Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1gXogT4ON23jOZ8clKqDsOeoE0k.roa
File:                     1gXogT4ON23jOZ8clKqDsOeoE0k.roa (raw, json)
Hash identifier:          muezOtCzY7giFM4A9Ps9y1E2V6lFWJXsox7EL18d/Ns=
Subject key identifier:   D6:05:E8:81:3E:0E:37:6D:E3:39:9F:1C:94:AA:83:B0:E7:A8:13:49
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4256B8B49B934B94FC8663F5FA3B44A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1gXogT4ON23jOZ8clKqDsOeoE0k.roa
Signing time:             Mon 01 Jan 2024 08:30:35 +0000
ROA not before:           Mon 01 Jan 2024 08:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216089
IP address blocks:        163.5.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6b:8b:49:b9:34:b9:4f:c8:66:3f:5f:a3:b4:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d605e8813e0e376de3399f1c94aa83b0e7a81349
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ce:6f:c3:6d:e6:e7:79:7f:6f:e4:ea:57:a7:
                    ac:c4:f2:4e:76:7d:3b:73:72:e7:40:c7:a4:3b:50:
                    5d:60:78:33:08:d4:2b:be:6a:0b:a2:71:6f:e8:ef:
                    8d:9f:39:a6:7a:8b:c5:1b:19:43:e7:63:18:cf:19:
                    d2:b5:f9:01:0a:af:c3:3b:70:f3:28:4d:ed:15:59:
                    6d:fe:e9:d7:c8:e3:7e:aa:3e:d5:5a:dc:9e:f8:68:
                    d6:25:04:5f:07:a6:43:27:03:c8:79:62:f4:41:c7:
                    7c:16:9c:64:1d:97:f5:d9:a0:e7:46:c5:e9:eb:ae:
                    c3:65:6e:fa:55:97:63:10:f7:7b:75:43:45:8b:e1:
                    91:f1:11:f2:66:73:0b:67:ef:4d:07:ae:97:fe:cc:
                    0b:a9:22:6a:b0:44:8b:b3:ca:e4:39:dd:5b:0c:5c:
                    4d:53:e2:9c:2f:fe:84:09:57:6f:d9:65:bc:b8:fc:
                    c5:2c:7f:eb:b9:32:2d:e2:12:80:c4:a0:79:bf:00:
                    5e:4c:85:ca:ab:5b:f2:fc:80:9a:44:38:5b:2c:87:
                    38:b4:49:be:f2:f9:cf:35:4d:11:f9:41:91:ff:d3:
                    72:9e:f3:43:92:92:bf:d2:da:b6:8a:38:4e:ae:2f:
                    42:f2:3e:ef:94:f4:f9:0e:b3:93:92:12:ee:3b:eb:
                    10:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:05:E8:81:3E:0E:37:6D:E3:39:9F:1C:94:AA:83:B0:E7:A8:13:49
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1gXogT4ON23jOZ8clKqDsOeoE0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:94:c2:28:6a:98:a3:2b:db:0b:3a:f1:e0:15:68:0b:d5:0d:
         d6:72:ad:37:e3:87:a3:dc:e1:9e:49:93:4b:36:1d:a6:15:fd:
         15:16:d7:0f:3f:d9:fa:fb:0d:69:91:96:64:df:f2:0c:eb:ab:
         7f:e0:25:06:c5:7e:d4:e3:a6:d5:b9:8c:42:b9:26:11:bb:cf:
         f8:61:de:78:ac:38:84:1b:58:a2:ad:bd:1f:51:f1:ec:aa:2a:
         26:74:3e:a3:ff:20:a6:73:03:ae:33:c4:03:1c:50:51:9f:0c:
         47:37:39:0b:0c:6c:9e:33:4e:a0:88:da:44:76:3e:f3:3a:36:
         32:68:cc:84:cf:dd:f3:7c:58:e1:14:93:d3:3d:c5:ba:fa:9d:
         cf:d0:c3:45:b5:10:2d:f9:f4:f4:7e:87:41:03:d2:2c:d9:d8:
         eb:47:f7:3d:f1:5d:7e:d3:2b:c0:ca:5f:c1:2e:2f:9e:e7:ac:
         73:8c:ce:74:0a:ef:8d:f3:5d:f6:59:3e:b8:94:36:02:1c:b4:
         d2:9f:4f:55:55:ff:41:7e:3a:78:16:3d:e8:41:56:00:ce:2e:
         46:e8:3d:80:ae:85:ef:9b:ec:06:56:5f:5f:b5:50:fc:38:9d:
         67:e1:73:05:db:94:cf:74:d1:02:4d:70:6a:de:79:18:5c:eb:
         bf:c5:74:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWuLSbk0uU/IZj9fo7RKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjA1ZTg4MTNlMGUzNzZkZTMzOTlmMWM5NGFhODNiMGU3YTgxMzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmc5vw23m53l/b+TqV6esxPJOdn07
c3LnQMekO1BdYHgzCNQrvmoLonFv6O+NnzmmeovFGxlD52MYzxnStfkBCq/DO3Dz
KE3tFVlt/unXyON+qj7VWtye+GjWJQRfB6ZDJwPIeWL0Qcd8FpxkHZf12aDnRsXp
667DZW76VZdjEPd7dUNFi+GR8RHyZnMLZ+9NB66X/swLqSJqsESLs8rkOd1bDFxN
U+KcL/6ECVdv2WW8uPzFLH/ruTIt4hKAxKB5vwBeTIXKq1vy/ICaRDhbLIc4tEm+
8vnPNU0R+UGR/9NynvNDkpK/0tq2ijhOri9C8j7vlPT5DrOTkhLuO+sQ4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYF6IE+Djdt4zmfHJSqg7DnqBNJMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMWdYb2dUNE9OMjNqT1o4Y2xLcURzT2VvRTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowX7MA0G
CSqGSIb3DQEBCwUAA4IBAQBOlMIoapijK9sLOvHgFWgL1Q3Wcq0344ej3OGeSZNL
Nh2mFf0VFtcPP9n6+w1pkZZk3/IM66t/4CUGxX7U46bVuYxCuSYRu8/4Yd54rDiE
G1iirb0fUfHsqiomdD6j/yCmcwOuM8QDHFBRnwxHNzkLDGyeM06giNpEdj7zOjYy
aMyEz93zfFjhFJPTPcW6+p3P0MNFtRAt+fT0fodBA9Is2djrR/c98V1+0yvAyl/B
Li+e56xzjM50Cu+N8132WT64lDYCHLTSn09VVf9Bfjp4Fj3oQVYAzi5G6D2AroXv
m+wGVl9ftVD8OJ1n4XMF25TPdNECTXBq3nkYXOu/xXQ+
-----END CERTIFICATE-----