Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/j2Oi84YynVBXFpHUK7p2xm5sHxA.roa
File:                     j2Oi84YynVBXFpHUK7p2xm5sHxA.roa (raw, json)
Hash identifier:          aTdUlmrWIBiIc21Ia+r83LwoKXOkZh8ADkq69wZizVM=
Subject key identifier:   8F:63:A2:F3:86:32:9D:50:57:16:91:D4:2B:BA:76:C6:6E:6C:1F:10
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019D1B3F80152553EB0D1112C858A253C865
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/j2Oi84YynVBXFpHUK7p2xm5sHxA.roa
Signing time:             Mon 23 Mar 2026 15:10:39 +0000
ROA not before:           Mon 23 Mar 2026 15:10:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204767
IP address blocks:        163.5.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:3f:80:15:25:53:eb:0d:11:12:c8:58:a2:53:c8:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 23 15:10:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f63a2f386329d50571691d42bba76c66e6c1f10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8a:92:09:88:31:41:3b:57:da:09:87:b7:e7:
                    3b:f1:26:63:35:a2:9a:bf:6c:a0:40:2d:8b:10:6b:
                    a0:95:db:24:c6:08:c1:38:02:01:52:72:fd:95:e0:
                    fc:fd:69:f5:78:47:f9:62:62:f2:cf:18:86:0e:d4:
                    7d:b1:3b:f9:35:0f:36:da:f7:d9:e2:d1:6f:3f:62:
                    43:b0:c2:fc:0a:4d:21:2c:22:7e:ca:6f:88:b5:fb:
                    9c:e2:2e:eb:0a:e4:11:95:73:d0:1c:66:52:7b:8c:
                    b5:db:ef:61:e3:84:00:ac:75:0f:ea:d6:93:e6:d8:
                    b4:f2:f3:7d:dc:53:79:77:f9:82:98:43:54:93:b4:
                    cf:0e:06:1e:0f:94:31:c9:a2:76:bd:97:6e:1c:58:
                    fe:8c:47:2f:6a:d7:72:81:0a:2c:8f:98:b2:7e:e5:
                    2e:56:f5:de:10:dc:2d:e1:fd:83:ee:45:bd:0c:d0:
                    54:63:8a:30:a2:21:0f:46:59:ad:07:45:fc:07:06:
                    45:2c:84:02:f9:20:17:83:f1:9f:46:f3:a7:85:3d:
                    16:39:ea:be:db:80:f6:09:ef:b1:f8:0a:28:21:4d:
                    cd:d1:de:f7:53:8d:3f:44:0c:21:3c:57:54:9a:d1:
                    8d:fc:b8:bc:46:a1:4c:18:db:53:ab:22:8a:85:3e:
                    19:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:63:A2:F3:86:32:9D:50:57:16:91:D4:2B:BA:76:C6:6E:6C:1F:10
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/j2Oi84YynVBXFpHUK7p2xm5sHxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:6a:50:dc:08:24:79:9b:47:43:ea:39:13:f5:f2:28:85:6b:
         b3:f7:87:81:b4:06:79:ef:d6:fa:ea:36:c8:54:13:d2:b3:50:
         36:00:ac:3d:08:37:98:12:85:91:93:ed:89:77:ff:0d:39:48:
         4c:46:30:58:7d:92:a5:c0:ba:e0:44:9a:de:93:3e:a2:51:06:
         2f:88:1e:4a:04:14:3b:83:2c:01:87:00:de:e4:9e:72:bc:c8:
         60:7d:3f:e7:fb:4c:04:85:68:2f:7c:1e:34:94:ab:4e:59:e0:
         dd:1a:23:53:b9:cb:3f:fa:1f:07:aa:10:77:a9:e9:ed:af:00:
         ea:73:10:83:36:cb:c2:60:81:ee:e9:10:e7:f7:b5:8e:c3:04:
         fe:d7:3c:55:d2:f3:fb:58:4b:22:44:bf:b0:bf:76:c0:80:c2:
         58:c7:de:56:80:6c:ab:61:c1:a4:76:c1:19:99:19:e3:cf:a5:
         e8:34:eb:0f:99:98:62:f9:a8:91:e3:96:b8:8a:3f:52:fc:f5:
         f2:31:44:f7:25:21:ec:ff:7d:f3:a6:47:57:07:3f:14:9b:86:
         7f:db:9e:a9:8d:7e:68:96:02:b1:fc:77:e6:04:ca:3a:51:71:
         fc:8e:a9:d3:f4:60:08:9b:43:4c:5f:19:23:c0:1d:24:64:21:
         f2:d9:1f:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0bP4AVJVPrDRESyFiiU8hlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzIzMTUxMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjYzYTJmMzg2MzI5ZDUwNTcxNjkxZDQyYmJhNzZjNjZlNmMxZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4qSCYgxQTtX2gmHt+c78SZjNaKa
v2ygQC2LEGugldskxgjBOAIBUnL9leD8/Wn1eEf5YmLyzxiGDtR9sTv5NQ822vfZ
4tFvP2JDsML8Ck0hLCJ+ym+Itfuc4i7rCuQRlXPQHGZSe4y12+9h44QArHUP6taT
5ti08vN93FN5d/mCmENUk7TPDgYeD5QxyaJ2vZduHFj+jEcvatdygQosj5iyfuUu
VvXeENwt4f2D7kW9DNBUY4owoiEPRlmtB0X8BwZFLIQC+SAXg/GfRvOnhT0WOeq+
24D2Ce+x+AooIU3N0d73U40/RAwhPFdUmtGN/Li8RqFMGNtTqyKKhT4ZkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9jovOGMp1QVxaR1Cu6dsZubB8QMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvajJPaTg0WXluVkJYRnBIVUs3cDJ4bTVzSHhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVhMA0G
CSqGSIb3DQEBCwUAA4IBAQBWalDcCCR5m0dD6jkT9fIohWuz94eBtAZ579b66jbI
VBPSs1A2AKw9CDeYEoWRk+2Jd/8NOUhMRjBYfZKlwLrgRJrekz6iUQYviB5KBBQ7
gywBhwDe5J5yvMhgfT/n+0wEhWgvfB40lKtOWeDdGiNTucs/+h8HqhB3qentrwDq
cxCDNsvCYIHu6RDn97WOwwT+1zxV0vP7WEsiRL+wv3bAgMJYx95WgGyrYcGkdsEZ
mRnjz6XoNOsPmZhi+aiR45a4ij9S/PXyMUT3JSHs/33zpkdXBz8Um4Z/256pjX5o
lgKx/HfmBMo6UXH8jqnT9GAIm0NMXxkjwB0kZCHy2R+r
-----END CERTIFICATE-----