Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1lUjziviP6s_n-yeOmeL8ETe7AQ.roa
File:                     1lUjziviP6s_n-yeOmeL8ETe7AQ.roa (raw, json)
Hash identifier:          75n4lFwNA2oplXyan8dOqk0Kvax+BHPw5wqDNPjyPMc=
Subject key identifier:   D6:55:23:CE:2B:E2:3F:AB:3F:9F:EC:9E:3A:67:8B:F0:44:DE:EC:04
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A4C3D28EBB8180C38E8C215DE0F44
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1lUjziviP6s_n-yeOmeL8ETe7AQ.roa
Signing time:             Wed 01 Jan 2025 19:49:16 +0000
ROA not before:           Wed 01 Jan 2025 19:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215663
IP address blocks:        163.5.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4c:3d:28:eb:b8:18:0c:38:e8:c2:15:de:0f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d65523ce2be23fab3f9fec9e3a678bf044deec04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6c:a3:30:ba:33:1c:0d:2d:78:2f:ca:3e:1d:
                    87:fa:8e:73:d8:1e:83:1f:a5:47:8c:8b:2d:ed:00:
                    d2:a3:46:82:13:4f:89:64:31:38:5f:e5:84:8d:6d:
                    71:48:d3:30:35:6c:fc:f4:36:f1:a1:39:3f:bd:0f:
                    1f:a9:13:d6:57:a4:c5:e0:41:cb:e6:92:81:5d:39:
                    1d:26:80:bc:35:eb:e0:f7:a4:cf:85:62:9b:e4:e7:
                    25:6c:a2:2a:59:4a:8b:a6:75:d5:f3:fa:9d:c1:b8:
                    ec:4f:c4:17:00:f7:fa:f2:05:87:5c:35:b4:81:53:
                    e5:ea:bf:df:3d:3a:47:3f:1e:19:51:79:0b:fa:2d:
                    f8:cb:18:a0:c6:97:91:ba:88:e1:3b:8e:e8:91:fd:
                    96:21:0c:5a:33:25:3e:6a:66:2f:e0:f0:ff:71:4e:
                    2a:e2:04:a8:a8:62:b3:b8:a6:fe:5a:5c:dc:a3:d1:
                    52:93:95:a2:c1:59:57:b0:e4:4f:6f:a4:7b:b7:5e:
                    76:fc:49:bb:9c:78:21:8c:71:21:68:b4:83:e1:d6:
                    70:99:aa:ad:e0:0c:77:18:2f:33:fd:4c:eb:d4:8f:
                    6b:2a:fd:f8:eb:5a:ff:8e:a9:f6:65:a2:b0:67:d3:
                    97:36:1f:c9:7e:5c:2f:03:6b:ab:d1:51:57:72:00:
                    ee:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:55:23:CE:2B:E2:3F:AB:3F:9F:EC:9E:3A:67:8B:F0:44:DE:EC:04
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1lUjziviP6s_n-yeOmeL8ETe7AQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:94:be:89:c0:90:90:3c:1b:1b:93:79:c1:e4:b7:d7:a9:14:
         6c:6b:5e:2d:40:16:5a:43:90:22:b8:a0:0f:e8:34:ee:6a:e5:
         08:5e:72:dc:77:1d:61:5f:aa:10:d2:82:83:80:a8:bd:6a:c3:
         98:61:f6:03:d1:02:01:75:08:bd:b6:16:c2:e5:8f:4c:67:3d:
         27:a2:3f:7d:cd:e1:42:de:06:52:51:d3:88:d9:e5:a8:32:45:
         f4:f4:bc:f9:c2:13:c7:75:a5:71:64:33:a2:24:5f:5c:00:2c:
         ac:44:65:6e:68:0b:8d:f5:3e:fe:38:2e:08:89:83:e5:52:1f:
         2b:79:bb:7c:bb:5b:ed:dd:7e:64:d2:1e:77:9a:03:03:20:2a:
         0b:94:5f:5c:0d:37:df:f2:15:6d:29:92:45:d6:48:ce:1d:bf:
         a3:5c:31:14:ac:45:6e:72:9d:d8:aa:31:c4:fc:54:56:eb:cc:
         12:df:b4:1e:54:66:41:69:d3:92:cd:76:fd:17:0c:9e:22:c1:
         30:bc:ee:92:2b:83:2b:ac:1e:84:54:16:2f:21:09:d4:36:9d:
         10:0e:40:eb:66:35:27:f6:1e:31:38:11:2d:6b:20:36:63:cb:
         e1:29:2f:06:49:b7:cf:c9:3a:fd:43:79:9a:83:52:f2:ef:34:
         79:d8:b5:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakw9KOu4GAw46MIV3g9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjU1MjNjZTJiZTIzZmFiM2Y5ZmVjOWUzYTY3OGJmMDQ0ZGVlYzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WyjMLozHA0teC/KPh2H+o5z2B6D
H6VHjIst7QDSo0aCE0+JZDE4X+WEjW1xSNMwNWz89DbxoTk/vQ8fqRPWV6TF4EHL
5pKBXTkdJoC8Nevg96TPhWKb5OclbKIqWUqLpnXV8/qdwbjsT8QXAPf68gWHXDW0
gVPl6r/fPTpHPx4ZUXkL+i34yxigxpeRuojhO47okf2WIQxaMyU+amYv4PD/cU4q
4gSoqGKzuKb+Wlzco9FSk5WiwVlXsORPb6R7t152/Em7nHghjHEhaLSD4dZwmaqt
4Ax3GC8z/Uzr1I9rKv3461r/jqn2ZaKwZ9OXNh/JflwvA2ur0VFXcgDuRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZVI84r4j+rP5/snjpni/BE3uwEMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMWxVanppdmlQNnNfbi15ZU9tZUw4RVRlN0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUbMA0G
CSqGSIb3DQEBCwUAA4IBAQCLlL6JwJCQPBsbk3nB5LfXqRRsa14tQBZaQ5AiuKAP
6DTuauUIXnLcdx1hX6oQ0oKDgKi9asOYYfYD0QIBdQi9thbC5Y9MZz0noj99zeFC
3gZSUdOI2eWoMkX09Lz5whPHdaVxZDOiJF9cACysRGVuaAuN9T7+OC4IiYPlUh8r
ebt8u1vt3X5k0h53mgMDICoLlF9cDTff8hVtKZJF1kjOHb+jXDEUrEVucp3YqjHE
/FRW68wS37QeVGZBadOSzXb9FwyeIsEwvO6SK4MrrB6EVBYvIQnUNp0QDkDrZjUn
9h4xOBEtayA2Y8vhKS8GSbfPyTr9Q3mag1Ly7zR52LVF
-----END CERTIFICATE-----