Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2pQ6EI6kfMgsV6q5ZddyZbkLODU.roa
File:                     2pQ6EI6kfMgsV6q5ZddyZbkLODU.roa (raw, json)
Hash identifier:          cq1+KHFkh2w/l7N3rD9gRshWWN+uvR6b12dqjNHIZS8=
Subject key identifier:   DA:94:3A:10:8E:A4:7C:C8:2C:57:AA:B9:65:D7:72:65:B9:0B:38:35
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC425661AB262A7AC3832A1A225656D46
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2pQ6EI6kfMgsV6q5ZddyZbkLODU.roa
Signing time:             Mon 01 Jan 2024 08:30:34 +0000
ROA not before:           Mon 01 Jan 2024 08:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207994
IP address blocks:        163.5.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:66:1a:b2:62:a7:ac:38:32:a1:a2:25:65:6d:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da943a108ea47cc82c57aab965d77265b90b3835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ab:62:30:33:f9:57:8a:1c:ac:85:bb:fa:5f:
                    56:bf:2b:73:f3:c6:38:f2:b4:0a:18:d6:af:02:10:
                    90:65:7b:7d:ae:7b:92:74:26:86:d3:82:a5:02:87:
                    71:9f:e2:ec:61:7d:13:c9:6c:17:80:a9:8a:40:77:
                    e9:1d:da:fd:aa:06:8d:76:76:f7:c1:f6:ca:66:04:
                    97:d7:d9:fe:18:4f:a8:57:09:37:7d:99:90:a4:3b:
                    79:35:03:42:8f:4a:e0:cc:7c:d4:8f:fd:85:36:ea:
                    ed:bb:8a:db:39:1b:c1:c9:e4:fe:1c:ab:ab:d4:cb:
                    96:e7:fe:96:de:35:aa:db:48:32:41:82:ed:e1:75:
                    88:a6:ca:0b:b7:85:9c:98:f8:6c:32:b9:d1:40:79:
                    f1:61:e3:20:1d:0a:09:90:98:3b:f2:13:5e:89:d9:
                    48:39:52:dd:6a:10:7c:b8:74:ce:55:98:0c:a3:af:
                    ae:d8:af:97:3e:d0:04:a9:73:1a:c1:5c:4f:75:3c:
                    49:f4:2b:29:dd:2d:39:ed:4b:f9:bf:0d:c8:86:72:
                    6f:d5:61:80:ce:9c:64:38:a8:25:1d:00:d2:1b:84:
                    a2:1e:7e:92:d1:7a:94:a4:6c:51:78:c4:22:ad:81:
                    bb:dc:fd:42:8d:59:b1:e1:1f:09:53:b3:e9:1a:bf:
                    42:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:94:3A:10:8E:A4:7C:C8:2C:57:AA:B9:65:D7:72:65:B9:0B:38:35
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2pQ6EI6kfMgsV6q5ZddyZbkLODU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:09:7c:3d:be:fa:cd:5a:97:7f:1b:ff:52:cd:a3:84:f5:4f:
         93:a1:eb:17:bb:72:da:14:b9:ac:95:4c:1e:f1:8b:a7:3f:d5:
         f9:8e:23:b4:32:c7:09:67:49:94:c5:d1:99:d2:d3:bb:4d:84:
         bf:a9:71:c6:ec:3a:52:d4:d8:ef:54:9a:1f:66:7a:01:a3:90:
         47:dd:18:25:75:f6:1a:73:92:7a:dc:59:5d:10:52:04:0f:b8:
         28:fc:af:2d:b8:14:54:c2:58:8a:49:05:66:59:3a:64:bd:42:
         d7:90:67:15:51:72:7a:6f:86:25:85:e7:f1:44:ad:a3:2c:f1:
         a0:62:5d:93:ba:ff:b7:2e:44:41:b5:cf:06:99:1f:78:ef:75:
         d6:42:41:c8:6f:1f:73:d8:fa:17:0c:ad:8a:72:46:ae:d2:a0:
         75:0a:48:59:84:25:7c:0c:06:07:67:93:17:1f:3c:47:d1:83:
         b2:3d:81:f2:66:7d:06:b0:28:20:f1:56:e8:f6:4a:43:1e:20:
         2b:65:7f:ba:0a:41:fb:3c:bf:77:07:31:94:23:11:9b:eb:fb:
         53:9c:3d:04:43:a9:f9:55:45:c8:01:1f:8b:66:5c:ed:ad:da:
         43:06:5f:78:85:94:1a:54:4f:13:03:93:60:f2:9a:cb:ba:17:
         c9:b2:d4:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWYasmKnrDgyoaIlZW1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTk0M2ExMDhlYTQ3Y2M4MmM1N2FhYjk2NWQ3NzI2NWI5MGIzODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6tiMDP5V4ocrIW7+l9Wvytz88Y4
8rQKGNavAhCQZXt9rnuSdCaG04KlAodxn+LsYX0TyWwXgKmKQHfpHdr9qgaNdnb3
wfbKZgSX19n+GE+oVwk3fZmQpDt5NQNCj0rgzHzUj/2FNurtu4rbORvByeT+HKur
1MuW5/6W3jWq20gyQYLt4XWIpsoLt4WcmPhsMrnRQHnxYeMgHQoJkJg78hNeidlI
OVLdahB8uHTOVZgMo6+u2K+XPtAEqXMawVxPdTxJ9Csp3S057Uv5vw3IhnJv1WGA
zpxkOKglHQDSG4SiHn6S0XqUpGxReMQirYG73P1CjVmx4R8JU7PpGr9C0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqUOhCOpHzILFequWXXcmW5Czg1MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMnBRNkVJNmtmTWdzVjZxNVpkZHlaYmtMT0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVMMA0G
CSqGSIb3DQEBCwUAA4IBAQA4CXw9vvrNWpd/G/9SzaOE9U+ToesXu3LaFLmslUwe
8YunP9X5jiO0MscJZ0mUxdGZ0tO7TYS/qXHG7DpS1NjvVJofZnoBo5BH3RgldfYa
c5J63FldEFIED7go/K8tuBRUwliKSQVmWTpkvULXkGcVUXJ6b4YlhefxRK2jLPGg
Yl2Tuv+3LkRBtc8GmR9473XWQkHIbx9z2PoXDK2Kckau0qB1CkhZhCV8DAYHZ5MX
HzxH0YOyPYHyZn0GsCgg8Vbo9kpDHiArZX+6CkH7PL93BzGUIxGb6/tTnD0EQ6n5
VUXIAR+LZlztrdpDBl94hZQaVE8TA5Ng8prLuhfJstTQ
-----END CERTIFICATE-----