Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-y8jAC7RN3XCIEuVMfF5ZsxaDrM.roa
File:                     1-y8jAC7RN3XCIEuVMfF5ZsxaDrM.roa (raw, json)
Hash identifier:          gvW1mIjt3SL1ylQ8vpWKn4Q378IsEaMbBf0bg9iGbe0=
Subject key identifier:   FB:2F:23:00:2E:D1:37:75:C2:20:4B:95:31:F1:79:66:CC:5A:0E:B3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D060209AFAF6569346E93348495B67FCE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-y8jAC7RN3XCIEuVMfF5ZsxaDrM.roa
Signing time:             Thu 19 Mar 2026 12:11:30 +0000
ROA not before:           Thu 19 Mar 2026 12:11:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215898
IP address blocks:        163.5.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:02:09:af:af:65:69:34:6e:93:34:84:95:b6:7f:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 19 12:11:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fb2f23002ed13775c2204b9531f17966cc5a0eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:be:61:3c:f5:4c:b0:0e:14:9a:8e:7b:7d:72:
                    c9:ee:2e:e2:0b:20:cb:ea:9c:16:02:31:67:75:04:
                    01:d9:8e:f7:b8:9d:ca:a0:2e:2d:3a:f6:ff:87:19:
                    df:5c:da:ef:79:62:7b:fb:08:89:7c:c8:96:02:f5:
                    5c:6c:a4:e9:8a:a2:4e:0c:64:d2:45:ad:91:4f:56:
                    15:64:9b:05:2c:0c:24:c2:f1:8f:c6:1c:db:ab:03:
                    13:c3:e9:17:71:b4:cc:84:74:fb:a2:d8:60:d6:44:
                    c8:53:52:69:0f:a9:7c:a9:a5:6b:77:a3:5a:bc:0a:
                    53:e7:de:cd:f9:96:e5:1c:9d:5e:6c:aa:78:df:bd:
                    ff:39:95:11:a0:f2:c2:e6:e9:e3:7d:07:1b:74:c9:
                    5f:bd:e4:98:c6:fb:c9:9a:64:ca:5a:6c:50:59:4e:
                    75:08:67:21:66:9a:17:7c:48:65:9b:78:64:6c:82:
                    72:4d:8e:1d:f1:59:f3:fa:8b:05:77:37:ff:07:e2:
                    0a:aa:cd:ed:69:46:63:a2:d9:87:37:95:24:51:a8:
                    6c:7d:0a:ba:e0:ce:d9:6e:3a:f3:48:44:6b:db:82:
                    c6:a0:22:d1:0c:f3:ef:5f:89:cf:83:67:30:26:69:
                    9d:d6:d6:cf:b8:9f:70:a4:a8:6a:00:96:4f:d1:e3:
                    80:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2F:23:00:2E:D1:37:75:C2:20:4B:95:31:F1:79:66:CC:5A:0E:B3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-y8jAC7RN3XCIEuVMfF5ZsxaDrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:99:2c:82:e8:d2:a5:bf:f9:16:a5:54:ef:d4:fd:c6:8f:c9:
         b8:02:b1:35:65:af:3b:1b:9e:29:77:68:68:49:b8:4e:8a:68:
         b2:64:1c:3b:99:6f:9a:b7:a1:0b:4d:31:84:a5:e3:8c:7e:b1:
         9d:71:3f:14:08:6f:e4:fb:40:43:d3:af:98:97:1c:0e:0f:a8:
         7d:5c:2f:39:2c:36:82:f4:46:87:8f:1f:96:64:96:a2:b3:16:
         ad:7e:b2:03:7f:f4:52:0e:08:71:86:6c:7f:d5:f8:d5:fe:a5:
         66:de:1d:7a:51:d5:5a:97:15:fa:4c:f0:24:03:39:3c:98:95:
         e4:5b:da:46:24:98:51:20:60:d4:67:be:d6:7f:ff:17:06:3c:
         f3:f9:95:9e:19:f4:a4:c1:86:fb:d3:32:87:aa:ab:46:2a:a1:
         46:5c:9c:47:85:f1:7f:ab:f0:73:5d:eb:ed:cc:78:2e:45:4b:
         97:14:d8:df:28:60:9b:48:f9:73:9a:60:38:dc:dd:16:43:ba:
         d7:8e:68:6f:79:e2:6b:a8:bd:f1:e0:23:13:6e:3c:72:35:ae:
         5e:a0:72:8a:1e:49:e3:5d:f0:5d:38:de:ff:30:d8:a7:97:ac:
         07:ec:11:79:fe:51:f8:eb:c2:e4:7b:0d:77:33:ec:c6:e4:3b:
         fb:c6:a3:15
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0GAgmvr2VpNG6TNISVtn/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzE5MTIxMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJmMjMwMDJlZDEzNzc1YzIyMDRiOTUzMWYxNzk2NmNjNWEwZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl75hPPVMsA4Umo57fXLJ7i7iCyDL
6pwWAjFndQQB2Y73uJ3KoC4tOvb/hxnfXNrveWJ7+wiJfMiWAvVcbKTpiqJODGTS
Ra2RT1YVZJsFLAwkwvGPxhzbqwMTw+kXcbTMhHT7othg1kTIU1JpD6l8qaVrd6Na
vApT597N+ZblHJ1ebKp4373/OZURoPLC5unjfQcbdMlfveSYxvvJmmTKWmxQWU51
CGchZpoXfEhlm3hkbIJyTY4d8Vnz+osFdzf/B+IKqs3taUZjotmHN5UkUahsfQq6
4M7ZbjrzSERr24LGoCLRDPPvX4nPg2cwJmmd1tbPuJ9wpKhqAJZP0eOAdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsvIwAu0Td1wiBLlTHxeWbMWg6zMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMS15OGpBQzdSTjNYQ0lFdVZNZkY1WnN4YURyTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTMvZDAyZGZiLTk2NzMtNDlhOC05NzFjLTlmZTk0MTA4ZmYw
MS8xL0RPaFJ0dDFkTms3aG5nczRJQnMtamZKaVM4cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKMFNTAN
BgkqhkiG9w0BAQsFAAOCAQEAl5ksgujSpb/5FqVU79T9xo/JuAKxNWWvOxueKXdo
aEm4ToposmQcO5lvmrehC00xhKXjjH6xnXE/FAhv5PtAQ9OvmJccDg+ofVwvOSw2
gvRGh48flmSWorMWrX6yA3/0Ug4IcYZsf9X41f6lZt4delHVWpcV+kzwJAM5PJiV
5FvaRiSYUSBg1Ge+1n//FwY88/mVnhn0pMGG+9Myh6qrRiqhRlycR4Xxf6vwc13r
7cx4LkVLlxTY3yhgm0j5c5pgONzdFkO6145ob3nia6i98eAjE248cjWuXqByih5J
413wXTje/zDYp5esB+wRef5R+OvC5HsNdzPsxuQ7+8ajFQ==
-----END CERTIFICATE-----