Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-_IxUFCSf0n4OADtZevijvQE_oE.roa
File:                     1-_IxUFCSf0n4OADtZevijvQE_oE.roa (raw, json)
Hash identifier:          2NG6ZS9KZCLfp5KI+sTDm17aLxLEyZX3BtcGYbH4oa8=
Subject key identifier:   FB:F2:31:50:50:92:7F:49:F8:38:00:ED:65:EB:E2:8E:F4:04:FE:81
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A285FB000ABF8B39D94A173CD896A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-_IxUFCSf0n4OADtZevijvQE_oE.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24429
IP address blocks:        163.5.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:28:5f:b0:00:ab:f8:b3:9d:94:a1:73:cd:89:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbf2315050927f49f83800ed65ebe28ef404fe81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b2:81:92:aa:6e:46:ec:df:45:02:d5:a4:5f:
                    78:53:51:0f:fc:0f:e4:26:cd:4a:3a:35:a9:45:31:
                    74:d3:50:d9:2f:c7:2a:a9:67:6f:ec:5f:85:12:fd:
                    e5:e3:4b:f7:32:e4:52:97:c5:dd:bc:5c:f4:a1:60:
                    8e:5e:c0:ba:de:1b:31:1f:48:f2:06:0d:5a:c0:a9:
                    95:68:47:54:47:ed:bf:19:c5:e3:f1:2a:08:f6:e6:
                    53:2c:e8:7c:a2:af:a5:4a:37:75:cb:03:9d:c8:50:
                    a3:0b:54:5c:76:89:94:d1:00:e8:ea:29:26:49:bc:
                    82:0b:f7:77:3a:33:85:5d:6d:e0:43:b6:9b:83:2b:
                    02:d1:d8:16:b2:1b:f9:15:f3:e3:c1:d8:6c:9a:ea:
                    9c:ac:d2:09:a9:08:b5:8b:f1:d2:90:53:17:68:9e:
                    33:44:27:43:ce:90:e5:1a:9f:8f:77:7a:b0:ee:94:
                    89:d2:f4:e5:68:2c:19:53:fd:43:51:71:ce:6f:5c:
                    04:67:23:3d:1f:96:a0:dc:c8:79:45:1b:10:4b:05:
                    a9:a9:9e:60:51:83:15:47:7a:d8:e8:3e:c1:e3:ec:
                    40:c0:b1:42:32:be:fc:fe:68:53:61:0c:55:e0:66:
                    b7:76:01:e5:58:d1:77:fb:8b:ad:81:8c:35:92:dd:
                    d4:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:F2:31:50:50:92:7F:49:F8:38:00:ED:65:EB:E2:8E:F4:04:FE:81
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-_IxUFCSf0n4OADtZevijvQE_oE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:af:85:8e:33:c4:30:aa:f6:d9:c0:27:d4:76:27:91:02:81:
         b1:a7:77:67:19:99:ee:b5:c7:54:77:14:84:1a:8f:c1:20:c7:
         43:c1:9a:b9:1b:d0:52:35:3d:45:00:18:5f:e2:a8:d7:35:51:
         81:a8:f0:1c:86:50:6d:09:26:1d:c5:7d:61:c6:f5:0c:f5:e8:
         21:48:10:ca:d5:82:19:26:c9:85:6f:a0:48:4b:fb:5b:49:4e:
         41:69:55:7b:39:1f:da:5f:ea:17:8e:bb:cf:73:a8:74:25:d1:
         55:e1:d8:50:39:76:ac:32:78:7f:13:34:fc:a9:43:67:85:91:
         61:f5:93:13:fe:3e:70:9b:a1:25:15:43:22:ff:4c:14:d4:be:
         b1:79:de:3c:7c:0d:a1:0f:96:06:49:2b:49:25:99:a1:33:42:
         16:4d:e1:09:c2:96:10:0a:61:a1:68:9a:e1:a1:84:3c:eb:33:
         10:50:5d:bf:f7:31:2f:b6:77:77:5e:fc:59:cb:ad:db:92:36:
         db:37:44:10:c1:26:21:e1:f0:71:8e:9c:45:c2:b5:a2:f3:b5:
         36:4f:f9:6f:c8:90:07:6f:45:53:7b:aa:5c:ef:b1:fd:19:8e:
         19:80:ed:13:a1:c2:e5:e6:f8:2a:2d:cc:45:c3:e6:df:6e:c8:
         ed:b7:ab:3c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjaihfsACr+LOdlKFzzYlqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmYyMzE1MDUwOTI3ZjQ5ZjgzODAwZWQ2NWViZTI4ZWY0MDRmZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbKBkqpuRuzfRQLVpF94U1EP/A/k
Js1KOjWpRTF001DZL8cqqWdv7F+FEv3l40v3MuRSl8XdvFz0oWCOXsC63hsxH0jy
Bg1awKmVaEdUR+2/GcXj8SoI9uZTLOh8oq+lSjd1ywOdyFCjC1RcdomU0QDo6ikm
SbyCC/d3OjOFXW3gQ7abgysC0dgWshv5FfPjwdhsmuqcrNIJqQi1i/HSkFMXaJ4z
RCdDzpDlGp+Pd3qw7pSJ0vTlaCwZU/1DUXHOb1wEZyM9H5ag3Mh5RRsQSwWpqZ5g
UYMVR3rY6D7B4+xAwLFCMr78/mhTYQxV4Ga3dgHlWNF3+4utgYw1kt3UfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvyMVBQkn9J+DgA7WXr4o70BP6BMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMS1fSXhVRkNTZjBuNE9BRHRaZXZpanZRRV9vRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTMvZDAyZGZiLTk2NzMtNDlhOC05NzFjLTlmZTk0MTA4ZmYw
MS8xL0RPaFJ0dDFkTms3aG5nczRJQnMtamZKaVM4cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKMFpjAN
BgkqhkiG9w0BAQsFAAOCAQEAVq+FjjPEMKr22cAn1HYnkQKBsad3ZxmZ7rXHVHcU
hBqPwSDHQ8GauRvQUjU9RQAYX+Ko1zVRgajwHIZQbQkmHcV9Ycb1DPXoIUgQytWC
GSbJhW+gSEv7W0lOQWlVezkf2l/qF467z3OodCXRVeHYUDl2rDJ4fxM0/KlDZ4WR
YfWTE/4+cJuhJRVDIv9MFNS+sXnePHwNoQ+WBkkrSSWZoTNCFk3hCcKWEAphoWia
4aGEPOszEFBdv/cxL7Z3d178Wcut25I22zdEEMEmIeHwcY6cRcK1ovO1Nk/5b8iQ
B29FU3uqXO+x/RmOGYDtE6HC5eb4Ki3MRcPm327I7berPA==
-----END CERTIFICATE-----