Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/wc79723NGr4a0X3uvvwFxK9ijLM.roa
File:                     wc79723NGr4a0X3uvvwFxK9ijLM.roa (raw, json)
Hash identifier:          5wkxAfkREllnFj9JOKh68oHEE37NwDcvRq5MUjL08xw=
Subject key identifier:   C1:CE:FD:EF:6D:CD:1A:BE:1A:D1:7D:EE:BE:FC:05:C4:AF:62:8C:B3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019BFA7B1CB693C1D58A168BD8A04A1A560A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/wc79723NGr4a0X3uvvwFxK9ijLM.roa
Signing time:             Mon 26 Jan 2026 13:25:30 +0000
ROA not before:           Mon 26 Jan 2026 13:25:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152734
IP address blocks:        163.5.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 19:57:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:fa:7b:1c:b6:93:c1:d5:8a:16:8b:d8:a0:4a:1a:56:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan 26 13:25:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1cefdef6dcd1abe1ad17deebefc05c4af628cb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e6:b8:ae:99:6a:e9:d2:12:32:49:94:a2:79:
                    c2:db:a6:e3:46:05:4d:ce:07:66:db:0c:35:06:da:
                    5d:dd:25:34:2d:f5:60:e1:02:8f:28:61:41:c9:b3:
                    58:9f:68:9a:0f:98:8c:25:e8:35:80:3c:4a:62:f9:
                    53:ad:89:cf:e8:2a:57:78:01:04:f0:aa:cc:b3:b9:
                    5e:2d:60:ae:96:ea:f7:7e:38:d7:20:07:89:ae:65:
                    d1:7a:b4:dc:49:06:6d:49:7d:e9:9d:b5:d5:83:cb:
                    14:f5:8a:78:bd:ca:1a:70:e0:b0:43:cb:5a:e5:6c:
                    4c:53:dc:55:94:6c:95:1d:64:a6:8e:b4:d0:5a:d4:
                    9c:c5:76:92:68:17:b2:b5:94:67:a6:b2:57:80:e5:
                    f0:7b:05:57:ae:c4:7c:f7:db:ae:b5:91:0d:4f:07:
                    25:8b:02:34:dd:aa:16:c3:5f:e3:3f:8f:1d:2f:32:
                    59:c2:b9:f9:ca:6d:f6:33:7e:f7:33:25:78:65:76:
                    09:b6:aa:70:1e:22:7d:99:05:3b:8a:ef:19:8f:7f:
                    96:7d:1b:49:8e:3d:cf:28:9b:54:73:f0:9f:14:e4:
                    f0:1e:ef:b0:8b:97:c6:e2:7c:cd:48:d1:e3:97:01:
                    74:fb:a0:d8:31:d9:22:d9:a8:25:a7:59:6e:94:26:
                    c3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:CE:FD:EF:6D:CD:1A:BE:1A:D1:7D:EE:BE:FC:05:C4:AF:62:8C:B3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/wc79723NGr4a0X3uvvwFxK9ijLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:b9:43:bd:18:0d:34:8d:0d:7d:26:d2:9a:ed:88:a5:a5:23:
         77:b0:31:db:39:e5:b6:c6:04:ad:27:0f:98:8c:c4:e5:48:53:
         87:d0:c5:64:25:d1:55:85:19:be:90:13:05:73:e6:c5:7e:cb:
         c1:cd:b2:31:00:4b:2f:75:32:16:e5:ef:7f:01:b7:66:12:5f:
         ce:e0:11:8c:e0:4a:44:ea:b0:3f:91:e5:8e:18:93:45:dd:cf:
         2c:11:ae:cf:7e:e4:09:a0:c0:1f:ca:65:ba:7a:61:be:d3:50:
         9b:07:41:b7:88:f5:c0:67:76:ac:28:17:07:9d:ef:3c:0e:14:
         b2:73:db:a3:08:4f:b9:9d:0c:63:ff:cb:da:54:3e:b8:38:30:
         6e:6f:de:43:db:0f:f6:35:c1:c6:db:5a:26:a8:14:5d:c4:99:
         22:6a:c0:e2:f0:3e:64:0c:63:72:aa:99:61:39:c6:a8:35:f2:
         eb:62:dd:97:aa:84:29:de:87:75:a5:11:14:dc:1f:73:dc:c5:
         3f:9a:db:c4:ed:53:47:69:42:b2:15:4d:86:1c:31:95:cb:d3:
         b9:f4:41:16:96:83:98:1b:0d:3c:b7:fc:53:f9:9d:a4:bc:3c:
         22:d8:0a:2d:d0:94:92:19:d3:67:d6:78:1e:15:26:a3:a9:ec:
         70:f4:07:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv6exy2k8HVihaL2KBKGlYKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTI2MTMyNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWNlZmRlZjZkY2QxYWJlMWFkMTdkZWViZWZjMDVjNGFmNjI4Y2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ea4rplq6dISMkmUonnC26bjRgVN
zgdm2ww1Btpd3SU0LfVg4QKPKGFBybNYn2iaD5iMJeg1gDxKYvlTrYnP6CpXeAEE
8KrMs7leLWCulur3fjjXIAeJrmXRerTcSQZtSX3pnbXVg8sU9Yp4vcoacOCwQ8ta
5WxMU9xVlGyVHWSmjrTQWtScxXaSaBeytZRnprJXgOXwewVXrsR899uutZENTwcl
iwI03aoWw1/jP48dLzJZwrn5ym32M373MyV4ZXYJtqpwHiJ9mQU7iu8Zj3+WfRtJ
jj3PKJtUc/CfFOTwHu+wi5fG4nzNSNHjlwF0+6DYMdki2aglp1lulCbDCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHO/e9tzRq+GtF97r78BcSvYoyzMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvd2M3OTcyM05HcjRhMFgzdXZ2d0Z4SzlpakxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUJMA0G
CSqGSIb3DQEBCwUAA4IBAQCxuUO9GA00jQ19JtKa7YilpSN3sDHbOeW2xgStJw+Y
jMTlSFOH0MVkJdFVhRm+kBMFc+bFfsvBzbIxAEsvdTIW5e9/AbdmEl/O4BGM4EpE
6rA/keWOGJNF3c8sEa7PfuQJoMAfymW6emG+01CbB0G3iPXAZ3asKBcHne88DhSy
c9ujCE+5nQxj/8vaVD64ODBub95D2w/2NcHG21omqBRdxJkiasDi8D5kDGNyqplh
OcaoNfLrYt2XqoQp3od1pREU3B9z3MU/mtvE7VNHaUKyFU2GHDGVy9O59EEWloOY
Gw08t/xT+Z2kvDwi2Aot0JSSGdNn1ngeFSajqexw9Add
-----END CERTIFICATE-----