Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/HjSDOQy-IELaz34SQhyekwfLW84.roa
File:                     HjSDOQy-IELaz34SQhyekwfLW84.roa (raw, json)
Hash identifier:          epUn0LYxLjyiqq4Zkm9acCLVnhIL0FxFfhAnpEW6gpI=
Subject key identifier:   1E:34:83:39:0C:BE:20:42:DA:CF:7E:12:42:1C:9E:93:07:CB:5B:CE
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CE26E17A70ABB1A7861C4FE444BBE3AEA
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/HjSDOQy-IELaz34SQhyekwfLW84.roa
Signing time:             Thu 12 Mar 2026 14:23:11 +0000
ROA not before:           Thu 12 Mar 2026 14:23:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        163.5.136.0/24 maxlen: 24
                          163.5.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:6e:17:a7:0a:bb:1a:78:61:c4:fe:44:4b:be:3a:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 12 14:23:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e3483390cbe2042dacf7e12421c9e9307cb5bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:41:2d:87:d3:18:57:29:f6:9d:a1:3f:4a:0e:
                    5c:9b:45:f9:18:71:2f:a6:f5:ec:f7:92:9a:ab:2e:
                    14:e4:a0:35:e7:5b:c1:20:90:cc:81:21:d6:a9:8e:
                    11:75:61:71:72:37:65:d7:bb:2e:8b:87:99:d1:0f:
                    b9:ec:ce:31:c7:6e:99:b3:ec:df:b8:14:50:79:1f:
                    04:38:e7:8f:b3:b1:86:13:1d:59:84:45:78:ca:d4:
                    79:08:45:ef:8b:96:3c:db:56:d9:a6:da:b5:f0:eb:
                    bd:43:f6:5e:6d:e7:11:ac:5b:df:e9:d3:fa:27:4e:
                    6d:53:47:70:1c:0e:63:f0:13:8b:15:d4:da:ab:df:
                    dc:a0:70:ba:7f:e9:48:83:ce:3d:6d:8d:55:d0:8d:
                    fd:bf:45:ea:e0:88:fd:1d:32:4a:32:08:dc:4d:ac:
                    3f:4c:b8:5b:20:63:a5:1c:63:ce:1c:f7:56:20:9b:
                    72:9c:05:96:26:d1:e7:52:1e:6d:30:51:32:2d:68:
                    b4:95:8e:f1:fc:42:62:63:a2:1f:02:20:73:b9:ba:
                    41:2e:a5:94:94:f8:8c:c4:ee:cd:9b:fd:11:c8:1f:
                    67:de:17:dd:72:b8:88:36:06:64:bd:03:3e:46:1f:
                    f2:4a:33:d7:8e:03:5e:28:47:78:07:99:a7:a8:6f:
                    0b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:34:83:39:0C:BE:20:42:DA:CF:7E:12:42:1C:9E:93:07:CB:5B:CE
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/HjSDOQy-IELaz34SQhyekwfLW84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.136.0/24
                  163.5.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:f1:71:56:47:b5:82:98:b5:76:4c:7e:0c:6e:42:7b:2b:b8:
         27:04:51:f8:57:ae:c7:d2:bc:fb:3e:0b:92:f0:82:16:ef:8f:
         1c:44:cd:23:c5:ce:97:16:0e:2c:d6:08:ae:3e:57:8c:b9:dc:
         12:1a:cf:ce:83:79:24:e7:bf:ea:3b:a8:6c:16:71:60:bb:9c:
         bd:bc:f3:c6:e6:c5:32:72:33:af:03:22:c0:b1:a3:23:6a:8e:
         ee:34:6a:48:43:50:f7:63:4f:82:17:b5:4d:55:5d:6f:fc:ae:
         f5:42:09:b6:74:25:cd:5f:f6:23:5c:34:c9:5a:2a:02:e1:ee:
         d3:c1:16:2a:bc:92:25:32:a3:8f:d5:53:6f:05:b8:4e:53:5b:
         64:18:77:fe:ad:59:91:7e:48:c0:61:98:63:96:2e:3f:b7:e3:
         23:bf:49:cf:83:4c:b6:26:c2:f0:cf:24:64:11:e4:e1:24:15:
         1d:06:85:8c:1a:51:18:42:4b:9c:af:3f:30:c4:44:55:7a:5d:
         4f:44:bd:90:bb:0d:35:b4:85:b4:7c:9e:62:21:e1:e6:6f:40:
         1a:21:d8:77:fc:5f:f1:9a:8a:24:6e:2d:d4:69:d3:d1:54:a0:
         de:e2:c9:97:f7:0c:4a:63:ec:6f:2e:b7:0a:09:2b:2f:c3:d5:
         35:d7:b1:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzibhenCrsaeGHE/kRLvjrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzEyMTQyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTM0ODMzOTBjYmUyMDQyZGFjZjdlMTI0MjFjOWU5MzA3Y2I1YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEEth9MYVyn2naE/Sg5cm0X5GHEv
pvXs95Kaqy4U5KA151vBIJDMgSHWqY4RdWFxcjdl17sui4eZ0Q+57M4xx26Zs+zf
uBRQeR8EOOePs7GGEx1ZhEV4ytR5CEXvi5Y821bZptq18Ou9Q/ZebecRrFvf6dP6
J05tU0dwHA5j8BOLFdTaq9/coHC6f+lIg849bY1V0I39v0Xq4Ij9HTJKMgjcTaw/
TLhbIGOlHGPOHPdWIJtynAWWJtHnUh5tMFEyLWi0lY7x/EJiY6IfAiBzubpBLqWU
lPiMxO7Nm/0RyB9n3hfdcriINgZkvQM+Rh/ySjPXjgNeKEd4B5mnqG8LtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB40gzkMviBC2s9+EkIcnpMHy1vOMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSGpTRE9ReS1JRUxhejM0U1FoeWVrd2ZMVzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowWIAwQA
owWhMA0GCSqGSIb3DQEBCwUAA4IBAQCD8XFWR7WCmLV2TH4MbkJ7K7gnBFH4V67H
0rz7PguS8IIW748cRM0jxc6XFg4s1giuPleMudwSGs/Og3kk57/qO6hsFnFgu5y9
vPPG5sUycjOvAyLAsaMjao7uNGpIQ1D3Y0+CF7VNVV1v/K71Qgm2dCXNX/YjXDTJ
WioC4e7TwRYqvJIlMqOP1VNvBbhOU1tkGHf+rVmRfkjAYZhjli4/t+Mjv0nPg0y2
JsLwzyRkEeThJBUdBoWMGlEYQkucrz8wxERVel1PRL2Quw01tIW0fJ5iIeHmb0Aa
Idh3/F/xmookbi3UadPRVKDe4smX9wxKY+xvLrcKCSsvw9U117GI
-----END CERTIFICATE-----