Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DNFuSLEDaSZUsfFMp5vuybLwjSA.roa
File:                     DNFuSLEDaSZUsfFMp5vuybLwjSA.roa (raw, json)
Hash identifier:          /dYkNpUfiPov08PKwMV8P1+ZWjHg343PNzUrs3pTTSM=
Subject key identifier:   0C:D1:6E:48:B1:03:69:26:54:B1:F1:4C:A7:9B:EE:C9:B2:F0:8D:20
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019E0347CB178AB8A6E798A917183EEFA9DE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DNFuSLEDaSZUsfFMp5vuybLwjSA.roa
Signing time:             Thu 07 May 2026 16:31:37 +0000
ROA not before:           Thu 07 May 2026 16:31:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     23532
IP address blocks:        163.5.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:03:47:cb:17:8a:b8:a6:e7:98:a9:17:18:3e:ef:a9:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May  7 16:31:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0cd16e48b103692654b1f14ca79beec9b2f08d20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fb:3c:21:6f:9b:6a:f9:eb:aa:ba:f6:9a:e0:
                    fc:cf:36:01:dd:6f:97:ee:75:02:67:69:b9:88:ef:
                    54:6b:3a:11:07:f1:0c:dc:a3:2b:b6:86:40:3e:95:
                    b2:42:57:dc:d7:ce:2d:e7:7e:c4:42:1e:bf:de:2c:
                    83:06:1a:12:07:58:f4:67:b7:05:1b:39:2b:77:bd:
                    61:23:23:f6:53:58:cb:b4:12:32:27:41:67:ea:b3:
                    d4:16:77:47:c6:ba:91:dd:1a:12:0d:db:2f:95:32:
                    34:bd:66:05:af:74:01:d3:9e:57:8d:4e:6d:1f:10:
                    e2:b8:cd:28:e0:5a:5c:16:11:02:fa:8a:75:27:5f:
                    ee:fb:88:78:3e:e3:8f:e4:7b:b2:6d:e8:9b:07:90:
                    53:aa:4c:0e:a2:86:56:60:59:9d:2d:da:7d:5e:49:
                    73:6a:f5:1c:e0:6b:ed:6d:92:84:f2:57:7e:8f:27:
                    d7:f9:69:1e:f6:87:65:cf:ff:ba:57:2a:96:58:a7:
                    b4:1b:6c:59:69:01:3a:cd:cf:7c:bd:73:ea:cc:70:
                    16:58:fb:9c:f8:ac:83:71:41:92:1f:31:43:ae:c1:
                    77:72:9a:5f:09:24:fe:26:58:71:cd:3b:c8:84:94:
                    94:6f:e5:b8:6e:01:6a:3f:0b:03:7a:9e:9b:02:42:
                    f5:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D1:6E:48:B1:03:69:26:54:B1:F1:4C:A7:9B:EE:C9:B2:F0:8D:20
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DNFuSLEDaSZUsfFMp5vuybLwjSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:bc:02:dc:47:fb:93:5c:1b:ba:c6:78:f3:93:6f:2b:5c:14:
         6c:da:7d:8d:f8:38:17:a9:87:8a:71:6c:48:b1:90:b9:30:2d:
         74:5f:12:3c:91:0c:f1:f1:d8:7e:eb:de:84:1c:95:58:75:53:
         24:1d:5d:71:85:9d:b5:27:7f:91:59:e0:ee:43:7b:6a:c8:72:
         fe:03:f3:77:d4:b4:db:19:1c:f8:81:79:3c:0f:19:56:3c:44:
         aa:e6:a0:9f:97:8b:1b:94:fc:2f:0b:c4:d0:84:9a:0d:73:f7:
         5f:06:5c:67:59:41:0a:4c:eb:e8:49:8a:89:b8:0f:91:b3:ab:
         66:28:0c:78:54:10:ee:b2:b8:0f:c1:ab:df:30:4d:7b:54:9f:
         ca:be:35:11:2a:0c:69:a2:20:e4:63:69:d9:76:26:3f:1b:4d:
         77:49:d8:cd:b1:82:bc:fe:72:ea:e3:56:fb:11:eb:5d:b1:3d:
         3b:47:a0:c5:3c:17:8b:6b:b7:cb:cc:a6:3f:08:7b:e1:f9:1f:
         e4:a3:b2:44:3d:29:93:28:c1:14:8a:56:d5:33:ee:6b:e0:84:
         e8:7b:91:4e:36:be:27:11:cf:aa:c6:f5:f9:15:bf:91:7d:7d:
         7a:a4:14:c9:f2:92:ef:be:3c:99:49:32:b7:2d:55:71:c6:c8:
         04:21:15:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4DR8sXirim55ipFxg+76neMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNTA3MTYzMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2QxNmU0OGIxMDM2OTI2NTRiMWYxNGNhNzliZWVjOWIyZjA4ZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPs8IW+bavnrqrr2muD8zzYB3W+X
7nUCZ2m5iO9UazoRB/EM3KMrtoZAPpWyQlfc184t537EQh6/3iyDBhoSB1j0Z7cF
Gzkrd71hIyP2U1jLtBIyJ0Fn6rPUFndHxrqR3RoSDdsvlTI0vWYFr3QB055XjU5t
HxDiuM0o4FpcFhEC+op1J1/u+4h4PuOP5HuybeibB5BTqkwOooZWYFmdLdp9Xklz
avUc4GvtbZKE8ld+jyfX+Wke9odlz/+6VyqWWKe0G2xZaQE6zc98vXPqzHAWWPuc
+KyDcUGSHzFDrsF3cppfCST+JlhxzTvIhJSUb+W4bgFqPwsDep6bAkL1QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzRbkixA2kmVLHxTKeb7smy8I0gMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRE5GdVNMRURhU1pVc2ZGTXA1dnV5Ykx3alNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVtMA0G
CSqGSIb3DQEBCwUAA4IBAQCNvALcR/uTXBu6xnjzk28rXBRs2n2N+DgXqYeKcWxI
sZC5MC10XxI8kQzx8dh+696EHJVYdVMkHV1xhZ21J3+RWeDuQ3tqyHL+A/N31LTb
GRz4gXk8DxlWPESq5qCfl4sblPwvC8TQhJoNc/dfBlxnWUEKTOvoSYqJuA+Rs6tm
KAx4VBDusrgPwavfME17VJ/KvjURKgxpoiDkY2nZdiY/G013SdjNsYK8/nLq41b7
EetdsT07R6DFPBeLa7fLzKY/CHvh+R/ko7JEPSmTKMEUilbVM+5r4IToe5FONr4n
Ec+qxvX5Fb+RfX16pBTJ8pLvvjyZSTK3LVVxxsgEIRUD
-----END CERTIFICATE-----