Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/v070VYyCEQNBm2HBqoqmd4Mmi_A.roa
File:                     v070VYyCEQNBm2HBqoqmd4Mmi_A.roa (raw, json)
Hash identifier:          B3anPlFR499YQ2mvYv10bRTbUPtjOd5UBbtB1fJu+nY=
Subject key identifier:   BF:4E:F4:55:8C:82:11:03:41:9B:61:C1:AA:8A:A6:77:83:26:8B:F0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019DB4565FB5860752A790A46329AA864FD3
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/v070VYyCEQNBm2HBqoqmd4Mmi_A.roa
Signing time:             Wed 22 Apr 2026 08:37:32 +0000
ROA not before:           Wed 22 Apr 2026 08:37:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209104
IP address blocks:        163.5.91.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:56:5f:b5:86:07:52:a7:90:a4:63:29:aa:86:4f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 22 08:37:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf4ef4558c821103419b61c1aa8aa67783268bf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:8c:69:0e:33:04:62:9d:5e:4c:eb:1b:8d:94:
                    03:04:61:dc:83:d6:55:56:b3:e0:47:0b:4b:a3:3a:
                    bf:22:f7:66:f8:22:4f:8d:af:c5:b3:57:a0:78:74:
                    00:da:e0:b8:8c:19:0b:db:cc:74:e0:8d:a2:f2:99:
                    64:97:aa:0d:c6:55:91:20:b9:4c:09:05:fd:ad:af:
                    b9:f5:76:46:c3:95:88:e8:08:49:ac:1b:8a:4f:61:
                    57:81:34:20:86:b2:0c:6e:eb:02:64:c9:e7:e4:75:
                    88:b9:2d:11:fc:f0:da:ab:67:6b:dc:82:55:70:be:
                    12:39:b5:76:1d:0c:2d:09:26:7f:a7:ca:e1:7e:87:
                    52:ad:42:b9:52:d0:d8:f9:eb:b4:75:e6:b6:7e:34:
                    b6:b1:61:2a:55:b3:16:88:b6:a4:fd:ec:03:25:45:
                    4d:f0:e6:5a:67:bd:36:8f:d7:50:f7:29:a2:c3:fd:
                    9d:83:85:72:63:f5:48:a0:78:28:b6:2e:11:b6:d6:
                    89:bf:ae:45:35:22:c2:dd:68:bb:4b:07:09:64:71:
                    f0:19:69:1e:c9:8f:00:2f:a7:80:2c:13:c5:57:aa:
                    83:7f:27:66:dc:4d:71:ea:c5:c3:75:38:63:1c:41:
                    c5:ab:fd:5f:e8:09:23:26:80:f5:fa:27:5d:c2:cb:
                    48:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4E:F4:55:8C:82:11:03:41:9B:61:C1:AA:8A:A6:77:83:26:8B:F0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/v070VYyCEQNBm2HBqoqmd4Mmi_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.91.0/24
                  163.5.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:ff:ab:d7:52:90:08:21:30:d1:48:a2:96:a4:f6:8c:e4:93:
         d4:d0:87:a7:2d:01:cb:a7:74:89:26:46:f9:3d:fe:f3:ab:fe:
         6a:5c:6a:29:76:26:25:13:86:98:ff:73:5a:62:e0:2a:2c:d8:
         21:c9:95:db:3f:61:3e:29:84:73:52:6e:a7:ca:9d:3f:3a:26:
         2d:3d:ca:e4:46:de:ee:36:46:5a:48:da:49:ab:d2:23:64:5c:
         23:7c:78:19:46:3c:33:2a:13:a2:d1:72:80:09:2e:ca:8a:4c:
         c1:10:33:31:3b:8d:0d:59:a7:3b:d2:a6:0d:09:9a:c0:70:21:
         9c:34:31:74:a5:0e:64:a4:99:2e:d7:f8:c0:9a:96:fa:69:f9:
         fd:13:20:d5:9c:aa:93:f3:2a:29:d9:48:c6:85:91:fd:33:e9:
         ff:23:28:a0:98:8d:46:39:cd:64:19:0b:5c:92:23:56:48:44:
         93:d3:d1:e3:fd:aa:49:a7:11:33:92:f6:59:aa:ef:26:f5:3e:
         e3:38:5f:07:38:2f:f3:21:fd:ff:3f:fc:c7:56:6f:a7:0a:23:
         a2:3c:de:5f:ae:c5:4f:d7:ee:ca:8f:c4:23:6d:ad:56:ee:f6:
         31:16:6e:00:fe:74:9e:26:34:23:bc:d0:ad:cb:88:af:9f:0c:
         42:d4:70:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ20Vl+1hgdSp5CkYymqhk/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDIyMDgzNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRlZjQ1NThjODIxMTAzNDE5YjYxYzFhYThhYTY3NzgzMjY4YmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oxpDjMEYp1eTOsbjZQDBGHcg9ZV
VrPgRwtLozq/Ivdm+CJPja/Fs1egeHQA2uC4jBkL28x04I2i8plkl6oNxlWRILlM
CQX9ra+59XZGw5WI6AhJrBuKT2FXgTQghrIMbusCZMnn5HWIuS0R/PDaq2dr3IJV
cL4SObV2HQwtCSZ/p8rhfodSrUK5UtDY+eu0dea2fjS2sWEqVbMWiLak/ewDJUVN
8OZaZ702j9dQ9ymiw/2dg4VyY/VIoHgoti4RttaJv65FNSLC3Wi7SwcJZHHwGWke
yY8AL6eALBPFV6qDfydm3E1x6sXDdThjHEHFq/1f6AkjJoD1+iddwstIgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL9O9FWMghEDQZthwaqKpneDJovwMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdjA3MFZZeUNFUU5CbTJIQnFvcW1kNE1taV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVbAwQA
owXXMA0GCSqGSIb3DQEBCwUAA4IBAQCC/6vXUpAIITDRSKKWpPaM5JPU0IenLQHL
p3SJJkb5Pf7zq/5qXGopdiYlE4aY/3NaYuAqLNghyZXbP2E+KYRzUm6nyp0/OiYt
PcrkRt7uNkZaSNpJq9IjZFwjfHgZRjwzKhOi0XKACS7KikzBEDMxO40NWac70qYN
CZrAcCGcNDF0pQ5kpJku1/jAmpb6afn9EyDVnKqT8yop2UjGhZH9M+n/IyigmI1G
Oc1kGQtckiNWSEST09Hj/apJpxEzkvZZqu8m9T7jOF8HOC/zIf3/P/zHVm+nCiOi
PN5frsVP1+7Kj8Qjba1W7vYxFm4A/nSeJjQjvNCty4ivnwxC1HDg
-----END CERTIFICATE-----