Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1SejBwvq2CwCDAlo3OXwdJFr-gU.roa
File:                     1SejBwvq2CwCDAlo3OXwdJFr-gU.roa (raw, json)
Hash identifier:          gC1cdyjQWC+nrc1kFOuptnzU5KJPP6asIFn1lfQh9Zw=
Subject key identifier:   D5:27:A3:07:0B:EA:D8:2C:02:0C:09:68:DC:E5:F0:74:91:6B:FA:05
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A347DA27CAD64D5D54E5A89999B43
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1SejBwvq2CwCDAlo3OXwdJFr-gU.roa
Signing time:             Wed 01 Jan 2025 19:49:10 +0000
ROA not before:           Wed 01 Jan 2025 19:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60790
IP address blocks:        163.5.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:34:7d:a2:7c:ad:64:d5:d5:4e:5a:89:99:9b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d527a3070bead82c020c0968dce5f074916bfa05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f0:e8:dc:0e:6c:3c:f3:b2:9d:03:46:0c:ec:
                    e2:16:dc:34:71:f2:ae:5c:a0:83:8b:c6:31:70:70:
                    a7:32:cf:9e:2c:e0:bd:c5:4f:08:4c:27:34:24:a8:
                    76:4a:00:1d:56:2c:60:37:32:17:2b:21:59:1e:99:
                    95:af:d1:ea:55:1e:06:1a:d0:36:e8:d7:c5:18:8b:
                    09:00:8f:2c:bf:2e:92:e4:2d:b1:d3:63:7e:07:bb:
                    91:fb:56:53:c8:94:63:c9:29:ba:46:15:2c:b9:d5:
                    ba:1e:a6:9f:89:88:8d:8a:68:d8:62:21:84:b6:3f:
                    ca:4f:07:2f:3d:fb:b4:44:fa:b5:79:52:e7:f5:5b:
                    d5:89:2b:b1:a3:9c:f7:b5:68:3e:18:f9:9a:2f:78:
                    19:bc:05:78:27:4d:4c:a0:43:0a:8c:77:b7:dc:33:
                    b7:ea:0a:fe:a3:28:b2:66:12:ef:da:2a:11:f8:c5:
                    34:06:2a:95:7b:42:61:41:f7:07:b8:8d:dd:65:a9:
                    84:18:23:75:49:d0:62:84:41:e5:9f:84:68:1e:d5:
                    f8:a6:69:13:d9:ee:6a:65:65:bd:85:2b:f1:40:85:
                    2b:ac:56:96:5f:ab:2f:cc:6e:19:f6:5c:16:03:21:
                    db:fb:57:56:0b:f2:a7:d9:cb:93:ec:3d:df:aa:10:
                    fb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:27:A3:07:0B:EA:D8:2C:02:0C:09:68:DC:E5:F0:74:91:6B:FA:05
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1SejBwvq2CwCDAlo3OXwdJFr-gU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:f1:9e:1f:08:c4:fd:ec:63:f5:fc:b4:1f:72:27:fa:24:7f:
         a6:c9:35:d3:5e:a1:c4:f2:f5:2a:1a:62:da:91:58:2e:d0:ef:
         85:6e:2b:e8:cf:62:c4:a8:ea:55:61:f2:2f:d6:61:6f:d5:eb:
         8c:dc:64:dd:1e:38:bf:34:08:66:e3:9b:c1:f4:f0:da:be:2c:
         1c:c5:32:c3:a1:d8:7e:0a:8e:e9:9a:fc:f4:d2:07:c0:d2:1d:
         eb:37:9a:9c:86:0a:b6:5f:2e:11:91:57:dc:cf:8e:d9:e2:15:
         a4:4f:c5:a6:8a:ff:8f:80:87:76:e0:a7:6c:5b:b1:c6:7e:02:
         87:e5:33:a0:a9:65:dc:ff:20:b6:2f:4d:41:67:5b:71:bc:5b:
         c8:ee:5a:6c:90:67:0b:a2:24:f9:b3:7e:b6:52:90:29:1e:8d:
         fe:63:63:57:9a:3c:c5:ab:13:17:3b:77:ed:0b:70:07:23:f8:
         30:80:9e:41:02:f0:57:f4:60:d8:b6:2f:79:67:c1:db:98:22:
         6b:56:56:ee:c1:29:75:5b:7c:4d:f1:4e:ec:ed:7e:50:d1:42:
         5c:06:41:76:5e:ac:90:fe:7a:05:9d:d0:8f:40:66:58:9a:8e:
         57:7a:0e:da:47:d1:e9:c0:7f:24:2e:ea:50:df:a2:a1:e1:11:
         44:50:53:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajR9onytZNXVTlqJmZtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTI3YTMwNzBiZWFkODJjMDIwYzA5NjhkY2U1ZjA3NDkxNmJmYTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPDo3A5sPPOynQNGDOziFtw0cfKu
XKCDi8YxcHCnMs+eLOC9xU8ITCc0JKh2SgAdVixgNzIXKyFZHpmVr9HqVR4GGtA2
6NfFGIsJAI8svy6S5C2x02N+B7uR+1ZTyJRjySm6RhUsudW6HqafiYiNimjYYiGE
tj/KTwcvPfu0RPq1eVLn9VvViSuxo5z3tWg+GPmaL3gZvAV4J01MoEMKjHe33DO3
6gr+oyiyZhLv2ioR+MU0BiqVe0JhQfcHuI3dZamEGCN1SdBihEHln4RoHtX4pmkT
2e5qZWW9hSvxQIUrrFaWX6svzG4Z9lwWAyHb+1dWC/Kn2cuT7D3fqhD7OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUnowcL6tgsAgwJaNzl8HSRa/oFMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMVNlakJ3dnEyQ3dDREFsbzNPWHdkSkZyLWdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWHMA0G
CSqGSIb3DQEBCwUAA4IBAQBE8Z4fCMT97GP1/LQfcif6JH+myTXTXqHE8vUqGmLa
kVgu0O+Fbivoz2LEqOpVYfIv1mFv1euM3GTdHji/NAhm45vB9PDaviwcxTLDodh+
Co7pmvz00gfA0h3rN5qchgq2Xy4RkVfcz47Z4hWkT8Wmiv+PgId24KdsW7HGfgKH
5TOgqWXc/yC2L01BZ1txvFvI7lpskGcLoiT5s362UpApHo3+Y2NXmjzFqxMXO3ft
C3AHI/gwgJ5BAvBX9GDYti95Z8HbmCJrVlbuwSl1W3xN8U7s7X5Q0UJcBkF2XqyQ
/noFndCPQGZYmo5Xeg7aR9HpwH8kLupQ36Kh4RFEUFPj
-----END CERTIFICATE-----