Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/opbIkCdeRu1aZFRtCcJNdu8ouhM.roa
File:                     opbIkCdeRu1aZFRtCcJNdu8ouhM.roa (raw, json)
Hash identifier:          wF6zXNtmoFj3ls5Mve4lV2NJB0qlpINBHOY4EY79Nk0=
Subject key identifier:   A2:96:C8:90:27:5E:46:ED:5A:64:54:6D:09:C2:4D:76:EF:28:BA:13
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019788090B3BD0D6D194F922E9ADEC6C2D45
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/opbIkCdeRu1aZFRtCcJNdu8ouhM.roa
Signing time:             Thu 19 Jun 2025 11:53:03 +0000
ROA not before:           Thu 19 Jun 2025 11:53:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64289
IP address blocks:        163.5.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 01:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:09:0b:3b:d0:d6:d1:94:f9:22:e9:ad:ec:6c:2d:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun 19 11:53:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a296c890275e46ed5a64546d09c24d76ef28ba13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:15:3e:e8:b8:34:1b:f6:49:b9:95:29:66:d0:
                    62:b2:ad:45:b1:a6:f2:f6:e7:8c:96:5d:2b:0c:14:
                    6f:61:62:b3:c5:eb:48:d9:e6:37:7e:71:dd:04:ed:
                    8f:74:a6:15:0f:e8:63:70:a7:88:bb:1c:8d:c2:37:
                    75:92:2a:e4:01:6e:50:55:b4:a1:96:1f:4a:21:85:
                    f2:94:84:8e:82:57:e7:c2:54:01:31:73:3d:78:cc:
                    9c:80:b4:13:09:52:be:ea:eb:a2:d1:f1:19:53:ad:
                    0c:f9:92:44:d6:c9:93:60:6e:2f:7b:3e:af:40:3e:
                    c1:86:e7:c1:cf:c3:ec:ff:0d:27:8d:b9:6b:b4:34:
                    bc:30:0a:b6:85:d3:40:f4:cd:be:96:20:ad:7f:c6:
                    a7:fb:9e:eb:76:ba:38:b5:d3:2a:a7:17:76:92:9a:
                    e0:50:79:47:60:b8:b8:4c:13:df:34:4a:e1:49:ac:
                    05:22:e0:02:a6:94:30:e8:0a:17:86:b8:fd:9c:a3:
                    ee:eb:bd:3a:33:25:44:80:4c:d4:f4:ef:20:df:e9:
                    84:e8:09:fe:d9:e4:92:c7:fb:c4:64:4f:4a:11:7a:
                    19:15:07:4e:9c:cf:7f:81:a3:69:b8:6e:22:9d:90:
                    87:cb:04:cc:1a:18:72:1d:5c:ed:e7:77:b6:78:d6:
                    ee:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:96:C8:90:27:5E:46:ED:5A:64:54:6D:09:C2:4D:76:EF:28:BA:13
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/opbIkCdeRu1aZFRtCcJNdu8ouhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:13:69:72:ef:81:37:44:52:4b:d4:f4:aa:e2:23:6c:38:0b:
         72:55:5a:8b:7b:fd:fd:02:8c:56:66:20:05:89:20:38:35:14:
         75:29:90:21:19:40:ec:2f:95:47:21:65:7b:0a:42:50:9d:58:
         0d:f2:36:3c:84:6b:c0:0a:c7:af:93:bb:78:c3:eb:57:9a:4e:
         60:f0:28:62:f9:da:55:45:3b:80:9e:b9:f2:da:e2:9c:37:41:
         4c:4c:67:eb:97:aa:9c:ec:21:29:68:3f:6a:ce:e4:5c:29:29:
         49:8f:47:1f:3d:d8:3f:08:59:29:c4:84:64:e7:32:eb:28:fe:
         2e:c8:e0:0c:94:70:3a:81:e6:2a:80:6e:c1:b7:8d:df:a5:55:
         89:df:3a:7f:88:af:64:f0:ac:50:16:5c:80:8f:5f:65:be:51:
         f2:9c:bf:4f:a1:1b:54:1f:e8:6c:e8:db:b3:f1:f0:7d:80:22:
         29:04:92:6c:45:86:40:47:43:57:fe:92:c5:a1:03:31:5f:68:
         ed:27:aa:4f:f4:fb:e6:76:25:9e:f2:14:56:98:7b:a1:95:cd:
         4a:91:5a:aa:6f:85:9e:61:55:3c:17:14:99:b4:b7:3d:00:62:
         bc:b7:79:ab:c5:cb:55:6f:2f:fb:5b:97:2b:04:34:50:4c:e7:
         e9:f2:00:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeICQs70NbRlPki6a3sbC1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNjE5MTE1MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjk2Yzg5MDI3NWU0NmVkNWE2NDU0NmQwOWMyNGQ3NmVmMjhiYTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6BU+6Lg0G/ZJuZUpZtBisq1Fsaby
9ueMll0rDBRvYWKzxetI2eY3fnHdBO2PdKYVD+hjcKeIuxyNwjd1kirkAW5QVbSh
lh9KIYXylISOglfnwlQBMXM9eMycgLQTCVK+6uui0fEZU60M+ZJE1smTYG4vez6v
QD7BhufBz8Ps/w0njblrtDS8MAq2hdNA9M2+liCtf8an+57rdro4tdMqpxd2kprg
UHlHYLi4TBPfNErhSawFIuACppQw6AoXhrj9nKPu6706MyVEgEzU9O8g3+mE6An+
2eSSx/vEZE9KEXoZFQdOnM9/gaNpuG4inZCHywTMGhhyHVzt53e2eNbuZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKWyJAnXkbtWmRUbQnCTXbvKLoTMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvb3BiSWtDZGVSdTFhWkZSdENjSk5kdThvdWhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWDMA0G
CSqGSIb3DQEBCwUAA4IBAQBLE2ly74E3RFJL1PSq4iNsOAtyVVqLe/39AoxWZiAF
iSA4NRR1KZAhGUDsL5VHIWV7CkJQnVgN8jY8hGvACsevk7t4w+tXmk5g8Chi+dpV
RTuAnrny2uKcN0FMTGfrl6qc7CEpaD9qzuRcKSlJj0cfPdg/CFkpxIRk5zLrKP4u
yOAMlHA6geYqgG7Bt43fpVWJ3zp/iK9k8KxQFlyAj19lvlHynL9PoRtUH+hs6Nuz
8fB9gCIpBJJsRYZAR0NX/pLFoQMxX2jtJ6pP9PvmdiWe8hRWmHuhlc1KkVqqb4We
YVU8FxSZtLc9AGK8t3mrxctVby/7W5crBDRQTOfp8gA/
-----END CERTIFICATE-----