Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vIzT8ZZ-w5OtNjAzZMDmMlii8DU.roa
File:                     vIzT8ZZ-w5OtNjAzZMDmMlii8DU.roa (raw, json)
Hash identifier:          NoIWvY1YZINaH/YOqeHkhqxClZnf1zVZZjkcFnKm2VE=
Subject key identifier:   BC:8C:D3:F1:96:7E:C3:93:AD:36:30:33:64:C0:E6:32:58:A2:F0:35
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0199354DD068780853FFD387856ED8304F77
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vIzT8ZZ-w5OtNjAzZMDmMlii8DU.roa
Signing time:             Wed 10 Sep 2025 20:25:15 +0000
ROA not before:           Wed 10 Sep 2025 20:25:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46450
IP address blocks:        163.5.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:35:4d:d0:68:78:08:53:ff:d3:87:85:6e:d8:30:4f:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 10 20:25:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc8cd3f1967ec393ad36303364c0e63258a2f035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:84:e0:50:92:b7:8e:91:26:a6:ab:e9:bb:a3:
                    7e:2d:e0:e9:6b:86:b9:f9:20:c9:a9:49:5c:96:49:
                    27:b4:d5:48:67:58:9d:a8:8d:2c:3f:29:74:be:e9:
                    cf:cb:f7:4a:b9:f8:93:1d:3d:d9:d5:73:04:eb:d8:
                    6c:9b:6e:75:54:92:6f:bd:80:d5:58:b8:2d:bd:82:
                    7f:6c:1d:da:1e:86:39:2e:df:6a:de:36:46:ea:31:
                    5e:c8:7e:75:5f:d0:23:ef:a6:33:1e:f7:77:a0:96:
                    93:17:2b:e9:ee:8a:0c:6f:93:cc:cb:0b:4e:27:fa:
                    25:3d:79:61:56:fe:8d:40:12:df:ab:b3:c0:d6:88:
                    78:8c:f9:93:c9:ee:12:f4:96:47:8c:9d:18:34:72:
                    d9:f6:60:07:ad:9e:39:c0:23:52:3c:71:68:40:75:
                    b0:01:d7:54:13:af:bd:6b:25:18:62:f8:ff:f2:0f:
                    08:25:9f:43:eb:ee:7f:36:2c:42:b4:54:2f:3c:00:
                    de:10:e5:9b:04:42:f6:16:3a:7a:7a:51:72:0d:cf:
                    23:17:a4:c4:49:85:77:71:fa:2e:fe:20:37:76:5f:
                    3e:e2:12:e8:8f:47:46:63:31:69:c8:19:d7:c8:a8:
                    a2:de:d8:44:40:87:df:9e:fe:ec:21:82:79:6b:4c:
                    c3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8C:D3:F1:96:7E:C3:93:AD:36:30:33:64:C0:E6:32:58:A2:F0:35
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vIzT8ZZ-w5OtNjAzZMDmMlii8DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:b7:7c:9f:7b:b8:36:72:a7:55:0e:80:e1:e4:5d:71:1e:45:
         5f:a8:9c:b5:f8:2b:87:10:8b:10:47:20:56:0d:79:63:20:1a:
         b9:20:13:0a:fa:17:82:d6:7d:e7:1d:bd:de:27:21:9d:6e:f6:
         8d:17:99:e0:96:cf:62:d9:fc:a8:43:d2:f9:b1:bd:2f:23:4c:
         f7:f4:0a:2b:6b:ca:c8:3e:43:c3:6a:84:e6:27:e5:a0:e5:88:
         5e:1d:95:d5:90:cb:fb:be:ba:47:b3:2a:a1:83:ae:ae:58:07:
         1b:3c:6c:32:71:6f:1e:d3:c5:10:d6:54:6a:72:dd:e3:bd:83:
         dc:b5:aa:fd:b4:f0:47:1f:d8:3d:3f:2d:94:ce:08:44:0a:ff:
         63:76:7f:a3:0c:f1:94:5b:b0:a0:8f:f6:b5:50:3f:82:79:0e:
         6f:53:16:01:13:87:e9:2f:2b:a9:61:91:87:ff:c6:60:01:75:
         ec:0f:a2:ca:c4:21:d4:a2:1a:3a:9a:51:8c:5b:dd:97:bf:5d:
         52:ed:7f:e3:3b:86:cf:cf:b1:b4:08:87:21:c4:1d:88:b4:df:
         8a:5e:89:54:9c:b3:3d:a9:ab:05:b5:7e:6f:1d:32:af:21:0b:
         67:22:f0:66:a8:ba:ec:16:bf:80:db:be:99:4e:74:cb:38:04:
         fe:8b:0f:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk1TdBoeAhT/9OHhW7YME93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwOTEwMjAyNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzhjZDNmMTk2N2VjMzkzYWQzNjMwMzM2NGMwZTYzMjU4YTJmMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24TgUJK3jpEmpqvpu6N+LeDpa4a5
+SDJqUlclkkntNVIZ1idqI0sPyl0vunPy/dKufiTHT3Z1XME69hsm251VJJvvYDV
WLgtvYJ/bB3aHoY5Lt9q3jZG6jFeyH51X9Aj76YzHvd3oJaTFyvp7ooMb5PMywtO
J/olPXlhVv6NQBLfq7PA1oh4jPmTye4S9JZHjJ0YNHLZ9mAHrZ45wCNSPHFoQHWw
AddUE6+9ayUYYvj/8g8IJZ9D6+5/NixCtFQvPADeEOWbBEL2Fjp6elFyDc8jF6TE
SYV3cfou/iA3dl8+4hLoj0dGYzFpyBnXyKii3thEQIffnv7sIYJ5a0zDpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyM0/GWfsOTrTYwM2TA5jJYovA1MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdkl6VDhaWi13NU90TmpBelpNRG1NbGlpOERVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWiMA0G
CSqGSIb3DQEBCwUAA4IBAQCNt3yfe7g2cqdVDoDh5F1xHkVfqJy1+CuHEIsQRyBW
DXljIBq5IBMK+heC1n3nHb3eJyGdbvaNF5ngls9i2fyoQ9L5sb0vI0z39Aora8rI
PkPDaoTmJ+Wg5YheHZXVkMv7vrpHsyqhg66uWAcbPGwycW8e08UQ1lRqct3jvYPc
tar9tPBHH9g9Py2UzghECv9jdn+jDPGUW7Cgj/a1UD+CeQ5vUxYBE4fpLyupYZGH
/8ZgAXXsD6LKxCHUoho6mlGMW92Xv11S7X/jO4bPz7G0CIchxB2ItN+KXolUnLM9
qasFtX5vHTKvIQtnIvBmqLrsFr+A276ZTnTLOAT+iw9O
-----END CERTIFICATE-----