Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0T0KWHmT-RGAWhbcmotY5QjpgRE.roa
File:                     0T0KWHmT-RGAWhbcmotY5QjpgRE.roa (raw, json)
Hash identifier:          /bBS1G/cSbmzaTym/kc+AHttFfVbBLkeYqv3QHuIHTM=
Subject key identifier:   D1:3D:0A:58:79:93:F9:11:80:5A:16:DC:9A:8B:58:E5:08:E9:81:11
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC425539C4B726A4AECD7655F75BF0736
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0T0KWHmT-RGAWhbcmotY5QjpgRE.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        163.5.177.0/24 maxlen: 24
                          163.5.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:53:9c:4b:72:6a:4a:ec:d7:65:5f:75:bf:07:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d13d0a587993f911805a16dc9a8b58e508e98111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:45:03:64:ec:85:1d:12:ea:b8:1b:aa:21:3d:
                    c7:6a:09:a7:b8:28:a2:cb:c5:59:95:de:ac:a1:aa:
                    e2:cb:1a:b0:10:d4:c7:69:21:2b:8a:63:5e:f4:a5:
                    73:2c:16:c9:69:9d:cf:50:32:77:34:2f:48:08:63:
                    21:e2:50:f6:99:c0:99:88:bd:54:50:68:8f:b0:87:
                    47:d3:d1:b9:20:7c:f2:53:e5:64:e1:eb:f6:9f:c9:
                    ce:83:d9:e3:d2:eb:ff:93:8b:a8:ec:b8:df:f9:cb:
                    ec:50:b3:4d:8f:43:ca:0e:6d:eb:e5:05:a9:8d:f4:
                    d4:bd:0a:71:5d:e3:d2:d0:62:9e:16:8c:20:9e:bb:
                    ef:2a:79:f8:6d:3c:a5:47:df:4e:9d:35:82:d2:88:
                    72:60:a6:63:62:6b:d4:02:22:c6:f7:74:cf:fc:e7:
                    f0:b1:ec:03:1f:d6:ef:78:44:86:9a:43:d2:d8:a7:
                    87:32:f5:2f:af:c6:a6:ff:e8:58:52:11:87:b8:1a:
                    19:2d:06:81:65:a0:eb:63:36:2e:8e:79:1a:14:5e:
                    3b:93:6b:b8:39:45:b5:2e:1d:ec:67:42:6b:15:0e:
                    70:c8:c2:72:77:cc:b5:f0:99:af:4e:e0:92:a3:8e:
                    79:e8:ec:58:00:17:48:0a:76:5d:f7:36:18:fd:eb:
                    04:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:3D:0A:58:79:93:F9:11:80:5A:16:DC:9A:8B:58:E5:08:E9:81:11
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0T0KWHmT-RGAWhbcmotY5QjpgRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.34.0/24
                  163.5.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:c1:99:a6:6b:64:5f:d8:f5:a5:34:6e:18:f5:72:71:0b:ac:
         ae:0c:86:d0:91:ec:ce:50:05:33:27:0f:85:54:62:da:d4:20:
         e6:1c:aa:4f:26:da:62:20:36:ec:a8:8e:97:0c:a6:14:b6:ef:
         ec:6b:c1:c2:a5:a4:56:05:cc:63:f2:10:2b:f9:10:91:61:40:
         8e:19:3e:d5:1b:1d:a7:8f:6c:54:7e:a2:55:28:3a:4b:f5:cc:
         53:8e:bd:04:8f:a0:4d:ad:aa:a7:03:7e:6b:53:80:54:08:84:
         c3:53:ca:c4:4f:6e:95:e2:15:b7:b3:a8:ec:37:f0:16:07:6a:
         23:40:ba:51:11:6e:7d:11:80:2b:ba:32:ad:a8:a4:08:46:64:
         dd:fd:a3:53:33:d9:06:58:e2:31:41:14:11:ee:1e:1e:2e:46:
         a5:d9:fa:24:1f:24:2b:72:c7:cd:7b:d1:a9:5f:6a:38:1e:79:
         0c:56:9e:6d:1a:66:93:fb:3e:56:c3:02:d9:6c:f4:f5:a5:f8:
         f9:07:a5:08:e3:cf:18:42:16:29:4e:c0:c5:da:f7:08:ab:68:
         bb:07:c7:c9:ab:3d:06:20:de:8c:7e:f8:2e:99:ad:03:ce:9c:
         fa:cd:32:87:02:69:1b:9b:39:93:68:5c:8b:a4:6f:f1:19:21:
         7b:f6:74:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJVOcS3JqSuzXZV91vwc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTNkMGE1ODc5OTNmOTExODA1YTE2ZGM5YThiNThlNTA4ZTk4MTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskUDZOyFHRLquBuqIT3HagmnuCii
y8VZld6soariyxqwENTHaSErimNe9KVzLBbJaZ3PUDJ3NC9ICGMh4lD2mcCZiL1U
UGiPsIdH09G5IHzyU+Vk4ev2n8nOg9nj0uv/k4uo7Ljf+cvsULNNj0PKDm3r5QWp
jfTUvQpxXePS0GKeFowgnrvvKnn4bTylR99OnTWC0ohyYKZjYmvUAiLG93TP/Ofw
sewDH9bveESGmkPS2KeHMvUvr8am/+hYUhGHuBoZLQaBZaDrYzYujnkaFF47k2u4
OUW1Lh3sZ0JrFQ5wyMJyd8y18JmvTuCSo4556OxYABdICnZd9zYY/esEPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNE9Clh5k/kRgFoW3JqLWOUI6YERMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMFQwS1dIbVQtUkdBV2hiY21vdFk1UWpwZ1JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowUiAwQA
owWxMA0GCSqGSIb3DQEBCwUAA4IBAQAswZmma2Rf2PWlNG4Y9XJxC6yuDIbQkezO
UAUzJw+FVGLa1CDmHKpPJtpiIDbsqI6XDKYUtu/sa8HCpaRWBcxj8hAr+RCRYUCO
GT7VGx2nj2xUfqJVKDpL9cxTjr0Ej6BNraqnA35rU4BUCITDU8rET26V4hW3s6js
N/AWB2ojQLpREW59EYArujKtqKQIRmTd/aNTM9kGWOIxQRQR7h4eLkal2fokHyQr
csfNe9GpX2o4HnkMVp5tGmaT+z5WwwLZbPT1pfj5B6UI488YQhYpTsDF2vcIq2i7
B8fJqz0GIN6Mfvguma0Dzpz6zTKHAmkbmzmTaFyLpG/xGSF79nQB
-----END CERTIFICATE-----