:23:fc:ff:5b:00:fa:89:
                    87:d1:bb:1d:b5:4c:7a:3c:99:3f:d2:9e:0d:f8:d7:
                    50:de:8b:44:a2:5d:76:7c:8f:df:bd:82:cf:98:e9:
                    28:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:6B:3D:AF:99:C5:86:F6:8D:12:C0:2B:28:BD:84:99:96:5B:23:0D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ums9r5nFhvaNEsArKL2EmZZbIw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:33:fd:03:d3:32:fc:b7:ec:a4:fe:1d:85:f1:6a:cb:94:30:
         cc:cc:b0:b4:3c:64:f0:60:ae:9e:92:d9:9e:57:64:14:9a:96:
         80:d4:8b:2b:ae:70:df:d2:e9:7d:ab:73:6b:c2:37:c1:d3:eb:
         98:84:5a:d0:41:1e:fe:b5:30:63:fb:2a:a4:a2:ba:f1:b2:5f:
         82:34:6b:5f:f3:c3:bf:4d:72:0b:73:14:35:5d:e4:2f:d1:61:
         8c:32:64:24:24:fd:50:27:73:3e:c5:4d:9d:8d:1c:74:4d:fc:
         b4:00:f8:6c:84:51:c6:e6:69:a4:3c:0c:da:b3:27:26:72:be:
         73:22:b3:cf:0d:83:09:0e:5e:23:f3:2b:22:33:b6:4a:48:47:
         6b:fe:df:53:f8:96:fe:c4:e8:bf:88:9b:23:56:99:e5:40:b2:
         5d:ba:87:16:b4:b0:fd:f1:75:80:8d:db:12:68:6c:79:d9:4c:
         de:2e:61:ed:e8:74:82:63:35:d7:48:91:43:f1:86:73:39:1a:
         e3:db:b0:67:1b:37:de:96:fc:92:63:4a:90:d5:15:05:31:9d:
         ec:26:48:45:d7:b0:d5:78:95:d5:bb:6b:ca:e6:f7:09:58:d4:
         3c:e7:74:69:77:2c:e9:76:ff:48:8f:a4:5b:d6:84:d6:04:c8:
         b0:d8:58:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkuUj7PnARM0tcgu+9IF1qRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwOTA5MTE1MjQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTZiM2RhZjk5YzU4NmY2OGQxMmMwMmIyOGJkODQ5OTk2NWIyMzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbqvpb3go/9MunPSzPSy7BbHaTBo
VgX8CojypuK2aR2xHakPVKdC2yfbrZj9trChc86efePvqUddA/MXfHEUi6ltGGDO
qky0AlK5FjvsPdtmq427Uy9j6hiFx+Vdwa7uUWIlFh9HA8GqoYwoGb1W20uuicjk
ynnslLe6N9PTi/m8GuSv1WfO10GvUfovostfjJzNa+Aiu52eFTdD0JCIzDZVNtCe
YNQLsxepWxDwS6gIOP0lOuRJ/c4xJ+ziQczfcCSDCYY/I9J+X/4aNmn8X2yZkIuY
9QxZmSP8/1sA+omH0bsdtUx6PJk/0p4N+NdQ3otEol12fI/fvYLPmOkoXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLprPa+ZxYb2jRLAKyi9hJmWWyMNMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdW1zOXI1bkZodmFORXNBcktMMkVtWlpiSXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWlMA0G
CSqGSIb3DQEBCwUAA4IBAQB5M/0D0zL8t+yk/h2F8WrLlDDMzLC0PGTwYK6ektme
V2QUmpaA1IsrrnDf0ul9q3NrwjfB0+uYhFrQQR7+tTBj+yqkorrxsl+CNGtf88O/
TXILcxQ1XeQv0WGMMmQkJP1QJ3M+xU2djRx0Tfy0APhshFHG5mmkPAzasycmcr5z
IrPPDYMJDl4j8ysiM7ZKSEdr/t9T+Jb+xOi/iJsjVpnlQLJduocWtLD98XWAjdsS
aGx52UzeLmHt6HSCYzXXSJFD8YZzORrj27BnGzfelvySY0qQ1RUFMZ3sJkhF17DV
eJXVu2vK5vcJWNQ853Rpdyzpdv9Ij6Rb1oTWBMiw2Fgv
-----END CERTIFICATE-----