Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Jq05giC0TOrt7_62HTlDdPzqdRk.roa
File:                     Jq05giC0TOrt7_62HTlDdPzqdRk.roa (raw, json)
Hash identifier:          ARUi6h+QYoDpI1LC/Zm92i3+5CMokvgrnBuiYzTLv0k=
Subject key identifier:   26:AD:39:82:20:B4:4C:EA:ED:EF:FE:B6:1D:39:43:74:FC:EA:75:19
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CC399935E8DF34AA10F9CE2D5AAE8FF55
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Jq05giC0TOrt7_62HTlDdPzqdRk.roa
Signing time:             Fri 06 Mar 2026 14:42:27 +0000
ROA not before:           Fri 06 Mar 2026 14:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204765
IP address blocks:        163.5.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:99:93:5e:8d:f3:4a:a1:0f:9c:e2:d5:aa:e8:ff:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar  6 14:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26ad398220b44ceaedeffeb61d394374fcea7519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c8:07:34:7f:fc:c2:56:cd:d4:c7:6b:c3:f8:
                    09:c5:e0:cc:36:08:25:5e:b2:a2:fe:3e:78:ad:c4:
                    c6:93:56:02:f7:20:e7:ab:73:fc:ab:49:f9:aa:d0:
                    b2:b1:da:60:ff:6b:92:31:77:6e:52:1b:d3:5f:5e:
                    4d:86:16:9b:63:85:7c:8d:96:90:b7:c0:08:6d:cf:
                    3c:e2:20:6a:02:70:03:94:2c:5a:43:0e:15:13:2f:
                    b0:85:78:f4:9b:29:d0:91:d4:80:90:b2:64:42:1c:
                    a3:bf:8a:bd:29:c7:9a:a9:84:d1:7e:e4:f2:4f:a7:
                    52:4d:ff:a9:d2:b5:62:bf:f4:0a:f9:68:59:43:02:
                    31:db:b6:46:ec:18:af:d9:82:3b:fa:a0:98:2f:b2:
                    a5:1a:22:15:22:51:8d:32:17:2c:9d:30:58:6b:f5:
                    c6:66:32:11:f8:b5:f6:12:bb:17:97:2a:c1:2e:8c:
                    1c:94:1f:e8:fd:9e:6a:fd:ea:df:e6:fd:46:1b:73:
                    63:c1:86:e3:4e:c0:7b:ee:09:44:cb:53:9a:cd:63:
                    cf:6d:36:9e:ef:52:3d:9a:a2:37:a9:f0:fa:b5:61:
                    a9:a6:85:46:93:c5:de:a2:53:09:0a:45:cc:ec:f2:
                    6d:62:b2:f7:43:21:ed:9b:21:45:78:bb:eb:d2:39:
                    b2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:AD:39:82:20:B4:4C:EA:ED:EF:FE:B6:1D:39:43:74:FC:EA:75:19
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Jq05giC0TOrt7_62HTlDdPzqdRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:da:f4:99:e2:ef:21:90:87:ea:b4:74:92:d7:9e:d7:28:ef:
         0a:8d:08:dd:f8:cc:63:7b:4f:11:46:40:9d:fd:fb:94:03:1e:
         4a:80:c3:1f:97:dd:5d:ef:c4:50:9d:85:60:da:be:34:d8:93:
         5c:62:1c:8f:86:7e:78:ac:51:fb:b2:12:59:21:04:65:04:e2:
         91:f2:2b:2a:69:95:79:39:f6:2e:e7:5f:b7:dc:87:c4:15:07:
         49:67:09:fa:55:d0:d0:96:f4:54:e8:27:2b:2d:91:ab:51:1b:
         e6:59:22:e4:18:86:ec:6f:eb:dd:45:31:29:16:3e:ca:59:a9:
         51:fe:bb:d5:e0:2a:60:eb:9d:b8:6a:dd:fe:cb:3a:39:de:43:
         80:35:59:62:b0:3f:ac:09:4b:5b:d0:ea:2f:eb:48:1e:18:8b:
         54:88:57:9a:b9:0e:ec:32:a4:42:fa:ce:c3:a7:69:34:b7:3a:
         15:1c:f0:21:0e:ad:f6:44:e8:b3:df:48:ff:2f:97:2f:f8:2d:
         2a:98:17:a3:90:7e:c9:00:f7:0a:29:01:75:d3:15:f7:4b:88:
         2b:d6:ef:5d:38:88:5c:57:f8:35:27:b8:18:c5:90:8f:96:8d:
         f6:35:ad:f0:db:ca:7b:2d:8a:6f:92:05:77:d1:3f:bf:6c:60:
         67:49:cb:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzDmZNejfNKoQ+c4tWq6P9VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzA2MTQ0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmFkMzk4MjIwYjQ0Y2VhZWRlZmZlYjYxZDM5NDM3NGZjZWE3NTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMgHNH/8wlbN1Mdrw/gJxeDMNggl
XrKi/j54rcTGk1YC9yDnq3P8q0n5qtCysdpg/2uSMXduUhvTX15NhhabY4V8jZaQ
t8AIbc884iBqAnADlCxaQw4VEy+whXj0mynQkdSAkLJkQhyjv4q9KceaqYTRfuTy
T6dSTf+p0rViv/QK+WhZQwIx27ZG7Biv2YI7+qCYL7KlGiIVIlGNMhcsnTBYa/XG
ZjIR+LX2ErsXlyrBLowclB/o/Z5q/erf5v1GG3NjwYbjTsB77glEy1OazWPPbTae
71I9mqI3qfD6tWGppoVGk8XeolMJCkXM7PJtYrL3QyHtmyFFeLvr0jmylQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCatOYIgtEzq7e/+th05Q3T86nUZMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSnEwNWdpQzBUT3J0N182MkhUbERkUHpxZFJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUcMA0G
CSqGSIb3DQEBCwUAA4IBAQAt2vSZ4u8hkIfqtHSS157XKO8KjQjd+Mxje08RRkCd
/fuUAx5KgMMfl91d78RQnYVg2r402JNcYhyPhn54rFH7shJZIQRlBOKR8isqaZV5
OfYu51+33IfEFQdJZwn6VdDQlvRU6CcrLZGrURvmWSLkGIbsb+vdRTEpFj7KWalR
/rvV4Cpg6524at3+yzo53kOANVlisD+sCUtb0Oov60geGItUiFeauQ7sMqRC+s7D
p2k0tzoVHPAhDq32ROiz30j/L5cv+C0qmBejkH7JAPcKKQF10xX3S4gr1u9dOIhc
V/g1J7gYxZCPlo32Na3w28p7LYpvkgV30T+/bGBnScsM
-----END CERTIFICATE-----