Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7PpeTDSY62f5rK87gkazLAznAhM.roa
File:                     7PpeTDSY62f5rK87gkazLAznAhM.roa (raw, json)
Hash identifier:          jYZWRkWPlZjljobGSfDWGtsMYqoKBxZjhVXYxBUVIFI=
Subject key identifier:   EC:FA:5E:4C:34:98:EB:67:F9:AC:AF:3B:82:46:B3:2C:0C:E7:02:13
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CFA864B0FD933AC5F4A84427F37CCEDB4
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7PpeTDSY62f5rK87gkazLAznAhM.roa
Signing time:             Tue 17 Mar 2026 06:40:30 +0000
ROA not before:           Tue 17 Mar 2026 06:40:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205489
IP address blocks:        163.5.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fa:86:4b:0f:d9:33:ac:5f:4a:84:42:7f:37:cc:ed:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 17 06:40:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ecfa5e4c3498eb67f9acaf3b8246b32c0ce70213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1b:ed:d9:d6:ab:2a:c5:1e:aa:c3:b6:84:7b:
                    97:1b:de:26:b4:64:6b:ac:b5:d6:51:73:c5:ef:c0:
                    4b:7f:ec:e6:1a:f9:43:53:46:e9:3c:16:e1:e1:2f:
                    49:90:0f:8f:10:13:5b:49:55:0e:04:51:78:73:0f:
                    8c:7a:00:4d:67:8f:72:a9:1f:dd:81:d1:63:bd:cd:
                    2b:79:12:9a:a3:ec:fa:4e:b3:be:8a:43:55:0f:f4:
                    70:c0:19:0d:25:a4:8a:fc:dc:94:0b:1c:db:63:6d:
                    3b:0e:ad:65:0b:06:07:e7:3b:27:18:13:86:5e:fd:
                    0c:53:1d:68:f9:a7:b2:c1:c3:6f:28:e9:63:03:f1:
                    4a:18:63:c4:04:4c:ce:9e:82:a0:5b:07:e1:cb:db:
                    b6:a1:a6:e3:a8:e7:a1:ad:58:d0:ee:e0:f2:97:d8:
                    15:f8:75:03:1e:e7:f0:d4:ac:d0:f6:fd:c0:1d:24:
                    39:f4:fc:07:1e:70:ed:78:14:98:11:2d:e3:86:61:
                    6f:b7:f6:25:78:5e:14:0c:90:48:bb:c3:53:4d:d3:
                    58:27:ed:ae:db:ef:81:a0:ed:55:5d:7c:b9:d9:7e:
                    38:b7:0b:21:76:70:9b:81:8c:2a:5b:3d:03:df:52:
                    cd:48:ef:f7:b9:b6:bd:1f:37:cb:21:88:59:d2:22:
                    df:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:FA:5E:4C:34:98:EB:67:F9:AC:AF:3B:82:46:B3:2C:0C:E7:02:13
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7PpeTDSY62f5rK87gkazLAznAhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:22:28:be:a6:47:2e:a5:66:d2:b4:c5:60:fa:f9:d6:67:20:
         a5:28:0e:e7:87:7b:d2:79:98:e0:82:ea:39:b1:da:f2:79:0c:
         1b:dc:8a:f2:08:dd:0c:43:ef:bb:14:7b:2d:e7:5a:43:f4:c6:
         d4:e8:d8:cc:ba:3e:72:92:9b:38:f6:26:60:b9:a3:d8:9b:85:
         a9:7e:72:5d:1b:b1:6a:6e:32:4e:a0:5d:2c:61:78:6c:f3:de:
         97:94:ad:ff:43:c8:36:30:91:f2:fd:12:11:71:ea:11:74:0d:
         b6:bc:82:f3:d6:fa:a2:6e:e7:c9:2f:46:3f:7b:a1:f2:88:5f:
         26:33:54:7e:f2:bd:52:f9:24:aa:1e:68:17:2f:63:67:66:95:
         49:be:de:19:c6:5b:08:43:7d:90:9a:67:9b:6c:89:b2:f0:78:
         d4:27:a5:b7:cc:b8:02:32:50:eb:b1:dd:f1:8b:20:3a:aa:8e:
         50:55:dc:3f:27:23:b7:cc:2b:7b:aa:4b:60:f4:2b:7c:b5:9a:
         31:34:4c:86:64:3f:7a:2d:9c:d5:d5:4a:a4:56:9c:5b:b8:93:
         83:29:38:ad:b8:a5:7c:9c:2b:6c:05:fd:4a:65:f3:46:9c:eb:
         0c:c0:43:d5:4b:9e:2f:6f:d6:ef:1d:75:65:10:a6:70:5f:a8:
         30:e2:78:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz6hksP2TOsX0qEQn83zO20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzE3MDY0MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2ZhNWU0YzM0OThlYjY3ZjlhY2FmM2I4MjQ2YjMyYzBjZTcwMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvt2darKsUeqsO2hHuXG94mtGRr
rLXWUXPF78BLf+zmGvlDU0bpPBbh4S9JkA+PEBNbSVUOBFF4cw+MegBNZ49yqR/d
gdFjvc0reRKao+z6TrO+ikNVD/RwwBkNJaSK/NyUCxzbY207Dq1lCwYH5zsnGBOG
Xv0MUx1o+aeywcNvKOljA/FKGGPEBEzOnoKgWwfhy9u2oabjqOehrVjQ7uDyl9gV
+HUDHufw1KzQ9v3AHSQ59PwHHnDteBSYES3jhmFvt/YleF4UDJBIu8NTTdNYJ+2u
2++BoO1VXXy52X44twshdnCbgYwqWz0D31LNSO/3uba9HzfLIYhZ0iLf5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOz6Xkw0mOtn+ayvO4JGsywM5wITMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvN1BwZVREU1k2MmY1cks4N2drYXpMQXpuQWhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowU0MA0G
CSqGSIb3DQEBCwUAA4IBAQCTIii+pkcupWbStMVg+vnWZyClKA7nh3vSeZjgguo5
sdryeQwb3IryCN0MQ++7FHst51pD9MbU6NjMuj5ykps49iZguaPYm4WpfnJdG7Fq
bjJOoF0sYXhs896XlK3/Q8g2MJHy/RIRceoRdA22vILz1vqibufJL0Y/e6HyiF8m
M1R+8r1S+SSqHmgXL2NnZpVJvt4ZxlsIQ32QmmebbImy8HjUJ6W3zLgCMlDrsd3x
iyA6qo5QVdw/JyO3zCt7qktg9Ct8tZoxNEyGZD96LZzV1UqkVpxbuJODKTituKV8
nCtsBf1KZfNGnOsMwEPVS54vb9bvHXVlEKZwX6gw4ngq
-----END CERTIFICATE-----