Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/zwVoU_S3kPOB5rrICAIdwCCRMgg.roa
File:                     zwVoU_S3kPOB5rrICAIdwCCRMgg.roa (raw, json)
Hash identifier:          4ATR/aqBN+KO7420VgekuLVzyrtRRGR2jdWALnUY37M=
Subject key identifier:   CF:05:68:53:F4:B7:90:F3:81:E6:BA:C8:08:02:1D:C0:20:91:32:08
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019CE267AEE1BE9627FF2A0AF14CA79EF372
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/zwVoU_S3kPOB5rrICAIdwCCRMgg.roa
Signing time:             Thu 12 Mar 2026 14:16:11 +0000
ROA not before:           Thu 12 Mar 2026 14:16:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.143.0/24 maxlen: 24
                          163.5.213.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:67:ae:e1:be:96:27:ff:2a:0a:f1:4c:a7:9e:f3:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 12 14:16:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf056853f4b790f381e6bac808021dc020913208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:91:66:45:40:d7:5f:bf:49:1c:8c:eb:1b:d4:
                    82:a1:28:02:db:2c:1d:52:c3:09:04:88:96:b1:99:
                    16:7b:01:93:54:29:26:59:43:6e:7f:51:c7:14:53:
                    82:7f:29:85:b3:a7:10:74:fc:33:75:6e:8f:15:e1:
                    38:f2:f0:97:71:f9:07:8d:99:9d:c7:67:32:c6:db:
                    d0:8d:31:85:35:25:b9:9b:1e:3d:35:a7:f3:cd:b7:
                    29:e0:6e:87:3b:eb:0f:bf:de:75:51:b5:70:8b:f1:
                    3f:bb:7a:03:ec:34:19:c9:2b:35:b4:91:92:97:c7:
                    3f:38:e5:a1:46:74:01:1f:99:bd:07:08:ae:a7:72:
                    b4:b9:84:cf:37:f5:b2:8c:ee:9c:a7:21:20:a5:f3:
                    25:b8:50:90:e3:a2:9e:be:6a:16:da:6b:87:9f:b1:
                    4b:78:46:22:09:e5:e6:f1:2f:da:35:3e:2e:cc:b8:
                    b7:42:d2:48:a7:12:d4:f3:d9:b9:7e:30:45:37:ee:
                    e2:f1:1e:77:40:e3:87:3f:eb:bd:b2:4c:f2:97:17:
                    f5:35:9d:62:75:30:76:8f:09:79:2d:b7:81:20:9e:
                    ca:8d:fe:c7:53:12:d6:04:89:b7:36:a3:be:45:d2:
                    09:ea:d7:75:48:9d:fa:0c:65:7a:51:8b:6d:61:75:
                    8b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:05:68:53:F4:B7:90:F3:81:E6:BA:C8:08:02:1D:C0:20:91:32:08
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/zwVoU_S3kPOB5rrICAIdwCCRMgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.143.0/24
                  163.5.213.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:b5:b2:1c:45:4f:a8:2d:1e:e1:4f:2c:91:da:75:fc:97:08:
         94:d8:71:9d:90:e6:5f:dd:21:6a:7c:b9:a1:c9:30:50:3a:69:
         3f:ff:47:11:dd:94:e9:f5:84:06:3e:b3:90:c6:b6:06:67:1f:
         f5:10:8d:34:7a:f3:b3:d8:4a:a9:4b:4f:da:8e:f6:19:30:a6:
         9c:99:7d:69:6c:8d:9b:ab:80:3f:38:2b:76:1f:33:03:e3:75:
         ec:67:8a:8b:14:52:c5:bd:b3:21:0c:00:38:b4:98:d9:6d:50:
         1c:3d:0f:25:88:f8:97:50:07:61:49:3c:4c:ec:70:7f:cf:d7:
         43:c8:54:65:11:22:44:cc:d8:fb:c1:82:a8:23:ae:95:44:d4:
         21:76:fe:03:d0:99:60:26:5a:51:22:b5:dd:1a:14:52:1f:06:
         df:7a:3c:a1:b6:49:a9:e0:30:aa:96:0e:0e:17:a4:ba:18:69:
         4b:11:3d:8e:91:ea:b5:d0:d1:8d:b3:cf:73:71:4a:ff:a1:10:
         b1:8a:4b:0b:f1:f8:db:01:d3:a0:22:07:0e:66:eb:d8:25:f1:
         a1:80:e4:2b:a4:04:35:38:2f:8e:93:49:61:da:0c:02:a5:03:
         48:77:89:2f:03:88:82:88:ec:dc:8a:80:10:c0:17:f2:0c:b4:
         cf:61:01:82
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZziZ67hvpYn/yoK8UynnvNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMzEyMTQxNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjA1Njg1M2Y0Yjc5MGYzODFlNmJhYzgwODAyMWRjMDIwOTEzMjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5FmRUDXX79JHIzrG9SCoSgC2ywd
UsMJBIiWsZkWewGTVCkmWUNuf1HHFFOCfymFs6cQdPwzdW6PFeE48vCXcfkHjZmd
x2cyxtvQjTGFNSW5mx49Nafzzbcp4G6HO+sPv951UbVwi/E/u3oD7DQZySs1tJGS
l8c/OOWhRnQBH5m9Bwiup3K0uYTPN/WyjO6cpyEgpfMluFCQ46KevmoW2muHn7FL
eEYiCeXm8S/aNT4uzLi3QtJIpxLU89m5fjBFN+7i8R53QOOHP+u9skzylxf1NZ1i
dTB2jwl5LbeBIJ7Kjf7HUxLWBIm3NqO+RdIJ6td1SJ36DGV6UYttYXWLXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM8FaFP0t5Dzgea6yAgCHcAgkTIIMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvendWb1VfUzNrUE9CNXJySUNBSWR3Q0NSTWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowWPAwQA
owXVAwQAuf02MA0GCSqGSIb3DQEBCwUAA4IBAQB9tbIcRU+oLR7hTyyR2nX8lwiU
2HGdkOZf3SFqfLmhyTBQOmk//0cR3ZTp9YQGPrOQxrYGZx/1EI00evOz2EqpS0/a
jvYZMKacmX1pbI2bq4A/OCt2HzMD43XsZ4qLFFLFvbMhDAA4tJjZbVAcPQ8liPiX
UAdhSTxM7HB/z9dDyFRlESJEzNj7wYKoI66VRNQhdv4D0JlgJlpRIrXdGhRSHwbf
ejyhtkmp4DCqlg4OF6S6GGlLET2Okeq10NGNs89zcUr/oRCxiksL8fjbAdOgIgcO
ZuvYJfGhgOQrpAQ1OC+Ok0lh2gwCpQNId4kvA4iCiOzcioAQwBfyDLTPYQGC
-----END CERTIFICATE-----