Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GByQILGx0HGqla4YFcFgY5JzwDg.roa
File:                     GByQILGx0HGqla4YFcFgY5JzwDg.roa (raw, json)
Hash identifier:          fRQAIZHhs4DXbGFBZUfmSelY7D8RHYiKDxDSHoAAtkg=
Subject key identifier:   18:1C:90:20:B1:B1:D0:71:AA:95:AE:18:15:C1:60:63:92:73:C0:38
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0198C1045AC2E57338D8DEF5B6ADC7FC2802
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GByQILGx0HGqla4YFcFgY5JzwDg.roa
Signing time:             Tue 19 Aug 2025 06:29:04 +0000
ROA not before:           Tue 19 Aug 2025 06:29:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203058
IP address blocks:        163.5.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c1:04:5a:c2:e5:73:38:d8:de:f5:b6:ad:c7:fc:28:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug 19 06:29:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=181c9020b1b1d071aa95ae1815c160639273c038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6d:57:c2:89:18:c9:23:f6:38:68:f9:d8:fa:
                    9a:55:ce:ea:a3:93:d2:d6:11:5b:b0:c4:f4:d0:16:
                    45:23:db:44:cb:bf:c2:46:e9:9b:21:07:f7:f6:8d:
                    62:25:ea:db:6d:bf:18:24:b3:22:33:f0:cd:85:1f:
                    b7:a8:a7:88:24:69:6f:82:eb:53:97:af:c8:ae:b9:
                    fc:29:47:20:02:8c:3e:ed:40:e3:c5:9d:a1:e6:2f:
                    f5:fe:d7:b8:e5:fc:8c:cb:9f:59:d6:97:28:d5:a1:
                    36:e7:22:c4:86:82:39:0a:a0:05:d0:9f:78:4e:4d:
                    30:f0:4f:75:a2:38:a2:21:25:26:36:a7:46:82:02:
                    6e:a3:63:d3:67:55:1f:0d:b4:22:0b:28:a3:a9:a6:
                    9e:82:3f:d4:f4:cf:95:93:18:f4:8b:c0:f4:7a:fe:
                    72:e6:3b:07:c8:43:42:2d:10:ea:94:86:34:c1:7d:
                    9c:52:13:33:d8:54:ab:c5:c4:ee:53:20:52:2c:21:
                    2a:30:7c:4d:3a:1d:73:b9:c2:88:e7:4b:e9:f9:33:
                    a5:aa:6c:6c:1d:f2:0e:08:7e:2d:be:05:4f:35:9c:
                    aa:f1:7f:69:d0:d0:7a:40:93:f9:cb:3a:bc:46:29:
                    d6:e4:02:95:3d:cb:e4:ac:e8:ef:e7:18:d2:65:55:
                    3f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:1C:90:20:B1:B1:D0:71:AA:95:AE:18:15:C1:60:63:92:73:C0:38
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GByQILGx0HGqla4YFcFgY5JzwDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:f2:c8:8c:b2:ed:56:fe:04:77:2f:2a:06:89:41:b5:77:da:
         01:c8:26:1e:29:32:84:b7:10:0f:5f:09:65:86:60:46:49:03:
         55:56:fb:b5:43:c8:d3:4c:00:3b:31:44:4c:88:b1:b0:74:a6:
         ab:a8:90:a8:6c:bc:e4:dc:e4:b0:43:58:cb:0a:13:a8:60:74:
         09:2f:44:aa:44:84:9b:95:c8:07:86:14:57:f9:0d:39:df:1a:
         7d:1c:ce:24:b4:59:40:8d:82:00:5a:3a:67:74:af:04:15:1f:
         4b:8a:d5:4a:5b:97:d5:cd:32:dd:21:1d:63:4f:fc:df:8c:2a:
         5f:93:4a:81:8f:a0:8f:47:e2:98:b6:15:85:b9:b9:fb:0e:92:
         56:66:f7:86:d7:80:71:bb:89:db:0f:b3:b7:86:1e:2f:3d:07:
         ac:61:18:5c:a7:eb:05:82:96:39:c5:51:b9:be:b6:bc:2e:d8:
         cf:86:02:36:64:57:5f:ec:8f:de:d1:48:ef:31:e8:df:89:14:
         00:b5:8d:d0:e9:5a:c4:52:cc:3b:33:e3:b2:3a:7f:cd:7f:c6:
         d0:50:c7:d7:cd:d9:e7:a7:86:99:74:a3:be:31:18:c3:3f:5e:
         f1:ae:41:f1:d5:32:2c:e6:b4:80:7a:9b:32:9d:0e:f3:c2:27:
         b8:97:50:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjBBFrC5XM42N71tq3H/CgCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwODE5MDYyOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODFjOTAyMGIxYjFkMDcxYWE5NWFlMTgxNWMxNjA2MzkyNzNjMDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnm1XwokYySP2OGj52PqaVc7qo5PS
1hFbsMT00BZFI9tEy7/CRumbIQf39o1iJerbbb8YJLMiM/DNhR+3qKeIJGlvgutT
l6/Irrn8KUcgAow+7UDjxZ2h5i/1/te45fyMy59Z1pco1aE25yLEhoI5CqAF0J94
Tk0w8E91ojiiISUmNqdGggJuo2PTZ1UfDbQiCyijqaaegj/U9M+Vkxj0i8D0ev5y
5jsHyENCLRDqlIY0wX2cUhMz2FSrxcTuUyBSLCEqMHxNOh1zucKI50vp+TOlqmxs
HfIOCH4tvgVPNZyq8X9p0NB6QJP5yzq8RinW5AKVPcvkrOjv5xjSZVU/7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgckCCxsdBxqpWuGBXBYGOSc8A4MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvR0J5UUlMR3gwSEdxbGE0WUZjRmdZNUp6d0RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVUMA0G
CSqGSIb3DQEBCwUAA4IBAQBY8siMsu1W/gR3LyoGiUG1d9oByCYeKTKEtxAPXwll
hmBGSQNVVvu1Q8jTTAA7MURMiLGwdKarqJCobLzk3OSwQ1jLChOoYHQJL0SqRISb
lcgHhhRX+Q053xp9HM4ktFlAjYIAWjpndK8EFR9LitVKW5fVzTLdIR1jT/zfjCpf
k0qBj6CPR+KYthWFubn7DpJWZveG14Bxu4nbD7O3hh4vPQesYRhcp+sFgpY5xVG5
vra8LtjPhgI2ZFdf7I/e0UjvMejfiRQAtY3Q6VrEUsw7M+OyOn/Nf8bQUMfXzdnn
p4aZdKO+MRjDP17xrkHx1TIs5rSAepsynQ7zwie4l1AO
-----END CERTIFICATE-----