Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Z6ILgfnD8gy8C9ojws2N89INzPo.roa
File:                     Z6ILgfnD8gy8C9ojws2N89INzPo.roa (raw, json)
Hash identifier:          mjF3JTQ7bR355uqnhspuxLhD6ZXUiuZue/3PUx8ihyE=
Subject key identifier:   67:A2:0B:81:F9:C3:F2:0C:BC:0B:DA:23:C2:CD:8D:F3:D2:0D:CC:FA
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CF74F3A9DD43D0A1E43FD9B6AD0053E5F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Z6ILgfnD8gy8C9ojws2N89INzPo.roa
Signing time:             Mon 16 Mar 2026 15:41:30 +0000
ROA not before:           Mon 16 Mar 2026 15:41:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35575
IP address blocks:        163.5.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:4f:3a:9d:d4:3d:0a:1e:43:fd:9b:6a:d0:05:3e:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 16 15:41:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67a20b81f9c3f20cbc0bda23c2cd8df3d20dccfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:58:80:07:42:57:cc:bf:d8:05:c1:1f:18:d4:
                    b1:23:2a:df:ff:09:55:d7:64:e5:b5:4e:60:fc:89:
                    cd:67:2a:fe:88:6b:7a:b9:c0:ea:ed:9c:56:2c:a6:
                    54:7c:df:ab:26:c5:86:14:0b:8d:be:bc:10:23:55:
                    b1:cb:9e:1b:53:4b:44:be:8d:41:7f:44:dc:3d:50:
                    d2:8c:18:ff:29:a5:cf:d5:c0:d9:23:75:13:8a:4c:
                    06:83:95:e3:e8:5f:5a:29:e6:20:06:94:87:bc:5d:
                    db:bf:65:5f:64:82:b0:d2:55:f1:48:f0:9f:c6:02:
                    64:f0:ab:c2:48:dd:04:42:b6:69:3b:18:6c:8a:0c:
                    bc:81:c6:4f:04:bf:75:10:e5:0b:3f:6c:9f:85:31:
                    bf:8d:6d:3e:1e:f2:6a:b2:02:4e:f0:ad:32:e9:b5:
                    78:45:dc:3b:da:74:02:a7:52:71:d2:f3:0b:3b:d9:
                    b1:26:a6:65:18:b3:93:76:45:60:27:89:0b:0b:53:
                    44:31:b6:50:1d:e7:6c:6b:cb:36:3a:8d:d0:da:64:
                    6f:7d:99:d8:ba:a7:af:54:98:1b:bb:c1:18:67:b5:
                    b6:b8:0c:e1:b5:31:b9:eb:d0:66:8e:7f:8d:e4:82:
                    18:5c:06:10:32:52:92:43:d2:57:2a:ab:4f:32:ca:
                    53:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A2:0B:81:F9:C3:F2:0C:BC:0B:DA:23:C2:CD:8D:F3:D2:0D:CC:FA
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Z6ILgfnD8gy8C9ojws2N89INzPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:96:6a:56:e3:8a:5a:f2:a6:2e:93:8a:ee:2e:cb:6b:17:c8:
         ad:05:12:c4:80:21:66:7a:73:0a:18:ce:57:86:51:8c:b0:2d:
         2d:5c:ff:ee:e3:63:7d:f2:05:99:94:6c:d0:d8:c6:f3:f1:31:
         37:11:79:ba:9d:7c:5f:10:5a:83:25:8e:72:b7:0a:84:17:4e:
         92:6a:7e:cd:fa:e1:92:26:99:17:ed:6d:d6:b3:aa:79:8b:f2:
         5e:47:22:53:bf:6d:b2:4e:4a:e7:d2:01:17:eb:1a:84:14:56:
         60:fd:2b:f5:a8:19:56:30:b0:9b:ee:cc:3a:d5:f2:33:f1:9f:
         05:88:97:10:d4:c7:59:99:2b:d3:a0:d0:82:84:9e:b6:d0:9e:
         70:68:22:39:84:dd:9a:7f:f0:b2:7a:11:ff:ff:f3:28:de:fb:
         d5:00:8d:fb:ad:8f:d1:be:56:92:34:ed:40:3f:f9:f6:d5:a4:
         13:ec:3f:f6:0c:2f:b1:70:a7:0c:cf:a2:e9:a8:a5:a3:f4:d0:
         38:11:f2:2b:94:a2:d0:ca:5b:d4:98:02:b1:3a:1f:02:55:1e:
         1a:8f:b3:16:30:86:dc:6e:d9:3c:f8:f7:e3:22:16:85:f7:ef:
         bf:7e:5e:e6:bf:b6:f3:cc:6b:b7:c1:29:80:44:45:7d:d3:e6:
         72:a2:75:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz3Tzqd1D0KHkP9m2rQBT5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzE2MTU0MTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2EyMGI4MWY5YzNmMjBjYmMwYmRhMjNjMmNkOGRmM2QyMGRjY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+FiAB0JXzL/YBcEfGNSxIyrf/wlV
12TltU5g/InNZyr+iGt6ucDq7ZxWLKZUfN+rJsWGFAuNvrwQI1Wxy54bU0tEvo1B
f0TcPVDSjBj/KaXP1cDZI3UTikwGg5Xj6F9aKeYgBpSHvF3bv2VfZIKw0lXxSPCf
xgJk8KvCSN0EQrZpOxhsigy8gcZPBL91EOULP2yfhTG/jW0+HvJqsgJO8K0y6bV4
Rdw72nQCp1Jx0vMLO9mxJqZlGLOTdkVgJ4kLC1NEMbZQHedsa8s2Oo3Q2mRvfZnY
uqevVJgbu8EYZ7W2uAzhtTG569Bmjn+N5IIYXAYQMlKSQ9JXKqtPMspTVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeiC4H5w/IMvAvaI8LNjfPSDcz6MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWjZJTGdmbkQ4Z3k4QzlvandzMk44OUlOelBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXJMA0G
CSqGSIb3DQEBCwUAA4IBAQCOlmpW44pa8qYuk4ruLstrF8itBRLEgCFmenMKGM5X
hlGMsC0tXP/u42N98gWZlGzQ2Mbz8TE3EXm6nXxfEFqDJY5ytwqEF06San7N+uGS
JpkX7W3Ws6p5i/JeRyJTv22yTkrn0gEX6xqEFFZg/Sv1qBlWMLCb7sw61fIz8Z8F
iJcQ1MdZmSvToNCChJ620J5waCI5hN2af/CyehH///Mo3vvVAI37rY/RvlaSNO1A
P/n21aQT7D/2DC+xcKcMz6LpqKWj9NA4EfIrlKLQylvUmAKxOh8CVR4aj7MWMIbc
btk8+PfjIhaF9++/fl7mv7bzzGu3wSmAREV90+ZyonXN
-----END CERTIFICATE-----