Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2D1fOUPfE5mHesGwtFZUxFLhiHE.roa
File:                     2D1fOUPfE5mHesGwtFZUxFLhiHE.roa (raw, json)
Hash identifier:          NZqHC4yBAwewNLXFE8LBOev8TJQg0B6Fix3LVHt1qVw=
Subject key identifier:   D8:3D:5F:39:43:DF:13:99:87:7A:C1:B0:B4:56:54:C4:52:E1:88:71
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A2B6623275FB3F52FAC44400CD60A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2D1fOUPfE5mHesGwtFZUxFLhiHE.roa
Signing time:             Wed 01 Jan 2025 19:49:08 +0000
ROA not before:           Wed 01 Jan 2025 19:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29837
IP address blocks:        163.5.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2b:66:23:27:5f:b3:f5:2f:ac:44:40:0c:d6:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d83d5f3943df1399877ac1b0b45654c452e18871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d7:fe:89:1b:7f:ec:e2:96:49:13:4f:0c:a3:
                    0d:b4:46:df:62:74:cd:ac:d7:67:03:70:7a:92:11:
                    d9:3d:46:24:ff:59:d5:d3:9e:58:4c:4d:b1:18:00:
                    80:67:b3:28:58:fe:e5:57:9b:7d:9f:47:bf:34:5c:
                    73:32:21:b4:6e:f3:31:15:bc:dc:96:85:8c:bd:af:
                    50:95:ca:c9:cb:87:75:dc:46:72:80:76:4e:21:0f:
                    ac:15:c8:f8:c0:af:0e:b8:af:88:c3:85:00:14:3a:
                    b0:ca:fa:a1:4a:db:b5:58:65:7b:1f:5b:90:c3:b0:
                    c4:34:4c:61:de:8f:a8:ce:5a:16:a0:4a:00:4a:58:
                    15:45:93:11:7d:1a:09:3b:8c:c0:e0:af:e6:82:62:
                    a1:e3:5c:3d:8b:f0:5c:07:00:7d:76:cb:cd:f6:8d:
                    b2:c9:af:5a:13:0f:1f:78:27:cd:56:64:8a:03:04:
                    d0:18:82:e8:1c:0e:9f:38:0b:a3:0c:ef:27:dd:3c:
                    2a:28:6d:90:fb:02:28:71:e8:be:25:31:18:49:85:
                    29:ae:e9:f5:b2:f3:6b:58:68:e5:14:4a:bb:35:c7:
                    c6:11:7b:70:13:fa:66:96:b7:b9:90:1c:de:67:9e:
                    68:99:07:5e:1f:59:35:e1:dd:b0:88:49:ba:fa:c0:
                    f3:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:3D:5F:39:43:DF:13:99:87:7A:C1:B0:B4:56:54:C4:52:E1:88:71
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2D1fOUPfE5mHesGwtFZUxFLhiHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:9f:39:23:00:3a:36:83:d1:44:bb:a5:65:ce:fe:1e:b1:7a:
         0f:16:05:75:60:7c:15:34:0a:ce:32:ee:c9:5f:90:cc:c0:e6:
         34:d1:47:14:18:d3:d3:ab:f4:8a:80:d7:44:39:60:70:40:a5:
         2c:6c:b8:c7:d2:a4:4d:b3:8b:c7:eb:d3:09:ed:5a:f2:d0:29:
         58:b9:c4:07:43:5a:95:1b:90:ca:a1:9d:e8:4e:72:ec:3a:9a:
         41:de:6f:09:11:67:de:89:2c:93:99:a8:1c:93:18:b9:e2:fa:
         b7:44:60:c8:ca:de:f6:df:63:b1:67:51:39:8c:cf:f7:14:5a:
         cb:01:7a:21:f3:b1:a2:a1:67:92:d2:45:af:38:23:a8:61:71:
         9d:04:68:b6:56:2c:42:be:41:11:1a:2b:09:52:5d:e4:62:36:
         6f:90:5f:9d:7b:94:14:d9:35:f1:eb:58:ce:59:8f:a9:e9:ce:
         f5:15:01:71:25:b8:46:39:5b:1e:89:0d:c3:dd:d9:37:a7:d5:
         8b:09:ce:47:2c:77:35:5f:83:e0:22:53:2b:74:ec:10:3a:f3:
         3e:fb:9a:1f:68:3c:b6:1a:3b:3b:64:33:e5:6f:bb:e7:e3:ee:
         8e:db:ce:af:9c:77:35:bc:36:60:39:ea:e0:6e:58:5c:ab:e4:
         20:20:67:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaitmIydfs/UvrERADNYKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODNkNWYzOTQzZGYxMzk5ODc3YWMxYjBiNDU2NTRjNDUyZTE4ODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNf+iRt/7OKWSRNPDKMNtEbfYnTN
rNdnA3B6khHZPUYk/1nV055YTE2xGACAZ7MoWP7lV5t9n0e/NFxzMiG0bvMxFbzc
loWMva9QlcrJy4d13EZygHZOIQ+sFcj4wK8OuK+Iw4UAFDqwyvqhStu1WGV7H1uQ
w7DENExh3o+ozloWoEoASlgVRZMRfRoJO4zA4K/mgmKh41w9i/BcBwB9dsvN9o2y
ya9aEw8feCfNVmSKAwTQGILoHA6fOAujDO8n3TwqKG2Q+wIocei+JTEYSYUprun1
svNrWGjlFEq7NcfGEXtwE/pmlre5kBzeZ55omQdeH1k14d2wiEm6+sDzKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNg9XzlD3xOZh3rBsLRWVMRS4YhxMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMkQxZk9VUGZFNW1IZXNHd3RGWlV4RkxoaUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXtMA0G
CSqGSIb3DQEBCwUAA4IBAQCgnzkjADo2g9FEu6Vlzv4esXoPFgV1YHwVNArOMu7J
X5DMwOY00UcUGNPTq/SKgNdEOWBwQKUsbLjH0qRNs4vH69MJ7Vry0ClYucQHQ1qV
G5DKoZ3oTnLsOppB3m8JEWfeiSyTmagckxi54vq3RGDIyt7232OxZ1E5jM/3FFrL
AXoh87GioWeS0kWvOCOoYXGdBGi2VixCvkERGisJUl3kYjZvkF+de5QU2TXx61jO
WY+p6c71FQFxJbhGOVseiQ3D3dk3p9WLCc5HLHc1X4PgIlMrdOwQOvM++5ofaDy2
Gjs7ZDPlb7vn4+6O286vnHc1vDZgOergblhcq+QgIGf9
-----END CERTIFICATE-----