Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/FB4WzqFXLmvHQi6ovOwnkydxNbo.roa
File:                     FB4WzqFXLmvHQi6ovOwnkydxNbo.roa (raw, json)
Hash identifier:          g2D9h+OCSZ+mpMWzBKM/G/nO5owE5nKdc+XVwJ7bX2k=
Subject key identifier:   14:1E:16:CE:A1:57:2E:6B:C7:42:2E:A8:BC:EC:27:93:27:71:35:BA
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0198A94457B8DCB9FC03050E94CD914FAE6B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/FB4WzqFXLmvHQi6ovOwnkydxNbo.roa
Signing time:             Thu 14 Aug 2025 15:48:05 +0000
ROA not before:           Thu 14 Aug 2025 15:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205896
IP address blocks:        163.5.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a9:44:57:b8:dc:b9:fc:03:05:0e:94:cd:91:4f:ae:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug 14 15:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=141e16cea1572e6bc7422ea8bcec2793277135ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:99:9c:6c:ac:3f:5a:4e:7c:ff:66:25:e0:8a:
                    db:10:a2:b1:ce:97:2e:0b:15:48:2f:a2:5a:3b:a0:
                    5b:a9:79:ef:03:ad:46:81:1c:72:1b:8c:bd:0f:3e:
                    a7:4a:b7:80:7b:8c:06:df:d0:a5:96:2c:98:9b:2e:
                    43:7a:d3:0e:3a:5d:c5:27:cb:13:17:f0:d5:7a:27:
                    dd:55:90:bc:8c:b1:be:0a:b1:67:dc:a7:87:99:5a:
                    6f:36:80:ea:96:ed:87:e6:c3:67:c1:80:03:11:9b:
                    63:9b:e7:b3:53:05:d3:e0:9c:45:33:58:79:dc:83:
                    53:ee:6a:be:0f:57:b1:f9:6d:39:38:e9:6a:b5:6c:
                    f5:9b:be:a7:30:fd:25:85:c8:34:38:fb:8a:3c:cb:
                    69:37:69:72:77:82:74:ce:ca:d0:06:d8:3c:bb:0d:
                    d7:59:39:54:cf:9e:1a:9a:96:3a:b8:ac:90:8c:a2:
                    89:ea:ae:e6:26:f5:26:5d:ee:f2:44:52:8a:58:4e:
                    4a:13:98:7d:80:c3:f4:ab:9b:f8:50:ff:59:26:18:
                    2a:6d:dd:da:d7:a0:8a:5d:15:9b:5a:17:54:35:21:
                    9d:c5:1e:f5:8c:2c:7f:e7:48:c7:89:73:56:74:9c:
                    f3:7a:06:f5:7c:76:7a:a2:20:0a:49:ae:0f:e6:c1:
                    8e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:1E:16:CE:A1:57:2E:6B:C7:42:2E:A8:BC:EC:27:93:27:71:35:BA
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/FB4WzqFXLmvHQi6ovOwnkydxNbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:b6:28:6c:1d:d3:a5:36:6c:fc:ad:cf:75:a9:fc:f8:c2:08:
         bf:c9:30:0f:04:0b:57:37:7b:c6:6a:54:9c:a1:b0:76:49:94:
         ec:89:a2:23:59:db:fc:00:41:6d:44:52:b4:82:61:8d:94:aa:
         cc:70:48:64:ed:f6:b4:97:ed:f8:2a:09:a9:26:ea:0f:35:50:
         2b:9e:9b:bd:e0:ee:11:22:c6:1f:8a:8c:26:85:fe:72:19:b3:
         84:ce:ce:6e:f7:b4:6d:05:e0:af:1f:1b:67:43:7a:e1:45:95:
         e6:9b:ea:d6:c1:58:e7:67:fb:a3:fd:3f:d0:0f:c5:90:9f:54:
         21:e2:0d:e4:5a:72:11:3d:23:73:63:ad:4b:4f:c2:c6:1a:7f:
         5b:6b:33:d0:50:5a:03:ec:91:cc:52:7f:e2:b1:3a:56:f4:d3:
         c1:d2:cd:d2:ad:a4:cc:0a:6c:47:b0:9f:f5:19:f7:fc:81:4b:
         d7:ef:b3:c9:09:d8:aa:9c:fd:29:b0:21:c8:6d:9e:17:0f:84:
         1b:81:d2:10:bd:ba:29:11:41:50:39:1e:c8:9e:8e:b2:49:69:
         7b:0c:e5:8f:ff:e5:b1:02:c3:46:e0:61:7a:49:c6:b5:ec:c2:
         0b:52:ca:77:45:66:28:42:f2:02:08:34:15:0f:88:1b:44:32:
         87:21:dd:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZipRFe43Ln8AwUOlM2RT65rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwODE0MTU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDFlMTZjZWExNTcyZTZiYzc0MjJlYThiY2VjMjc5MzI3NzEzNWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZmcbKw/Wk58/2Yl4IrbEKKxzpcu
CxVIL6JaO6BbqXnvA61GgRxyG4y9Dz6nSreAe4wG39ClliyYmy5DetMOOl3FJ8sT
F/DVeifdVZC8jLG+CrFn3KeHmVpvNoDqlu2H5sNnwYADEZtjm+ezUwXT4JxFM1h5
3INT7mq+D1ex+W05OOlqtWz1m76nMP0lhcg0OPuKPMtpN2lyd4J0zsrQBtg8uw3X
WTlUz54ampY6uKyQjKKJ6q7mJvUmXe7yRFKKWE5KE5h9gMP0q5v4UP9ZJhgqbd3a
16CKXRWbWhdUNSGdxR71jCx/50jHiXNWdJzzegb1fHZ6oiAKSa4P5sGOxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQeFs6hVy5rx0IuqLzsJ5MncTW6MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRkI0V3pxRlhMbXZIUWk2b3ZPd25reWR4TmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXRMA0G
CSqGSIb3DQEBCwUAA4IBAQBetihsHdOlNmz8rc91qfz4wgi/yTAPBAtXN3vGalSc
obB2SZTsiaIjWdv8AEFtRFK0gmGNlKrMcEhk7fa0l+34KgmpJuoPNVArnpu94O4R
IsYfiowmhf5yGbOEzs5u97RtBeCvHxtnQ3rhRZXmm+rWwVjnZ/uj/T/QD8WQn1Qh
4g3kWnIRPSNzY61LT8LGGn9bazPQUFoD7JHMUn/isTpW9NPB0s3SraTMCmxHsJ/1
Gff8gUvX77PJCdiqnP0psCHIbZ4XD4QbgdIQvbopEUFQOR7Ino6ySWl7DOWP/+Wx
AsNG4GF6Sca17MILUsp3RWYoQvICCDQVD4gbRDKHId2q
-----END CERTIFICATE-----