Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/mP7S0aSp_E3ihsp0zmSHqDFHAxI.roa
File:                     mP7S0aSp_E3ihsp0zmSHqDFHAxI.roa (raw, json)
Hash identifier:          o851D4pebkhzbgUVFVa/D6YJ+kggtvO3lFuv/bmtgOw=
Subject key identifier:   98:FE:D2:D1:A4:A9:FC:4D:E2:86:CA:74:CE:64:87:A8:31:47:03:12
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0199486D37FEF99C7F46ECEBAEC5F8D1C47F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/mP7S0aSp_E3ihsp0zmSHqDFHAxI.roa
Signing time:             Sun 14 Sep 2025 13:32:21 +0000
ROA not before:           Sun 14 Sep 2025 13:32:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        163.5.51.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24
                          163.5.173.0/24 maxlen: 24
                          163.5.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:55:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:48:6d:37:fe:f9:9c:7f:46:ec:eb:ae:c5:f8:d1:c4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 14 13:32:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98fed2d1a4a9fc4de286ca74ce6487a831470312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0f:d2:2c:6f:f3:85:0d:50:25:ef:82:68:eb:
                    c8:37:1a:7c:c1:8c:dd:57:34:8c:e6:8e:f1:30:f6:
                    39:01:4b:61:8d:c3:9c:c4:8e:5d:33:0f:42:32:58:
                    ad:4f:ab:8b:cf:59:39:a2:fe:09:be:d3:b4:ea:f0:
                    1a:ca:10:ec:7f:00:39:42:5b:89:2e:e3:fb:0e:56:
                    50:40:c5:61:5c:b3:b7:5d:7f:6f:66:26:8d:9b:31:
                    b7:b8:49:2f:d2:46:34:86:7b:41:9c:c9:07:8e:02:
                    73:30:d6:43:77:32:2a:ec:fc:23:a1:6a:92:96:b5:
                    17:9b:04:f0:27:0b:89:72:94:a0:b8:fd:cb:05:4f:
                    f5:87:c8:df:08:83:de:fd:58:40:cd:94:36:ef:e7:
                    19:74:be:6a:fa:99:72:33:2c:74:64:28:a4:03:eb:
                    ae:da:23:6c:6f:00:cd:2a:25:fd:89:cb:df:42:9a:
                    86:8d:92:32:45:05:77:88:e3:91:06:29:32:ff:c2:
                    ba:f6:51:cf:2f:5a:4c:b4:f7:1d:eb:14:0d:77:77:
                    02:7c:35:df:0d:06:8e:1c:cb:28:dd:87:a8:a0:db:
                    6a:8c:4c:98:f3:82:36:89:39:0c:b3:79:18:f5:7a:
                    c5:26:09:cb:87:1c:e6:ad:54:5c:e6:27:15:a5:c1:
                    c5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:FE:D2:D1:A4:A9:FC:4D:E2:86:CA:74:CE:64:87:A8:31:47:03:12
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/mP7S0aSp_E3ihsp0zmSHqDFHAxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.51.0/24
                  163.5.134.0/24
                  163.5.173.0/24
                  163.5.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:00:aa:43:71:82:73:4d:a6:2f:be:89:95:e8:9d:ba:43:40:
         b2:63:da:54:4f:d5:f5:9a:f8:3c:e5:c3:28:50:73:8a:5c:f1:
         a6:26:83:c8:7f:ee:cc:2e:cb:41:9e:60:1a:3c:8a:16:51:c7:
         f8:34:eb:df:f1:1d:80:b7:54:ff:c9:96:b9:34:73:2b:41:4f:
         a0:b9:5e:45:df:b3:78:e1:04:d3:7b:0b:f4:1b:8f:5b:52:19:
         55:86:d8:bd:f4:1d:be:50:2e:ec:0d:2d:70:eb:39:12:00:c8:
         5d:e2:5c:8f:24:65:44:ba:54:3d:25:61:1d:59:02:23:4a:e5:
         73:6f:9a:33:f0:39:f8:62:fa:63:1b:da:41:c9:9e:4f:1f:20:
         f1:c2:85:97:bd:4c:2c:53:73:14:21:09:ad:4e:47:ff:f8:4e:
         01:24:03:90:a4:02:43:18:a5:03:da:71:ce:d8:d4:19:29:54:
         41:dc:50:74:6f:74:a2:bb:bb:49:06:ef:23:65:11:bc:a8:71:
         42:c2:4f:a4:c8:6a:b0:5f:51:62:49:5f:ec:1b:fd:54:3a:81:
         50:1e:0a:4e:3e:f8:52:dd:56:e4:c2:b1:18:7e:6e:a2:15:9a:
         6d:d8:1b:3a:67:2e:78:28:ab:03:a3:00:38:e7:7a:00:ee:1c:
         92:72:c2:28
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZlIbTf++Zx/RuzrrsX40cR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwOTE0MTMzMjIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGZlZDJkMWE0YTlmYzRkZTI4NmNhNzRjZTY0ODdhODMxNDcwMzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQ/SLG/zhQ1QJe+CaOvINxp8wYzd
VzSM5o7xMPY5AUthjcOcxI5dMw9CMlitT6uLz1k5ov4JvtO06vAayhDsfwA5QluJ
LuP7DlZQQMVhXLO3XX9vZiaNmzG3uEkv0kY0hntBnMkHjgJzMNZDdzIq7PwjoWqS
lrUXmwTwJwuJcpSguP3LBU/1h8jfCIPe/VhAzZQ27+cZdL5q+plyMyx0ZCikA+uu
2iNsbwDNKiX9icvfQpqGjZIyRQV3iOORBiky/8K69lHPL1pMtPcd6xQNd3cCfDXf
DQaOHMso3YeooNtqjEyY84I2iTkMs3kY9XrFJgnLhxzmrVRc5icVpcHFqwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJj+0tGkqfxN4obKdM5kh6gxRwMSMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbVA3UzBhU3BfRTNpaHNwMHptU0hxREZIQXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAowUzAwQA
owWGAwQAowWtAwQAowXnMA0GCSqGSIb3DQEBCwUAA4IBAQCrAKpDcYJzTaYvvomV
6J26Q0CyY9pUT9X1mvg85cMoUHOKXPGmJoPIf+7MLstBnmAaPIoWUcf4NOvf8R2A
t1T/yZa5NHMrQU+guV5F37N44QTTewv0G49bUhlVhti99B2+UC7sDS1w6zkSAMhd
4lyPJGVEulQ9JWEdWQIjSuVzb5oz8Dn4YvpjG9pByZ5PHyDxwoWXvUwsU3MUIQmt
Tkf/+E4BJAOQpAJDGKUD2nHO2NQZKVRB3FB0b3Siu7tJBu8jZRG8qHFCwk+kyGqw
X1FiSV/sG/1UOoFQHgpOPvhS3VbkwrEYfm6iFZpt2Bs6Zy54KKsDowA453oA7hyS
csIo
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:50:51 2025 by rpki-client