Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vg3_Af6MQ290d_a64JPDvdaWqjw.roa
File:                     vg3_Af6MQ290d_a64JPDvdaWqjw.roa (raw, json)
Hash identifier:          2vBXAUWeyhNMA5PtW4hj6+5RjE7D7lpXPYG3ZpAJGmA=
Subject key identifier:   BE:0D:FF:01:FE:8C:43:6F:74:77:F6:BA:E0:93:C3:BD:D6:96:AA:3C
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01990AB0B4621A254CF26688194583E18397
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vg3_Af6MQ290d_a64JPDvdaWqjw.roa
Signing time:             Tue 02 Sep 2025 13:49:36 +0000
ROA not before:           Tue 02 Sep 2025 13:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        163.5.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:b0:b4:62:1a:25:4c:f2:66:88:19:45:83:e1:83:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep  2 13:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be0dff01fe8c436f7477f6bae093c3bdd696aa3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:19:02:90:cd:66:4b:5f:27:79:3d:67:c0:bc:
                    be:3d:6f:8f:3d:8f:89:84:ec:50:a8:68:44:53:7d:
                    54:08:5f:c6:9b:40:ee:71:58:36:77:67:68:5b:b5:
                    a7:af:ba:4a:cb:26:0c:d5:5a:cd:94:68:11:d9:54:
                    07:38:b3:ee:73:01:09:d8:61:e2:44:b5:15:7f:c1:
                    2e:ef:bd:43:cc:a1:86:ac:61:fa:b9:73:a3:b3:29:
                    d3:57:11:4f:22:6b:17:b1:8d:a6:f3:2f:4d:7f:71:
                    2e:ab:ed:9d:bc:ed:c2:92:4c:5f:52:8c:26:67:0e:
                    39:72:51:72:cf:15:52:ea:38:2a:0e:ec:c6:9f:4f:
                    bb:d5:cb:6f:2a:db:e5:ea:31:75:86:b4:e2:bc:19:
                    35:fd:8c:dc:9b:a2:cb:0e:0b:dd:e2:da:d2:ea:4a:
                    9d:53:26:b4:e3:6e:ee:5c:72:28:51:0a:5e:83:de:
                    b1:d9:32:77:55:9a:2a:50:57:53:ad:28:93:3f:67:
                    7d:b3:ad:51:97:b1:b8:9c:ce:30:ce:9d:e1:bf:21:
                    5d:35:89:d4:c2:d9:a8:5c:06:b2:b2:88:e3:92:3d:
                    cf:b6:d5:d8:33:40:cd:ec:f5:fb:15:26:57:91:06:
                    11:3b:e5:b1:b9:ee:ec:24:3f:90:6e:d1:80:af:bb:
                    89:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:0D:FF:01:FE:8C:43:6F:74:77:F6:BA:E0:93:C3:BD:D6:96:AA:3C
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vg3_Af6MQ290d_a64JPDvdaWqjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:8c:78:8d:48:fc:54:c2:ab:f7:87:7f:b9:17:a3:af:88:26:
         21:f1:cb:7f:8f:17:8f:5a:56:de:5b:40:40:fe:4d:17:f9:31:
         5a:f9:df:b0:19:3a:15:6f:7c:83:4a:56:93:7a:11:70:d6:de:
         8b:bf:16:f2:4c:c8:01:ef:ed:d4:a5:8d:74:3e:85:91:f0:b7:
         19:88:3a:62:6c:5f:15:49:4c:76:21:10:22:a1:98:af:b2:10:
         0a:27:c5:87:1e:7a:12:2f:0f:00:ce:10:05:3d:e6:3e:3b:a0:
         e1:56:04:ca:6c:c0:77:c3:d1:ba:35:80:6d:95:63:30:23:99:
         d6:ba:67:39:41:10:99:06:75:11:6f:f8:32:5d:aa:b4:4d:ca:
         b6:76:17:46:ca:23:5f:23:14:a8:83:b3:45:6f:82:18:34:f4:
         2c:b9:f8:bc:98:b0:f7:62:08:43:f5:f4:9e:71:d7:21:76:5c:
         2d:ab:dc:52:66:fa:34:69:1f:9e:fb:a8:68:bf:3c:6b:0b:e3:
         27:aa:b4:d8:ac:16:68:85:01:71:54:b6:60:6a:38:00:92:02:
         18:7f:65:db:14:ed:07:c5:13:16:03:83:8d:10:91:ea:0d:14:
         e7:0e:59:35:5a:67:dc:5b:35:47:95:10:cc:76:91:47:de:8a:
         76:23:71:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkKsLRiGiVM8maIGUWD4YOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwOTAyMTM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTBkZmYwMWZlOGM0MzZmNzQ3N2Y2YmFlMDkzYzNiZGQ2OTZhYTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBkCkM1mS18neT1nwLy+PW+PPY+J
hOxQqGhEU31UCF/Gm0DucVg2d2doW7Wnr7pKyyYM1VrNlGgR2VQHOLPucwEJ2GHi
RLUVf8Eu771DzKGGrGH6uXOjsynTVxFPImsXsY2m8y9Nf3Euq+2dvO3CkkxfUowm
Zw45clFyzxVS6jgqDuzGn0+71ctvKtvl6jF1hrTivBk1/Yzcm6LLDgvd4trS6kqd
Uya0427uXHIoUQpeg96x2TJ3VZoqUFdTrSiTP2d9s61Rl7G4nM4wzp3hvyFdNYnU
wtmoXAaysojjkj3PttXYM0DN7PX7FSZXkQYRO+Wxue7sJD+QbtGAr7uJtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4N/wH+jENvdHf2uuCTw73Wlqo8MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdmczX0FmNk1RMjkwZF9hNjRKUER2ZGFXcWp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWQMA0G
CSqGSIb3DQEBCwUAA4IBAQBwjHiNSPxUwqv3h3+5F6OviCYh8ct/jxePWlbeW0BA
/k0X+TFa+d+wGToVb3yDSlaTehFw1t6LvxbyTMgB7+3UpY10PoWR8LcZiDpibF8V
SUx2IRAioZivshAKJ8WHHnoSLw8AzhAFPeY+O6DhVgTKbMB3w9G6NYBtlWMwI5nW
umc5QRCZBnURb/gyXaq0Tcq2dhdGyiNfIxSog7NFb4IYNPQsufi8mLD3YghD9fSe
cdchdlwtq9xSZvo0aR+e+6hovzxrC+MnqrTYrBZohQFxVLZgajgAkgIYf2XbFO0H
xRMWA4ONEJHqDRTnDlk1WmfcWzVHlRDMdpFH3op2I3ED
-----END CERTIFICATE-----