Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0WBTsVS2patilmkxUrgUrsrQtmk.roa
File:                     0WBTsVS2patilmkxUrgUrsrQtmk.roa (raw, json)
Hash identifier:          QU2B2UvpIQ1BEjJTJYt4mTH409GG8B/2jCxNHsUcMnc=
Subject key identifier:   D1:60:53:B1:54:B6:A5:AB:62:96:69:31:52:B8:14:AE:CA:D0:B6:69
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A2657A8D923BC681D24273F7865DD
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0WBTsVS2patilmkxUrgUrsrQtmk.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16125
IP address blocks:        163.5.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:26:57:a8:d9:23:bc:68:1d:24:27:3f:78:65:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d16053b154b6a5ab6296693152b814aecad0b669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b9:2a:11:7c:b2:4e:be:01:5b:45:7d:03:b5:
                    d8:28:0e:7d:b6:da:de:94:5c:2d:0d:79:f1:94:13:
                    1f:e1:e4:31:93:c9:70:6a:7c:36:bb:65:de:ee:9d:
                    8b:86:01:96:17:df:c4:68:a0:84:65:07:47:9c:f6:
                    e2:15:57:e2:60:6c:5c:ec:82:0c:00:86:53:ad:67:
                    c9:2a:e6:4c:56:c2:62:07:fc:5c:f7:8b:0a:3f:2b:
                    f2:8a:15:68:ff:59:f0:eb:5c:84:b2:d7:58:41:41:
                    d2:55:e1:36:5f:2c:b3:61:16:d5:4d:ba:a1:24:d2:
                    98:47:f7:86:d1:b8:da:35:d6:53:bb:ec:e6:b5:74:
                    5c:4d:59:4a:a6:8c:59:a3:b1:67:94:3c:7e:02:92:
                    0e:55:84:84:0d:92:fb:f0:17:01:0f:6e:5f:d2:ab:
                    92:af:15:e8:a6:45:36:aa:ca:89:ab:20:1d:5e:25:
                    4b:58:2f:c1:79:93:17:af:70:86:fa:51:e5:d2:b1:
                    fa:6f:55:fd:9d:89:08:ce:65:a6:7f:1e:fe:10:8f:
                    e7:37:59:39:39:ab:07:47:d4:e3:93:d6:68:fb:08:
                    b8:e8:42:61:f0:32:24:9f:ac:5b:98:80:75:b3:5f:
                    62:d8:f0:6b:03:7b:67:d4:ba:30:4e:41:d3:a4:00:
                    8f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:60:53:B1:54:B6:A5:AB:62:96:69:31:52:B8:14:AE:CA:D0:B6:69
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0WBTsVS2patilmkxUrgUrsrQtmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:60:f0:9d:40:e5:d1:43:ae:7f:bc:d2:0c:45:49:9f:97:36:
         97:42:08:af:05:3a:fe:69:b2:58:da:a8:ea:e9:4c:0e:65:52:
         43:8e:89:53:d3:84:0f:31:eb:fa:de:b0:80:1a:80:8a:2a:e9:
         0b:fa:dd:3a:18:cf:64:1a:bc:ec:c7:0a:1b:4a:c5:8f:1c:02:
         2c:e7:f7:97:ed:3e:54:ba:20:0d:7d:c9:2f:a5:0b:a4:04:1b:
         55:78:fe:d4:75:be:85:12:6d:5b:80:27:a1:49:f9:83:0c:b5:
         7e:23:0d:a7:54:f4:dd:3e:d6:89:cd:cb:cb:60:92:71:41:02:
         af:62:f9:b4:ec:69:2b:2d:df:d2:7c:1f:c3:29:3f:7c:55:61:
         19:96:c7:84:dd:e6:16:98:a4:09:64:3a:a0:40:f6:9e:4c:d8:
         92:30:ef:25:82:1f:9c:a2:55:2a:f9:65:eb:c2:c5:e8:47:5e:
         09:1c:78:66:96:97:c1:3b:43:79:13:bf:94:aa:6c:e7:a1:22:
         52:51:0c:7b:d8:f1:d7:93:91:72:10:dc:f6:e9:c2:a7:99:96:
         47:d6:87:5b:41:a7:d5:fb:d4:51:41:c1:b3:c9:56:b6:e5:78:
         ac:01:df:09:bd:bb:5e:84:d4:4d:f2:14:93:d7:e9:00:3c:b2:
         8f:a9:bf:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiZXqNkjvGgdJCc/eGXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTYwNTNiMTU0YjZhNWFiNjI5NjY5MzE1MmI4MTRhZWNhZDBiNjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbkqEXyyTr4BW0V9A7XYKA59ttre
lFwtDXnxlBMf4eQxk8lwanw2u2Xe7p2LhgGWF9/EaKCEZQdHnPbiFVfiYGxc7IIM
AIZTrWfJKuZMVsJiB/xc94sKPyvyihVo/1nw61yEstdYQUHSVeE2XyyzYRbVTbqh
JNKYR/eG0bjaNdZTu+zmtXRcTVlKpoxZo7FnlDx+ApIOVYSEDZL78BcBD25f0quS
rxXopkU2qsqJqyAdXiVLWC/BeZMXr3CG+lHl0rH6b1X9nYkIzmWmfx7+EI/nN1k5
OasHR9Tjk9Zo+wi46EJh8DIkn6xbmIB1s19i2PBrA3tn1LowTkHTpACPMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFgU7FUtqWrYpZpMVK4FK7K0LZpMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMFdCVHNWUzJwYXRpbG1reFVyZ1Vyc3JRdG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWwMA0G
CSqGSIb3DQEBCwUAA4IBAQArYPCdQOXRQ65/vNIMRUmflzaXQgivBTr+abJY2qjq
6UwOZVJDjolT04QPMev63rCAGoCKKukL+t06GM9kGrzsxwobSsWPHAIs5/eX7T5U
uiANfckvpQukBBtVeP7Udb6FEm1bgCehSfmDDLV+Iw2nVPTdPtaJzcvLYJJxQQKv
Yvm07GkrLd/SfB/DKT98VWEZlseE3eYWmKQJZDqgQPaeTNiSMO8lgh+colUq+WXr
wsXoR14JHHhmlpfBO0N5E7+UqmznoSJSUQx72PHXk5FyENz26cKnmZZH1odbQafV
+9RRQcGzyVa25XisAd8JvbtehNRN8hST1+kAPLKPqb/C
-----END CERTIFICATE-----