Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/544QlsfHCaE0scouHzKpSQp7-n8.roa
File:                     544QlsfHCaE0scouHzKpSQp7-n8.roa (raw, json)
Hash identifier:          XYZ1XszJiLnqw+qCKAMggzdYrM+6+tO9pLqDNy+atGE=
Subject key identifier:   E7:8E:10:96:C7:C7:09:A1:34:B1:CA:2E:1F:32:A9:49:0A:7B:FA:7F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D060121934C44E0598FC8C44FDC885DBB
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/544QlsfHCaE0scouHzKpSQp7-n8.roa
Signing time:             Thu 19 Mar 2026 12:10:30 +0000
ROA not before:           Thu 19 Mar 2026 12:10:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48678
IP address blocks:        163.5.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:01:21:93:4c:44:e0:59:8f:c8:c4:4f:dc:88:5d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 19 12:10:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e78e1096c7c709a134b1ca2e1f32a9490a7bfa7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c3:7c:90:2b:71:e0:96:9c:28:88:f3:9b:cd:
                    99:7d:a3:f8:14:93:35:ce:4a:89:df:53:e2:98:80:
                    0c:16:34:61:29:f7:52:52:a0:7b:22:72:bc:f2:8e:
                    ee:ce:56:f7:de:5a:67:22:04:9e:a0:38:ca:19:22:
                    6c:ff:e6:f1:8f:a1:4d:5f:d9:6c:23:b0:ca:68:27:
                    ce:2c:2b:d6:84:b6:89:09:b2:bf:8e:d0:59:be:c2:
                    d0:77:55:89:8d:64:ce:da:8e:f8:2c:3c:b7:cf:ac:
                    ff:41:75:bb:f5:9c:4a:95:8a:0f:4d:71:91:05:13:
                    1e:ce:11:00:bc:da:2a:a2:9e:4f:ee:c4:44:ac:ca:
                    a8:b3:09:cb:7c:eb:ca:56:d5:d1:4f:ea:b4:22:11:
                    74:41:dc:6e:98:1a:3b:81:9d:9b:35:1e:56:ee:b8:
                    2b:44:66:9c:f9:96:a3:89:7e:67:43:6c:7a:50:c2:
                    19:86:d3:e4:78:10:35:6a:86:9c:3d:c8:0f:19:23:
                    33:4b:7b:85:50:19:8d:ed:f3:d9:ea:17:5c:73:a9:
                    d7:07:73:02:35:af:bf:3e:9d:c6:40:ab:10:20:9d:
                    37:0c:c6:e5:8b:6e:92:b1:d3:9a:0a:5a:2e:5e:57:
                    bc:34:80:5d:28:52:2d:70:2e:1d:98:23:3f:bf:4d:
                    ea:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:8E:10:96:C7:C7:09:A1:34:B1:CA:2E:1F:32:A9:49:0A:7B:FA:7F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/544QlsfHCaE0scouHzKpSQp7-n8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ce:ea:18:59:e8:90:59:ed:57:0a:e1:9d:0d:cc:8f:5c:d8:
         82:7d:ff:14:8d:19:27:62:e6:12:2f:81:b7:a4:81:e0:a7:a2:
         a5:bf:b0:7f:82:49:24:4a:d0:dd:46:ff:06:a5:e3:96:0f:44:
         fd:0b:eb:06:a8:a5:c1:ac:97:d9:f5:ca:ed:fb:d9:a1:32:ef:
         93:44:c9:c8:1d:a1:bf:a9:dd:3b:fb:94:f4:b0:65:31:b2:aa:
         05:69:26:94:3b:74:78:ba:de:69:a0:47:36:09:f9:b7:ca:6d:
         99:d9:36:ba:9f:88:62:1d:a6:a9:a6:97:4e:c4:88:da:5a:f1:
         cd:d2:5b:00:c8:24:20:82:36:a9:7b:e6:e3:12:7b:8a:03:47:
         2d:5a:68:45:b6:01:bb:f3:4f:42:96:f7:0d:cd:94:79:c6:48:
         73:59:ed:aa:30:52:bf:21:4e:86:6b:74:ad:72:bd:ce:ea:96:
         0f:9d:f2:6c:ba:cf:a7:6e:96:5d:63:e5:b6:2e:58:c4:41:4e:
         1f:61:4d:14:eb:f9:a1:d1:61:d5:52:9a:63:41:56:08:10:c6:
         56:c6:b4:0d:2e:80:cc:a2:bb:98:c0:55:eb:fc:74:be:6a:d1:
         85:65:81:89:95:94:f3:7b:0d:0a:bf:e6:7e:3b:ae:0f:3f:d9:
         3c:18:1c:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0GASGTTETgWY/IxE/ciF27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzE5MTIxMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzhlMTA5NmM3YzcwOWExMzRiMWNhMmUxZjMyYTk0OTBhN2JmYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcN8kCtx4JacKIjzm82ZfaP4FJM1
zkqJ31PimIAMFjRhKfdSUqB7InK88o7uzlb33lpnIgSeoDjKGSJs/+bxj6FNX9ls
I7DKaCfOLCvWhLaJCbK/jtBZvsLQd1WJjWTO2o74LDy3z6z/QXW79ZxKlYoPTXGR
BRMezhEAvNoqop5P7sRErMqoswnLfOvKVtXRT+q0IhF0QdxumBo7gZ2bNR5W7rgr
RGac+ZajiX5nQ2x6UMIZhtPkeBA1aoacPcgPGSMzS3uFUBmN7fPZ6hdcc6nXB3MC
Na+/Pp3GQKsQIJ03DMbli26SsdOaClouXle8NIBdKFItcC4dmCM/v03qAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOeOEJbHxwmhNLHKLh8yqUkKe/p/MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNTQ0UWxzZkhDYUUwc2NvdUh6S3BTUXA3LW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowU1MA0G
CSqGSIb3DQEBCwUAA4IBAQBmzuoYWeiQWe1XCuGdDcyPXNiCff8UjRknYuYSL4G3
pIHgp6Klv7B/gkkkStDdRv8GpeOWD0T9C+sGqKXBrJfZ9crt+9mhMu+TRMnIHaG/
qd07+5T0sGUxsqoFaSaUO3R4ut5poEc2Cfm3ym2Z2Ta6n4hiHaapppdOxIjaWvHN
0lsAyCQggjape+bjEnuKA0ctWmhFtgG7809ClvcNzZR5xkhzWe2qMFK/IU6Ga3St
cr3O6pYPnfJsus+nbpZdY+W2LljEQU4fYU0U6/mh0WHVUppjQVYIEMZWxrQNLoDM
oruYwFXr/HS+atGFZYGJlZTzew0Kv+Z+O64PP9k8GBy+
-----END CERTIFICATE-----