Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Qo1vK_Urn8m1Hd8blk1-VKqTLQs.roa
File:                     Qo1vK_Urn8m1Hd8blk1-VKqTLQs.roa (raw, json)
Hash identifier:          AiiX4RSabLIwzWpkCouvH2AgmGmR1upyeQvUQcZ7nXE=
Subject key identifier:   42:8D:6F:2B:F5:2B:9F:C9:B5:1D:DF:1B:96:4D:7E:54:AA:93:2D:0B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01997211A894862225D05FA3D83AAC45E057
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Qo1vK_Urn8m1Hd8blk1-VKqTLQs.roa
Signing time:             Mon 22 Sep 2025 15:36:23 +0000
ROA not before:           Mon 22 Sep 2025 15:36:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        163.5.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:55:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:72:11:a8:94:86:22:25:d0:5f:a3:d8:3a:ac:45:e0:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 22 15:36:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=428d6f2bf52b9fc9b51ddf1b964d7e54aa932d0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6c:95:25:08:9b:c1:0a:03:01:a7:53:96:cd:
                    26:f6:b9:1e:75:5f:8a:57:b4:c9:8c:6e:75:7d:53:
                    16:3c:ab:36:2c:08:1f:70:73:ff:c8:8f:5b:2f:76:
                    b9:9c:6c:3e:04:3f:b2:00:74:8a:cb:2f:4c:b8:0c:
                    02:c1:2e:94:d1:14:81:c6:3e:53:fc:68:42:31:8c:
                    8c:86:80:a3:72:8b:c4:ff:f8:8c:42:00:bb:0f:1f:
                    b1:a8:38:7b:8b:aa:ae:a8:08:98:fc:e9:9a:9b:be:
                    76:cb:31:f5:1f:eb:f8:62:b0:f1:ec:c0:19:34:eb:
                    2c:c6:09:ee:49:75:ee:23:1d:09:16:87:9e:d4:bc:
                    31:af:a9:66:40:1d:74:bb:d4:15:b2:3a:0d:3b:fd:
                    5a:26:db:b0:33:f2:dd:a1:94:a4:f0:de:5e:55:29:
                    71:ea:32:87:b2:65:f5:3f:48:c9:18:2b:a9:6c:eb:
                    65:ac:b3:4f:19:8f:08:8d:ad:3d:d7:79:b0:11:05:
                    70:6e:93:84:8d:8b:33:0d:f1:38:e6:b4:61:2e:38:
                    d4:a0:da:b7:3c:fd:34:b3:2d:75:38:a7:e7:42:7a:
                    9b:7a:c0:b0:db:db:1b:cd:5a:3c:3f:73:f6:18:31:
                    27:85:87:25:04:50:a3:56:bb:ca:87:11:14:7f:4e:
                    b2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:8D:6F:2B:F5:2B:9F:C9:B5:1D:DF:1B:96:4D:7E:54:AA:93:2D:0B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Qo1vK_Urn8m1Hd8blk1-VKqTLQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:88:24:c7:1e:72:4b:6f:da:e0:dd:ce:15:97:64:85:a8:5d:
         e9:94:95:d8:df:ae:05:37:5c:fd:21:f3:6f:30:d1:f2:e7:c7:
         c7:f4:58:27:3b:48:84:ff:0e:8f:04:4e:85:04:04:82:ee:5e:
         c9:16:8f:3d:16:d1:fc:da:6d:0c:bd:50:61:e2:26:6b:ec:c0:
         d6:07:f5:ec:de:06:bb:3f:e6:6a:02:45:0e:ca:c9:62:a9:a3:
         73:d0:3e:be:37:ae:af:fa:fb:86:f7:ad:70:4b:d2:f1:41:19:
         63:cc:17:07:fa:6f:06:f2:6f:09:3d:3e:bc:d0:9c:8d:7b:4a:
         c3:92:45:e3:dd:34:6b:e4:22:2c:33:63:23:67:ca:70:e6:1d:
         43:8f:1e:ba:ec:3c:c2:d9:3e:90:7e:42:0e:68:28:13:31:b8:
         fd:e9:23:4c:d0:6d:82:02:ce:28:e0:af:08:ec:2f:f1:b4:d6:
         5a:4c:1e:fe:12:5f:19:89:ea:16:a9:2d:bb:b8:68:04:e8:8a:
         6d:d3:7f:f8:ae:96:03:84:43:64:84:22:8f:4a:a3:45:2f:86:
         7f:88:cf:5b:00:40:22:70:a9:49:4b:fb:8a:a2:f8:c0:38:53:
         d4:1f:f9:05:1a:f0:c7:f9:9b:e1:ab:be:f1:19:8f:37:49:8d:
         c5:e9:e7:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlyEaiUhiIl0F+j2DqsReBXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwOTIyMTUzNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjhkNmYyYmY1MmI5ZmM5YjUxZGRmMWI5NjRkN2U1NGFhOTMyZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WyVJQibwQoDAadTls0m9rkedV+K
V7TJjG51fVMWPKs2LAgfcHP/yI9bL3a5nGw+BD+yAHSKyy9MuAwCwS6U0RSBxj5T
/GhCMYyMhoCjcovE//iMQgC7Dx+xqDh7i6quqAiY/Omam752yzH1H+v4YrDx7MAZ
NOssxgnuSXXuIx0JFoee1Lwxr6lmQB10u9QVsjoNO/1aJtuwM/LdoZSk8N5eVSlx
6jKHsmX1P0jJGCupbOtlrLNPGY8Ija0913mwEQVwbpOEjYszDfE45rRhLjjUoNq3
PP00sy11OKfnQnqbesCw29sbzVo8P3P2GDEnhYclBFCjVrvKhxEUf06ywwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKNbyv1K5/JtR3fG5ZNflSqky0LMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUW8xdktfVXJuOG0xSGQ4YmxrMS1WS3FUTFFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUvMA0G
CSqGSIb3DQEBCwUAA4IBAQCuiCTHHnJLb9rg3c4Vl2SFqF3plJXY364FN1z9IfNv
MNHy58fH9FgnO0iE/w6PBE6FBASC7l7JFo89FtH82m0MvVBh4iZr7MDWB/Xs3ga7
P+ZqAkUOysliqaNz0D6+N66v+vuG961wS9LxQRljzBcH+m8G8m8JPT680JyNe0rD
kkXj3TRr5CIsM2MjZ8pw5h1Djx667DzC2T6QfkIOaCgTMbj96SNM0G2CAs4o4K8I
7C/xtNZaTB7+El8ZieoWqS27uGgE6Ipt03/4rpYDhENkhCKPSqNFL4Z/iM9bAEAi
cKlJS/uKovjAOFPUH/kFGvDH+Zvhq77xGY83SY3F6ecM
-----END CERTIFICATE-----