Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5FRewWUSgzFVHLSEZmTv_qLN21o.roa
File:                     5FRewWUSgzFVHLSEZmTv_qLN21o.roa (raw, json)
Hash identifier:          hMDkGk8qxONsYwXOO06O49vLLVmFMdxcFF7LRDvPRuA=
Subject key identifier:   E4:54:5E:C1:65:12:83:31:55:1C:B4:84:66:64:EF:FE:A2:CD:DB:5A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D1AC105FA3D8D299549545DD61BBB629B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5FRewWUSgzFVHLSEZmTv_qLN21o.roa
Signing time:             Mon 23 Mar 2026 12:52:30 +0000
ROA not before:           Mon 23 Mar 2026 12:52:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202792
IP address blocks:        163.5.157.0/24 maxlen: 24
                          163.5.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:c1:05:fa:3d:8d:29:95:49:54:5d:d6:1b:bb:62:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 23 12:52:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4545ec165128331551cb4846664effea2cddb5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6e:7b:70:2f:df:c9:19:3b:5c:34:26:83:fe:
                    7f:31:38:98:89:9e:f3:8a:5a:85:05:f6:d1:68:96:
                    4e:04:81:cc:bd:d0:94:5a:eb:4a:8d:23:dc:36:ce:
                    76:fe:22:ce:44:c2:a3:90:b6:1d:a9:ea:f8:84:f7:
                    d3:19:a0:f9:3d:1c:c5:a2:49:67:4c:64:e7:65:8d:
                    0e:17:7b:42:35:70:71:4a:61:cf:d8:96:7f:1c:d1:
                    71:f4:9f:8f:2f:0e:1b:df:07:57:e9:35:98:5b:f3:
                    aa:d7:77:1f:87:2a:f2:bd:31:cf:5c:ea:44:0f:3a:
                    60:d4:a3:9f:8c:78:b8:3d:96:30:c8:9b:50:1b:3e:
                    e2:da:d5:1c:66:50:10:a3:04:b1:3b:a7:11:b1:54:
                    84:a5:ab:60:09:76:36:01:f9:9e:63:dc:fd:43:87:
                    46:e8:be:96:81:8d:5f:f7:5d:fb:d0:04:0d:29:90:
                    6f:d3:1f:ef:80:9b:0a:ee:7b:d7:2e:bb:b0:ae:c8:
                    80:41:6e:ca:d3:f9:eb:4d:62:47:85:ce:71:27:ca:
                    ea:89:26:23:30:57:62:19:6b:7e:29:d2:98:ba:04:
                    04:78:8b:42:f3:80:c7:8c:4c:6e:90:11:df:32:2a:
                    cb:ac:33:10:40:a3:13:c7:1b:4e:a7:f3:e4:9d:d1:
                    ce:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:54:5E:C1:65:12:83:31:55:1C:B4:84:66:64:EF:FE:A2:CD:DB:5A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5FRewWUSgzFVHLSEZmTv_qLN21o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.157.0/24
                  163.5.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:05:2f:5e:9e:35:62:7c:07:6d:bd:76:41:40:8d:15:b4:fa:
         f5:c1:d5:a9:23:ef:7d:d2:23:8b:c5:35:64:18:cf:49:73:ab:
         d6:ac:e3:9d:93:10:5c:ec:73:57:7b:1c:55:8b:d6:c8:40:b2:
         9d:a4:5a:43:51:b4:94:97:13:1e:22:2c:a9:39:94:e6:0c:49:
         c1:cf:83:09:36:ec:01:24:24:a4:32:30:77:4c:e5:ad:49:a8:
         e9:6b:9e:77:a1:41:18:67:9c:67:16:64:57:c9:b6:91:35:27:
         7c:6f:68:ee:75:a3:c9:2e:92:4b:67:66:09:e4:ef:2b:65:0d:
         0e:4e:09:cb:87:5b:a9:d4:80:da:a2:a1:f1:73:a3:c7:0e:35:
         0f:e2:e5:0e:c2:50:ed:cd:31:e9:82:34:4f:89:cd:3f:9d:c1:
         c5:e0:96:22:7f:99:90:37:b3:ba:2a:d5:44:a9:c8:e9:1c:91:
         00:94:bc:c1:56:23:a0:fb:d4:5d:bd:12:85:94:f4:03:f8:15:
         4e:5d:b5:c3:ec:47:f8:23:d6:5d:6a:04:78:ff:9b:14:0d:a2:
         90:23:c9:4b:14:40:53:e1:36:b3:4b:85:76:50:07:e5:13:61:
         e2:82:42:d6:70:4f:a4:11:e7:6a:c3:35:0e:5d:b8:06:48:2d:
         b2:75:07:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0awQX6PY0plUlUXdYbu2KbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzIzMTI1MjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDU0NWVjMTY1MTI4MzMxNTUxY2I0ODQ2NjY0ZWZmZWEyY2RkYjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkG57cC/fyRk7XDQmg/5/MTiYiZ7z
ilqFBfbRaJZOBIHMvdCUWutKjSPcNs52/iLORMKjkLYdqer4hPfTGaD5PRzFokln
TGTnZY0OF3tCNXBxSmHP2JZ/HNFx9J+PLw4b3wdX6TWYW/Oq13cfhyryvTHPXOpE
Dzpg1KOfjHi4PZYwyJtQGz7i2tUcZlAQowSxO6cRsVSEpatgCXY2AfmeY9z9Q4dG
6L6WgY1f91370AQNKZBv0x/vgJsK7nvXLruwrsiAQW7K0/nrTWJHhc5xJ8rqiSYj
MFdiGWt+KdKYugQEeItC84DHjExukBHfMirLrDMQQKMTxxtOp/PkndHO2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFORUXsFlEoMxVRy0hGZk7/6izdtaMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNUZSZXdXVVNnekZWSExTRVptVHZfcUxOMjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowWdAwQA
owXIMA0GCSqGSIb3DQEBCwUAA4IBAQApBS9enjVifAdtvXZBQI0VtPr1wdWpI+99
0iOLxTVkGM9Jc6vWrOOdkxBc7HNXexxVi9bIQLKdpFpDUbSUlxMeIiypOZTmDEnB
z4MJNuwBJCSkMjB3TOWtSajpa553oUEYZ5xnFmRXybaRNSd8b2judaPJLpJLZ2YJ
5O8rZQ0OTgnLh1up1IDaoqHxc6PHDjUP4uUOwlDtzTHpgjRPic0/ncHF4JYif5mQ
N7O6KtVEqcjpHJEAlLzBViOg+9RdvRKFlPQD+BVOXbXD7Ef4I9ZdagR4/5sUDaKQ
I8lLFEBT4TazS4V2UAflE2HigkLWcE+kEedqwzUOXbgGSC2ydQfv
-----END CERTIFICATE-----