Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3oauvrDYEWcshmRZBH6iu7Xdd6Y.roa
File:                     3oauvrDYEWcshmRZBH6iu7Xdd6Y.roa (raw, json)
Hash identifier:          MHvnb+me3iCIXKEI7yEiWMOSDrm1AOE+G6WkQHhi2SI=
Subject key identifier:   DE:86:AE:BE:B0:D8:11:67:2C:86:64:59:04:7E:A2:BB:B5:DD:77:A6
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CF1CB7B2618CCC6C0698A6A24F693367C
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3oauvrDYEWcshmRZBH6iu7Xdd6Y.roa
Signing time:             Sun 15 Mar 2026 13:59:30 +0000
ROA not before:           Sun 15 Mar 2026 13:59:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        163.5.62.0/24 maxlen: 24
                          163.5.131.0/24 maxlen: 24
                          163.5.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f1:cb:7b:26:18:cc:c6:c0:69:8a:6a:24:f6:93:36:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 15 13:59:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de86aebeb0d811672c866459047ea2bbb5dd77a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9a:ef:18:2d:c5:c8:bf:2c:53:4a:6b:51:00:
                    75:5a:85:07:42:fa:9f:7e:69:0c:be:86:f3:42:5a:
                    9d:3b:88:53:96:7e:2d:5a:35:65:93:71:9d:8e:5b:
                    ce:48:20:e0:48:7c:08:7a:b8:81:5d:a3:da:4e:30:
                    8e:33:ec:69:62:68:f6:31:af:52:cd:f3:66:32:40:
                    86:2c:52:83:b3:df:34:59:24:4c:ac:b0:e7:a2:a6:
                    4e:13:aa:01:ce:af:28:e0:35:72:90:b0:46:04:89:
                    4d:40:3d:e8:dd:ab:06:61:28:44:b6:25:a7:e2:ca:
                    4f:1b:2e:ad:b6:82:9f:87:64:f4:18:31:9c:f3:43:
                    a4:be:35:72:e4:b1:61:0e:17:1b:e1:45:d2:29:27:
                    59:dc:d0:29:f1:68:97:cf:64:ef:96:7a:3c:48:43:
                    3a:c6:2d:fe:14:d1:1d:d9:70:1d:be:ee:64:bf:ab:
                    3d:3f:80:5c:fc:ea:70:c9:f9:bf:c1:fa:01:61:72:
                    43:ff:44:8c:c9:06:65:d8:9f:25:cb:d2:8b:68:99:
                    f7:c9:b8:fe:09:26:83:43:97:d0:86:1a:cc:1c:7e:
                    f5:39:47:37:cc:45:1c:af:2e:fa:66:b7:55:86:ae:
                    3b:8a:8e:89:85:f3:5d:14:42:d1:a3:46:2c:62:3c:
                    e0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:86:AE:BE:B0:D8:11:67:2C:86:64:59:04:7E:A2:BB:B5:DD:77:A6
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3oauvrDYEWcshmRZBH6iu7Xdd6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.62.0/24
                  163.5.131.0/24
                  163.5.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:b4:d7:6d:5b:20:50:14:76:8b:40:ce:51:01:76:87:0f:39:
         57:d9:a6:3d:56:c0:ca:51:83:b7:c3:9b:5b:a6:b4:c1:a5:15:
         41:7b:f3:da:11:79:ec:d0:5c:df:35:a8:87:94:c9:81:c8:cd:
         9f:49:e3:0d:6f:48:ab:c5:d6:7f:03:74:cd:20:4e:5e:e8:4e:
         eb:b5:21:41:ff:ae:b7:a1:66:fb:02:79:a9:8c:8d:57:ee:c7:
         b8:05:9d:b2:f8:ef:6c:2f:79:5e:1d:32:bb:bb:b2:7a:04:85:
         91:85:bb:61:64:a0:a0:88:89:f3:55:3c:5a:d2:a6:4f:fd:04:
         f5:a3:5f:05:53:03:e0:99:ce:58:09:8e:63:54:96:5a:16:8b:
         20:58:d0:aa:30:3e:ec:21:18:84:5f:03:8f:28:56:7c:bc:aa:
         47:fe:57:df:3b:75:02:a3:38:aa:64:4f:31:6b:13:a5:c9:34:
         a2:63:c4:30:1c:1b:41:5c:6b:27:7b:b9:20:9b:ff:8c:58:78:
         7d:0f:c0:f2:80:6f:6b:76:72:d8:ea:e8:08:d9:3d:8c:c5:17:
         a1:10:d8:dc:70:71:7b:09:5c:41:f0:5b:57:3b:4d:d1:7f:47:
         71:29:7e:47:a0:79:52:aa:a9:79:c7:ce:d5:a7:4b:0c:a8:57:
         8b:ff:41:8b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzxy3smGMzGwGmKaiT2kzZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzE1MTM1OTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTg2YWViZWIwZDgxMTY3MmM4NjY0NTkwNDdlYTJiYmI1ZGQ3N2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApprvGC3FyL8sU0prUQB1WoUHQvqf
fmkMvobzQlqdO4hTln4tWjVlk3GdjlvOSCDgSHwIeriBXaPaTjCOM+xpYmj2Ma9S
zfNmMkCGLFKDs980WSRMrLDnoqZOE6oBzq8o4DVykLBGBIlNQD3o3asGYShEtiWn
4spPGy6ttoKfh2T0GDGc80OkvjVy5LFhDhcb4UXSKSdZ3NAp8WiXz2Tvlno8SEM6
xi3+FNEd2XAdvu5kv6s9P4Bc/Opwyfm/wfoBYXJD/0SMyQZl2J8ly9KLaJn3ybj+
CSaDQ5fQhhrMHH71OUc3zEUcry76ZrdVhq47io6JhfNdFELRo0YsYjzgFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN6Grr6w2BFnLIZkWQR+oru13XemMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvM29hdXZyRFlFV2NzaG1SWkJINml1N1hkZDZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowU+AwQA
owWDAwQAowW7MA0GCSqGSIb3DQEBCwUAA4IBAQAytNdtWyBQFHaLQM5RAXaHDzlX
2aY9VsDKUYO3w5tbprTBpRVBe/PaEXns0FzfNaiHlMmByM2fSeMNb0irxdZ/A3TN
IE5e6E7rtSFB/663oWb7AnmpjI1X7se4BZ2y+O9sL3leHTK7u7J6BIWRhbthZKCg
iInzVTxa0qZP/QT1o18FUwPgmc5YCY5jVJZaFosgWNCqMD7sIRiEXwOPKFZ8vKpH
/lffO3UCoziqZE8xaxOlyTSiY8QwHBtBXGsne7kgm/+MWHh9D8DygG9rdnLY6ugI
2T2MxRehENjccHF7CVxB8FtXO03Rf0dxKX5HoHlSqql5x87Vp0sMqFeL/0GL
-----END CERTIFICATE-----