Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TZNZJcViMR3lHwF4XD3KD1T0QLQ.roa
File:                     TZNZJcViMR3lHwF4XD3KD1T0QLQ.roa (raw, json)
Hash identifier:          crnMtTWXhHqQCPKceSfjTsatV2L5/k3z+/qXiFMEP8k=
Subject key identifier:   4D:93:59:25:C5:62:31:1D:E5:1F:01:78:5C:3D:CA:0F:54:F4:40:B4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0198A333E99C1618EBA8D0FF0CBC22D35399
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TZNZJcViMR3lHwF4XD3KD1T0QLQ.roa
Signing time:             Wed 13 Aug 2025 11:32:24 +0000
ROA not before:           Wed 13 Aug 2025 11:32:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214311
IP address blocks:        163.5.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:33:e9:9c:16:18:eb:a8:d0:ff:0c:bc:22:d3:53:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug 13 11:32:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d935925c562311de51f01785c3dca0f54f440b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:39:90:2f:18:f5:8d:34:06:a5:18:c9:21:87:
                    11:8c:e2:e3:42:0e:bb:3e:20:16:f7:ce:1a:b6:1f:
                    36:9d:40:95:b6:bb:1d:9a:2f:77:26:e1:4d:a1:65:
                    ee:e8:a2:ac:32:0f:70:0f:c1:79:f2:6f:13:2e:7a:
                    58:20:8e:7e:59:36:0c:60:bc:58:a1:75:cd:de:81:
                    8f:0b:55:4f:30:2b:4b:cf:e6:f9:4d:ac:e5:8b:d9:
                    bc:26:7b:35:e2:f6:21:b5:ee:24:82:b8:59:bb:10:
                    32:5a:51:1d:c9:17:19:c4:dc:89:a1:06:de:5f:ee:
                    e8:26:53:3d:ee:2a:61:0c:8a:0f:80:27:43:f1:08:
                    12:6f:6e:7d:89:43:6c:62:a4:68:60:a0:e5:87:97:
                    bf:d0:6a:35:41:cc:3a:50:c7:c0:07:b9:75:5c:24:
                    bb:1c:8a:e6:38:3d:a6:6d:70:8b:6e:ad:8d:1d:02:
                    42:7d:8c:94:42:9a:ca:5e:9f:b3:16:26:c4:15:9e:
                    51:9b:3e:47:3e:ae:8e:48:f2:06:81:b6:dc:78:6f:
                    8d:19:58:12:c5:eb:d6:57:d0:c4:cf:df:7b:31:30:
                    e8:b1:4d:c7:b1:6d:b6:17:60:fa:12:66:f3:b5:ba:
                    76:8a:59:5a:5e:31:b8:f5:1d:45:dc:db:37:b4:44:
                    4a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:93:59:25:C5:62:31:1D:E5:1F:01:78:5C:3D:CA:0F:54:F4:40:B4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TZNZJcViMR3lHwF4XD3KD1T0QLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:98:00:28:a9:ee:a6:b0:25:e8:7f:9c:32:cb:eb:2a:d7:b3:
         49:2a:66:cd:59:0f:f0:bb:37:83:0d:74:f6:8c:a4:ff:61:e3:
         90:8f:ac:e8:8f:d1:05:67:50:c7:41:20:e9:ae:f2:63:91:17:
         4b:e7:f7:e9:ec:7d:a9:5a:b3:c6:78:d9:42:3a:a0:89:62:ca:
         ea:ed:7d:af:42:ff:c4:ed:62:08:d8:50:18:c1:ee:8e:4a:ea:
         73:c1:79:a9:6e:e5:cd:00:be:25:b7:a4:a4:68:21:ad:b4:15:
         70:2c:43:2c:97:ba:1b:01:8b:13:35:7f:c4:be:8c:0f:a7:7d:
         22:88:29:90:03:61:ea:70:20:e5:48:5e:76:28:4d:e2:6a:de:
         b3:bd:10:43:ce:30:cf:9c:ae:6c:58:3e:e3:50:84:bf:26:cb:
         22:e5:a4:72:cb:b7:fb:87:47:0c:f9:b7:76:ef:3e:83:ed:f2:
         6c:0b:3f:fb:2a:b0:d4:be:15:6f:42:29:75:f6:de:85:b9:55:
         79:3d:90:ea:77:83:c5:80:64:61:8e:a8:04:fc:b4:a9:af:28:
         53:3d:82:23:08:b8:3e:a4:f1:7c:bf:cf:5b:65:42:c1:f1:75:
         92:35:13:88:89:1e:93:c9:66:0f:95:00:c8:99:f7:67:33:0d:
         15:25:51:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZijM+mcFhjrqND/DLwi01OZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwODEzMTEzMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDkzNTkyNWM1NjIzMTFkZTUxZjAxNzg1YzNkY2EwZjU0ZjQ0MGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTmQLxj1jTQGpRjJIYcRjOLjQg67
PiAW984ath82nUCVtrsdmi93JuFNoWXu6KKsMg9wD8F58m8TLnpYII5+WTYMYLxY
oXXN3oGPC1VPMCtLz+b5Tazli9m8Jns14vYhte4kgrhZuxAyWlEdyRcZxNyJoQbe
X+7oJlM97iphDIoPgCdD8QgSb259iUNsYqRoYKDlh5e/0Go1Qcw6UMfAB7l1XCS7
HIrmOD2mbXCLbq2NHQJCfYyUQprKXp+zFibEFZ5Rmz5HPq6OSPIGgbbceG+NGVgS
xevWV9DEz997MTDosU3HsW22F2D6Embztbp2illaXjG49R1F3Ns3tERKDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2TWSXFYjEd5R8BeFw9yg9U9EC0MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVFpOWkpjVmlNUjNsSHdGNFhEM0tEMVQwUUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVtMA0G
CSqGSIb3DQEBCwUAA4IBAQCemAAoqe6msCXof5wyy+sq17NJKmbNWQ/wuzeDDXT2
jKT/YeOQj6zoj9EFZ1DHQSDprvJjkRdL5/fp7H2pWrPGeNlCOqCJYsrq7X2vQv/E
7WII2FAYwe6OSupzwXmpbuXNAL4lt6SkaCGttBVwLEMsl7obAYsTNX/EvowPp30i
iCmQA2HqcCDlSF52KE3iat6zvRBDzjDPnK5sWD7jUIS/Jssi5aRyy7f7h0cM+bd2
7z6D7fJsCz/7KrDUvhVvQil19t6FuVV5PZDqd4PFgGRhjqgE/LSpryhTPYIjCLg+
pPF8v89bZULB8XWSNROIiR6TyWYPlQDImfdnMw0VJVHg
-----END CERTIFICATE-----