Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2aOQHkSKGGfPdNvpl1sT3OR9e6g.roa
File:                     2aOQHkSKGGfPdNvpl1sT3OR9e6g.roa (raw, json)
Hash identifier:          axhYv0Kz/9PA77iiZovYSneuH3s2O094MV5UoA/YGK4=
Subject key identifier:   D9:A3:90:1E:44:8A:18:67:CF:74:DB:E9:97:5B:13:DC:E4:7D:7B:A8
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A36B41F8894EE747175421020EB36
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2aOQHkSKGGfPdNvpl1sT3OR9e6g.roa
Signing time:             Wed 01 Jan 2025 19:49:10 +0000
ROA not before:           Wed 01 Jan 2025 19:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        163.5.53.0/24 maxlen: 24
                          163.5.79.0/24 maxlen: 24
                          163.5.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:36:b4:1f:88:94:ee:74:71:75:42:10:20:eb:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9a3901e448a1867cf74dbe9975b13dce47d7ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e1:e3:8f:68:0b:ad:1a:77:9b:c9:61:92:1b:
                    47:ec:87:3d:82:6a:8d:68:c9:6c:f6:9e:5c:4c:37:
                    c3:6a:85:53:13:6e:8c:d1:26:2e:42:54:ed:4e:ed:
                    e6:42:61:67:bd:d7:cb:85:73:93:8c:23:6c:03:63:
                    39:23:ef:15:84:74:d2:be:ad:a1:6b:1a:a6:b4:d8:
                    f1:d0:56:e9:6f:63:f2:30:25:21:59:21:5f:18:88:
                    bd:1d:e0:42:07:85:e5:f1:48:16:07:9e:7f:f5:ff:
                    68:a0:7c:aa:29:19:95:2c:0f:ba:20:0a:09:8e:a2:
                    60:e0:95:9d:1b:2a:06:91:6c:8e:df:c5:30:07:95:
                    6e:96:1b:e0:a8:86:00:76:86:5a:0a:bc:d5:35:6c:
                    20:54:75:de:cf:67:f0:d6:9f:14:a1:b5:0a:25:fe:
                    45:48:b0:00:c4:0c:d3:fc:12:d5:35:dd:71:88:4e:
                    e6:aa:55:09:91:c1:0e:8c:4a:52:76:9f:d6:fc:58:
                    57:e0:80:25:7e:75:8f:a6:13:3d:11:95:b3:db:6a:
                    42:7b:e4:80:02:af:6a:f6:7f:3e:89:5b:0b:c7:3d:
                    8e:37:37:6b:cf:f5:c2:4a:ee:b3:aa:ee:ea:a8:47:
                    a9:00:2b:1e:89:b6:09:32:45:70:87:c7:48:75:e3:
                    58:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A3:90:1E:44:8A:18:67:CF:74:DB:E9:97:5B:13:DC:E4:7D:7B:A8
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2aOQHkSKGGfPdNvpl1sT3OR9e6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.53.0/24
                  163.5.79.0/24
                  163.5.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:38:8f:b5:0e:f3:5a:d5:29:10:a5:4c:1c:ca:d3:c4:ca:93:
         de:39:36:4b:ee:63:d6:4a:64:e7:0f:c0:82:b6:e4:32:38:72:
         88:3e:61:49:bc:ab:53:6e:c9:f8:0d:3d:36:8c:c3:1d:5a:3e:
         a4:ab:b8:5a:b1:0b:0c:dc:8d:c6:28:2f:bc:af:05:67:77:63:
         48:6e:9d:3d:49:75:07:df:29:26:14:93:8f:25:76:aa:56:91:
         de:ab:90:b6:63:98:7f:11:b8:15:39:c6:b3:f3:b6:ce:91:7b:
         54:e1:08:c6:94:6a:27:4b:f0:b8:5e:51:a5:c4:e7:e5:8b:f2:
         eb:57:9d:3f:52:b3:62:20:8e:5e:de:5a:57:33:6e:c4:e1:38:
         17:b7:16:c8:a6:4b:47:8a:9d:c8:2c:44:c5:ee:81:aa:75:c9:
         0d:f3:97:1c:6a:1f:14:40:d1:3c:ef:df:3e:34:0e:5e:07:de:
         8b:63:3f:69:03:6e:23:94:ba:af:3c:6e:1a:7c:42:f8:d0:0c:
         c4:72:68:77:45:ab:93:6d:31:ce:e4:ec:00:13:d4:90:c1:30:
         30:5f:7e:23:9e:87:34:16:f9:a5:11:32:96:a2:e9:89:69:d9:
         84:9d:f4:0e:ba:54:94:95:e8:ea:23:3e:36:21:59:6e:22:ba:
         7d:c7:d6:b4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjaja0H4iU7nRxdUIQIOs2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWEzOTAxZTQ0OGExODY3Y2Y3NGRiZTk5NzViMTNkY2U0N2Q3YmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveHjj2gLrRp3m8lhkhtH7Ic9gmqN
aMls9p5cTDfDaoVTE26M0SYuQlTtTu3mQmFnvdfLhXOTjCNsA2M5I+8VhHTSvq2h
axqmtNjx0Fbpb2PyMCUhWSFfGIi9HeBCB4Xl8UgWB55/9f9ooHyqKRmVLA+6IAoJ
jqJg4JWdGyoGkWyO38UwB5VulhvgqIYAdoZaCrzVNWwgVHXez2fw1p8UobUKJf5F
SLAAxAzT/BLVNd1xiE7mqlUJkcEOjEpSdp/W/FhX4IAlfnWPphM9EZWz22pCe+SA
Aq9q9n8+iVsLxz2ONzdrz/XCSu6zqu7qqEepACseibYJMkVwh8dIdeNYewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNmjkB5Eihhnz3Tb6ZdbE9zkfXuoMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMmFPUUhrU0tHR2ZQZE52cGwxc1QzT1I5ZTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowU1AwQA
owVPAwQAowWhMA0GCSqGSIb3DQEBCwUAA4IBAQAWOI+1DvNa1SkQpUwcytPEypPe
OTZL7mPWSmTnD8CCtuQyOHKIPmFJvKtTbsn4DT02jMMdWj6kq7hasQsM3I3GKC+8
rwVnd2NIbp09SXUH3ykmFJOPJXaqVpHeq5C2Y5h/EbgVOcaz87bOkXtU4QjGlGon
S/C4XlGlxOfli/LrV50/UrNiII5e3lpXM27E4TgXtxbIpktHip3ILETF7oGqdckN
85ccah8UQNE8798+NA5eB96LYz9pA24jlLqvPG4afEL40AzEcmh3RauTbTHO5OwA
E9SQwTAwX34jnoc0FvmlETKWoumJadmEnfQOulSUlejqIz42IVluIrp9x9a0
-----END CERTIFICATE-----