Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2bKHGhYuWkdOYOaKT2ZUM4AwoH4.roa
File:                     2bKHGhYuWkdOYOaKT2ZUM4AwoH4.roa (raw, json)
Hash identifier:          6y6W54cRhQqoUYC8/3eRmhvNDANpfLF7AZQn1O59CtQ=
Subject key identifier:   D9:B2:87:1A:16:2E:5A:47:4E:60:E6:8A:4F:66:54:33:80:30:A0:7E
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A1E62DE76BCDAC0964954ACDB6037
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2bKHGhYuWkdOYOaKT2ZUM4AwoH4.roa
Signing time:             Wed 01 Jan 2025 19:49:04 +0000
ROA not before:           Wed 01 Jan 2025 19:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        163.5.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:1e:62:de:76:bc:da:c0:96:49:54:ac:db:60:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9b2871a162e5a474e60e68a4f6654338030a07e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4b:e8:49:86:08:1b:29:20:68:e7:24:f0:75:
                    62:22:23:8c:71:0a:a4:e0:f4:f0:03:91:dd:31:88:
                    61:7a:e1:f1:5d:2c:f7:e5:91:3f:69:f3:f3:46:73:
                    67:cd:d1:5c:a9:fd:28:49:8c:e7:ff:96:dc:c9:30:
                    0b:9f:ef:bf:3f:e9:a0:dc:63:13:e7:f0:e0:bc:1d:
                    c1:cd:bb:4a:5f:00:5e:fb:67:df:dd:d3:35:5b:8d:
                    7a:01:6a:f1:9b:4f:41:86:6b:9c:53:cd:f5:03:5f:
                    e1:2b:c4:50:d1:3b:02:f9:99:f3:d3:5c:68:3c:c2:
                    41:bf:68:2f:04:25:9f:82:95:ca:7d:c6:bd:fe:3c:
                    d1:a9:51:b4:3a:80:f7:11:c5:92:28:16:22:47:21:
                    1b:96:0e:ce:dd:5c:51:7b:5f:9a:d8:02:ee:b8:0c:
                    e9:cf:df:62:04:10:f1:51:b2:d6:c0:ac:ea:7c:24:
                    b1:4d:a0:5c:45:cd:0f:1f:34:d7:ea:67:00:43:93:
                    dd:3b:6b:11:e0:39:78:49:b2:f9:3a:85:6d:e1:61:
                    8f:2e:9f:21:ea:c4:7d:88:f5:4c:09:18:b3:9a:ee:
                    f7:fc:08:66:0a:02:85:a5:0a:08:4a:ae:6e:9e:52:
                    ba:4d:65:4b:fa:72:a6:c3:39:17:cf:c5:a4:5c:30:
                    a4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:B2:87:1A:16:2E:5A:47:4E:60:E6:8A:4F:66:54:33:80:30:A0:7E
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2bKHGhYuWkdOYOaKT2ZUM4AwoH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:36:4d:19:4e:b7:b7:3f:c0:8e:f8:62:85:af:db:81:78:2e:
         a7:aa:ec:50:2f:56:f5:44:80:f9:a4:47:d9:5c:e4:ad:69:83:
         98:ab:72:a5:16:8a:f4:16:48:26:61:f5:7b:f9:ec:c4:a5:29:
         58:39:98:b8:0e:d6:d1:e8:aa:4d:f2:d1:ea:b8:ae:ff:84:37:
         70:e8:6d:be:7b:e7:81:1a:5f:06:9f:a2:a9:da:b8:88:2a:b9:
         35:2d:5a:8a:bb:73:cc:0c:8d:bd:63:9a:43:68:12:7b:da:53:
         d5:71:b1:a9:87:ff:60:e0:01:67:63:38:30:cf:fd:0a:c7:52:
         36:1d:15:37:69:d2:ef:f0:31:03:9d:31:3b:86:a7:85:fd:41:
         21:b3:41:e7:a2:4b:cf:35:03:fb:ae:1a:4d:b0:4f:12:f4:d1:
         00:cb:d2:04:a9:f3:16:bf:eb:49:39:74:74:3a:53:1a:bf:ff:
         d9:39:84:53:2f:52:84:e9:19:16:6b:90:4a:b5:6c:62:eb:3c:
         1e:b2:17:96:fb:e3:bf:da:54:81:58:75:a8:24:e7:7c:15:bc:
         0b:ae:19:3e:c7:8b:da:7d:36:de:67:71:46:23:fc:5d:c4:7c:
         fc:a4:15:ca:76:45:bb:b5:7c:47:2d:0e:9a:43:65:36:84:3e:
         d7:01:96:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjah5i3na82sCWSVSs22A3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWIyODcxYTE2MmU1YTQ3NGU2MGU2OGE0ZjY2NTQzMzgwMzBhMDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEvoSYYIGykgaOck8HViIiOMcQqk
4PTwA5HdMYhheuHxXSz35ZE/afPzRnNnzdFcqf0oSYzn/5bcyTALn++/P+mg3GMT
5/DgvB3BzbtKXwBe+2ff3dM1W416AWrxm09BhmucU831A1/hK8RQ0TsC+Znz01xo
PMJBv2gvBCWfgpXKfca9/jzRqVG0OoD3EcWSKBYiRyEblg7O3VxRe1+a2ALuuAzp
z99iBBDxUbLWwKzqfCSxTaBcRc0PHzTX6mcAQ5PdO2sR4Dl4SbL5OoVt4WGPLp8h
6sR9iPVMCRizmu73/AhmCgKFpQoISq5unlK6TWVL+nKmwzkXz8WkXDCkoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmyhxoWLlpHTmDmik9mVDOAMKB+MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMmJLSEdoWXVXa2RPWU9hS1QyWlVNNEF3b0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUvMA0G
CSqGSIb3DQEBCwUAA4IBAQBlNk0ZTre3P8CO+GKFr9uBeC6nquxQL1b1RID5pEfZ
XOStaYOYq3KlFor0FkgmYfV7+ezEpSlYOZi4DtbR6KpN8tHquK7/hDdw6G2+e+eB
Gl8Gn6Kp2riIKrk1LVqKu3PMDI29Y5pDaBJ72lPVcbGph/9g4AFnYzgwz/0Kx1I2
HRU3adLv8DEDnTE7hqeF/UEhs0HnokvPNQP7rhpNsE8S9NEAy9IEqfMWv+tJOXR0
OlMav//ZOYRTL1KE6RkWa5BKtWxi6zwesheW++O/2lSBWHWoJOd8FbwLrhk+x4va
fTbeZ3FGI/xdxHz8pBXKdkW7tXxHLQ6aQ2U2hD7XAZar
-----END CERTIFICATE-----