Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QTk67r5l4rto3zj5tNJxjqj_aX0.roa
File:                     QTk67r5l4rto3zj5tNJxjqj_aX0.roa (raw, json)
Hash identifier:          gjA2K95cuIUBWe7a1o6LY4DnOgduZQCEyfYO/vE+pMo=
Subject key identifier:   41:39:3A:EE:BE:65:E2:BB:68:DF:38:F9:B4:D2:71:8E:A8:FF:69:7D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0197B76F202FBAF58B104876ADFA1C03D0DC
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QTk67r5l4rto3zj5tNJxjqj_aX0.roa
Signing time:             Sat 28 Jun 2025 16:46:42 +0000
ROA not before:           Sat 28 Jun 2025 16:46:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214311
IP address blocks:        163.5.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b7:6f:20:2f:ba:f5:8b:10:48:76:ad:fa:1c:03:d0:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun 28 16:46:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41393aeebe65e2bb68df38f9b4d2718ea8ff697d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cd:9d:0b:ff:28:21:7c:05:51:52:f0:c4:bc:
                    6f:99:b9:73:d3:50:4f:53:ce:13:7e:b3:a4:8e:43:
                    49:fc:66:28:a4:75:66:d4:a9:be:a1:28:be:2a:00:
                    30:f4:a1:7f:06:78:a5:26:7a:a8:d9:4e:7a:79:45:
                    ce:c4:bf:0a:4f:bc:05:cc:73:1a:b0:d2:1c:f3:57:
                    21:84:36:e3:39:3b:83:52:5a:1d:3b:50:e8:65:f9:
                    cc:87:f5:29:cb:57:be:8f:2b:34:08:92:0f:ec:3a:
                    a6:dd:1f:01:4f:06:d9:ed:8c:6f:20:6a:0e:a7:cd:
                    63:3a:0d:7d:40:63:16:c9:2a:2f:1b:ea:e2:63:bb:
                    da:ef:4b:2f:aa:6d:88:7b:7c:e9:83:98:6b:2c:5a:
                    67:79:26:b2:ef:74:e1:d7:e4:e1:6b:5d:2d:83:6c:
                    5d:5c:7a:4d:32:f5:43:40:48:4b:82:1a:b9:a5:36:
                    46:e8:3d:ce:37:fc:dd:d5:a5:6a:4f:39:30:d8:ce:
                    20:6e:09:4c:13:df:e9:67:08:c5:1b:88:b8:4c:32:
                    57:8e:90:53:ac:70:5a:36:c7:c6:56:f3:8e:6d:41:
                    b8:a4:0b:e2:39:86:9c:aa:7a:03:11:0f:21:f6:c8:
                    49:58:b2:fb:52:5e:a2:bd:c5:fb:79:2a:31:79:5f:
                    ce:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:39:3A:EE:BE:65:E2:BB:68:DF:38:F9:B4:D2:71:8E:A8:FF:69:7D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QTk67r5l4rto3zj5tNJxjqj_aX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:61:7a:7d:88:05:d9:04:61:54:af:dd:23:58:e6:c4:48:57:
         c2:3a:2f:dd:ca:2c:95:8f:ea:37:28:03:d7:00:b0:e1:60:6b:
         95:92:b3:13:7f:7c:65:3f:d5:15:c7:a3:90:68:a5:59:4a:52:
         6f:65:24:a3:3f:00:53:b8:da:6c:c3:99:36:0e:af:7a:9f:5f:
         e7:d1:06:6d:81:e0:4f:28:0f:fe:57:a8:6e:0f:07:5b:b5:e7:
         59:9e:71:9f:4b:78:ce:c8:e2:bb:24:f2:e0:4c:f2:4c:46:f6:
         a9:f8:2c:77:d7:2f:22:41:d9:9f:86:9d:b1:64:7e:79:b5:bf:
         24:e2:38:49:3f:36:a0:0e:66:87:38:24:2d:0b:41:d9:42:a4:
         3f:9e:dd:88:b3:99:19:68:45:d6:53:16:89:fe:f0:fe:3b:33:
         c7:0c:ed:25:49:37:cd:50:5f:de:e8:19:03:62:ef:12:7c:79:
         0b:e1:7e:b5:34:93:24:8e:30:9d:62:b1:f5:96:04:30:e4:1d:
         42:f2:f2:a3:f6:27:8f:7d:95:69:17:b1:a6:cf:3b:96:67:93:
         3f:54:45:f5:92:df:f9:89:7d:37:e3:c0:c8:dc:f0:10:b0:b8:
         ae:5e:dd:27:eb:13:5f:d3:7e:a7:9a:fe:fd:26:3f:ce:27:5d:
         28:07:d6:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe3byAvuvWLEEh2rfocA9DcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNjI4MTY0NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTM5M2FlZWJlNjVlMmJiNjhkZjM4ZjliNGQyNzE4ZWE4ZmY2OTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo82dC/8oIXwFUVLwxLxvmblz01BP
U84TfrOkjkNJ/GYopHVm1Km+oSi+KgAw9KF/BnilJnqo2U56eUXOxL8KT7wFzHMa
sNIc81chhDbjOTuDUlodO1DoZfnMh/Upy1e+jys0CJIP7Dqm3R8BTwbZ7YxvIGoO
p81jOg19QGMWySovG+riY7va70svqm2Ie3zpg5hrLFpneSay73Th1+Tha10tg2xd
XHpNMvVDQEhLghq5pTZG6D3ON/zd1aVqTzkw2M4gbglME9/pZwjFG4i4TDJXjpBT
rHBaNsfGVvOObUG4pAviOYacqnoDEQ8h9shJWLL7Ul6ivcX7eSoxeV/OfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEE5Ou6+ZeK7aN84+bTScY6o/2l9MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUVRrNjdyNWw0cnRvM3pqNXROSnhqcWpfYVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVtMA0G
CSqGSIb3DQEBCwUAA4IBAQBjYXp9iAXZBGFUr90jWObESFfCOi/dyiyVj+o3KAPX
ALDhYGuVkrMTf3xlP9UVx6OQaKVZSlJvZSSjPwBTuNpsw5k2Dq96n1/n0QZtgeBP
KA/+V6huDwdbtedZnnGfS3jOyOK7JPLgTPJMRvap+Cx31y8iQdmfhp2xZH55tb8k
4jhJPzagDmaHOCQtC0HZQqQ/nt2Is5kZaEXWUxaJ/vD+OzPHDO0lSTfNUF/e6BkD
Yu8SfHkL4X61NJMkjjCdYrH1lgQw5B1C8vKj9iePfZVpF7GmzzuWZ5M/VEX1kt/5
iX0348DI3PAQsLiuXt0n6xNf036nmv79Jj/OJ10oB9ar
-----END CERTIFICATE-----