Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/prAs2PqTUeZIGSJxW6YttGvyccQ.roa
File:                     prAs2PqTUeZIGSJxW6YttGvyccQ.roa (raw, json)
Hash identifier:          RtvM/mXoH6ivEZYvqlaptS/LRioi0QF4wZFHmbEeeVs=
Subject key identifier:   A6:B0:2C:D8:FA:93:51:E6:48:19:22:71:5B:A6:2D:B4:6B:F2:71:C4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CFACAF2381C3C14F62A09259C8DCCEC32
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/prAs2PqTUeZIGSJxW6YttGvyccQ.roa
Signing time:             Tue 17 Mar 2026 07:55:30 +0000
ROA not before:           Tue 17 Mar 2026 07:55:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213607
IP address blocks:        163.5.57.0/24 maxlen: 24
                          163.5.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fa:ca:f2:38:1c:3c:14:f6:2a:09:25:9c:8d:cc:ec:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 17 07:55:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6b02cd8fa9351e6481922715ba62db46bf271c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:94:7a:e0:f8:a9:cf:6b:13:b2:e8:77:ec:bc:
                    ae:75:fa:6e:59:72:31:90:ac:10:8f:37:e2:41:48:
                    55:d9:d9:be:8d:c8:77:4e:3f:87:7e:0e:bb:03:ab:
                    4d:ba:55:27:f1:a8:00:0d:5d:25:03:bb:4a:11:b8:
                    f0:8d:61:d5:b9:9c:0f:81:b7:0b:8c:80:c7:55:2c:
                    e7:3a:a4:e5:5b:35:b7:c3:49:78:37:d2:92:d7:b4:
                    68:22:22:d2:fc:91:78:16:87:b3:0d:ee:2f:b4:35:
                    53:98:24:08:14:f3:dc:8e:e8:8f:40:ee:82:3d:43:
                    c2:c2:ec:1e:db:e1:53:1d:92:5c:45:2a:f3:52:0c:
                    34:71:11:2a:5d:39:4b:fe:68:05:df:8d:ba:1b:13:
                    4c:0b:ca:f6:d9:41:31:c4:21:84:cf:bf:dc:a1:76:
                    6e:c9:85:54:ff:e2:37:fb:be:3d:b0:06:12:41:c0:
                    1e:d6:ac:04:d0:d9:4c:3c:93:79:7b:f8:08:11:48:
                    71:66:38:6f:3d:10:aa:2f:f2:98:64:81:b5:4a:c3:
                    aa:e7:d3:60:54:b8:e3:dd:24:6f:95:fc:4c:80:a4:
                    e2:52:28:a0:77:1a:5c:4a:c1:b3:cc:32:e5:18:b7:
                    55:bd:7b:e0:2f:49:75:e7:89:89:27:6c:de:c8:2d:
                    58:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B0:2C:D8:FA:93:51:E6:48:19:22:71:5B:A6:2D:B4:6B:F2:71:C4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/prAs2PqTUeZIGSJxW6YttGvyccQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.57.0/24
                  163.5.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:68:f1:b6:a6:38:50:82:c7:28:34:6c:15:34:e2:3b:c8:a6:
         0b:db:68:9b:17:09:ba:6e:3c:e5:cb:91:35:c4:28:07:78:0c:
         e1:54:d4:8b:15:f7:2c:6e:db:b7:9f:52:8a:a5:6a:3b:87:02:
         fe:4e:8f:5b:ae:d7:bd:bc:ce:73:b0:31:57:65:ae:52:80:c6:
         6d:88:ce:71:b9:61:78:bb:aa:60:82:d2:e2:71:7b:c1:3c:8f:
         d1:be:9d:b9:18:55:fe:a9:3c:2b:00:53:f7:fe:fe:7c:1e:a1:
         9e:c0:f0:b5:42:fb:60:73:8f:41:b4:58:7b:a3:4c:b6:cf:46:
         49:f5:fa:e1:d7:10:08:8f:bc:f3:f2:b5:b2:df:ff:6e:68:51:
         f1:3f:39:71:e6:ec:7c:f5:c1:04:66:6a:82:45:21:0b:94:24:
         56:0f:c2:e4:b6:bc:23:c3:40:26:3b:b6:1b:1e:16:b8:2a:82:
         55:45:da:7d:ff:7a:12:db:16:f8:4e:e2:8e:05:e8:e5:ca:ee:
         04:e7:54:cd:21:d2:bf:29:36:31:7b:ac:26:16:31:50:82:c0:
         a2:64:ed:65:6c:19:9a:fb:f5:74:52:d1:9d:ac:99:9c:dd:8f:
         b0:55:c9:1f:6f:fd:d7:bd:22:9d:d5:a4:47:dd:ca:f0:69:22:
         fd:6c:48:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz6yvI4HDwU9ioJJZyNzOwyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzE3MDc1NTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmIwMmNkOGZhOTM1MWU2NDgxOTIyNzE1YmE2MmRiNDZiZjI3MWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5R64Pipz2sTsuh37LyudfpuWXIx
kKwQjzfiQUhV2dm+jch3Tj+Hfg67A6tNulUn8agADV0lA7tKEbjwjWHVuZwPgbcL
jIDHVSznOqTlWzW3w0l4N9KS17RoIiLS/JF4FoezDe4vtDVTmCQIFPPcjuiPQO6C
PUPCwuwe2+FTHZJcRSrzUgw0cREqXTlL/mgF3426GxNMC8r22UExxCGEz7/coXZu
yYVU/+I3+749sAYSQcAe1qwE0NlMPJN5e/gIEUhxZjhvPRCqL/KYZIG1SsOq59Ng
VLjj3SRvlfxMgKTiUiigdxpcSsGzzDLlGLdVvXvgL0l154mJJ2zeyC1YFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKawLNj6k1HmSBkicVumLbRr8nHEMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcHJBczJQcVRVZVpJR1NKeFc2WXR0R3Z5Y2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowU5AwQA
owVRMA0GCSqGSIb3DQEBCwUAA4IBAQCdaPG2pjhQgscoNGwVNOI7yKYL22ibFwm6
bjzly5E1xCgHeAzhVNSLFfcsbtu3n1KKpWo7hwL+To9brte9vM5zsDFXZa5SgMZt
iM5xuWF4u6pggtLicXvBPI/Rvp25GFX+qTwrAFP3/v58HqGewPC1Qvtgc49BtFh7
o0y2z0ZJ9frh1xAIj7zz8rWy3/9uaFHxPzlx5ux89cEEZmqCRSELlCRWD8Lktrwj
w0AmO7YbHha4KoJVRdp9/3oS2xb4TuKOBejlyu4E51TNIdK/KTYxe6wmFjFQgsCi
ZO1lbBma+/V0UtGdrJmc3Y+wVckfb/3XvSKd1aRH3crwaSL9bEh7
-----END CERTIFICATE-----