Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/uGQqJ-czFFZM19uTEFW6U9mL11I.roa
File:                     uGQqJ-czFFZM19uTEFW6U9mL11I.roa (raw, json)
Hash identifier:          dFohd7UFy6Bld0vQHg1O79Z6yZPPMAk9OWsnyk/oiH0=
Subject key identifier:   B8:64:2A:27:E7:33:14:56:4C:D7:DB:93:10:55:BA:53:D9:8B:D7:52
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019DDAA7984535A7D31191CD37273F3AB1A6
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/uGQqJ-czFFZM19uTEFW6U9mL11I.roa
Signing time:             Wed 29 Apr 2026 19:11:49 +0000
ROA not before:           Wed 29 Apr 2026 19:11:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34989
IP address blocks:        163.5.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:a7:98:45:35:a7:d3:11:91:cd:37:27:3f:3a:b1:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 29 19:11:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8642a27e73314564cd7db931055ba53d98bd752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6e:3a:c1:75:8e:6c:4b:aa:da:e9:5d:80:18:
                    71:73:3e:b2:d7:89:d0:bf:2d:7a:9d:66:37:e0:a5:
                    ee:69:ae:b7:4f:58:80:4b:3c:5a:9e:f6:80:3d:1a:
                    7b:eb:9c:8a:16:31:be:ca:a6:d0:11:cc:8b:e8:ae:
                    d6:c7:bd:fd:a0:77:dc:dc:b0:b7:7b:f7:1d:f0:f0:
                    03:6d:9c:42:f4:73:a6:a5:6a:f2:7a:b8:41:44:1a:
                    3c:19:67:32:cd:03:ce:ed:3e:41:6e:83:0a:9e:a4:
                    2c:69:dd:30:30:3e:56:30:90:96:11:57:1f:31:3e:
                    a5:1b:3d:5b:d8:76:5d:11:86:ac:3e:37:3e:00:7c:
                    d3:c2:90:3e:a0:67:dd:a1:46:95:e6:94:59:51:eb:
                    11:56:ce:7e:84:04:2a:04:3a:df:0b:e8:6b:90:bf:
                    2e:92:74:37:cb:af:ff:ef:23:5e:f1:31:2e:d5:ec:
                    e3:bf:83:ad:62:bf:c3:7d:40:a8:d1:b2:85:aa:9d:
                    05:4e:c8:58:4b:32:0e:f8:9b:a9:77:f9:7e:96:01:
                    f5:98:19:63:66:b4:ce:07:20:a6:47:58:2f:df:f6:
                    15:78:13:00:77:3c:1d:e7:ea:a9:bf:8c:ab:aa:7f:
                    60:a5:42:51:35:4c:f7:99:e1:00:00:bb:d5:b7:12:
                    11:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:64:2A:27:E7:33:14:56:4C:D7:DB:93:10:55:BA:53:D9:8B:D7:52
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/uGQqJ-czFFZM19uTEFW6U9mL11I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:72:74:3a:4c:b0:89:53:f9:7c:1b:ab:45:b9:7b:43:50:51:
         ee:84:2e:ef:ee:65:58:be:86:57:90:dc:16:10:27:4c:1e:69:
         cf:82:e7:61:fa:95:a1:d3:82:3b:70:2f:7f:30:5c:f3:22:fd:
         b9:e5:d6:32:3b:f7:3b:3f:e6:26:90:55:d9:d1:67:27:50:75:
         96:72:9b:66:67:37:a8:b5:c9:4f:26:70:95:ee:94:6e:26:29:
         67:32:fb:cf:b8:20:1e:66:82:59:73:e2:5b:61:c0:6d:d7:87:
         ff:f3:4b:7a:de:45:60:eb:ed:a0:ca:69:ee:08:9c:24:7b:f5:
         d1:d7:07:8b:be:0f:c6:8a:67:5d:34:22:1a:71:6b:a7:60:4e:
         37:3a:08:04:e3:3a:44:2e:0c:f7:b0:dd:b5:60:e8:a1:15:0b:
         c1:97:7e:64:b9:33:4e:15:4a:39:23:a3:e7:42:e8:ca:47:ec:
         87:83:3b:b0:a4:f8:59:2d:bb:27:cf:ca:07:fb:70:05:bb:5d:
         3c:d2:de:88:4d:50:d7:ee:31:b6:b6:be:b9:0f:10:d4:3f:d1:
         27:0f:c2:28:95:33:9f:50:80:f9:5b:27:fe:d5:4b:e0:63:b8:
         10:7c:cd:c5:eb:3e:12:7c:57:1f:47:32:19:61:12:ff:95:15:
         25:ae:3b:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3ap5hFNafTEZHNNyc/OrGmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwNDI5MTkxMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODY0MmEyN2U3MzMxNDU2NGNkN2RiOTMxMDU1YmE1M2Q5OGJkNzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwm46wXWObEuq2uldgBhxcz6y14nQ
vy16nWY34KXuaa63T1iASzxanvaAPRp765yKFjG+yqbQEcyL6K7Wx739oHfc3LC3
e/cd8PADbZxC9HOmpWryerhBRBo8GWcyzQPO7T5BboMKnqQsad0wMD5WMJCWEVcf
MT6lGz1b2HZdEYasPjc+AHzTwpA+oGfdoUaV5pRZUesRVs5+hAQqBDrfC+hrkL8u
knQ3y6//7yNe8TEu1ezjv4OtYr/DfUCo0bKFqp0FTshYSzIO+Jupd/l+lgH1mBlj
ZrTOByCmR1gv3/YVeBMAdzwd5+qpv4yrqn9gpUJRNUz3meEAALvVtxIRyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhkKifnMxRWTNfbkxBVulPZi9dSMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdUdRcUotY3pGRlpNMTl1VEVGVzZVOW1MMTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVhMA0G
CSqGSIb3DQEBCwUAA4IBAQAxcnQ6TLCJU/l8G6tFuXtDUFHuhC7v7mVYvoZXkNwW
ECdMHmnPgudh+pWh04I7cC9/MFzzIv255dYyO/c7P+YmkFXZ0WcnUHWWcptmZzeo
tclPJnCV7pRuJilnMvvPuCAeZoJZc+JbYcBt14f/80t63kVg6+2gymnuCJwke/XR
1weLvg/GimddNCIacWunYE43OggE4zpELgz3sN21YOihFQvBl35kuTNOFUo5I6Pn
QujKR+yHgzuwpPhZLbsnz8oH+3AFu1080t6ITVDX7jG2tr65DxDUP9EnD8IolTOf
UID5Wyf+1UvgY7gQfM3F6z4SfFcfRzIZYRL/lRUlrjvL
-----END CERTIFICATE-----