Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3AyqkQ9AqkIqilgJDRkBxY7UeX0.roa
File:                     3AyqkQ9AqkIqilgJDRkBxY7UeX0.roa (raw, json)
Hash identifier:          A5lJtAB/A1hL2uuAFB0i10vEeLU0OVUFmHVoHSfE4Xk=
Subject key identifier:   DC:0C:AA:91:0F:40:AA:42:2A:8A:58:09:0D:19:01:C5:8E:D4:79:7D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC42561F71DA43EB71338A2DFA1BB2405
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3AyqkQ9AqkIqilgJDRkBxY7UeX0.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202673
IP address blocks:        163.5.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:61:f7:1d:a4:3e:b7:13:38:a2:df:a1:bb:24:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc0caa910f40aa422a8a58090d1901c58ed4797d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1b:ef:15:fb:ba:85:17:94:9b:13:7d:1c:e7:
                    32:88:4f:ef:7d:81:b9:2c:91:79:5a:41:b6:80:ea:
                    29:74:c1:12:3b:1c:56:12:f1:25:c4:4b:6b:f8:55:
                    3f:fa:2a:07:10:ea:2d:58:07:f8:3f:5d:fa:98:bf:
                    12:28:70:29:82:d4:c9:dc:f1:22:94:57:5e:d8:b3:
                    30:c6:7b:3c:5c:e4:94:e1:73:03:b6:21:40:f9:86:
                    ab:0e:cd:3f:95:67:a8:7e:86:f5:04:dd:fe:02:9d:
                    57:12:69:69:57:84:c2:bd:a1:1b:47:11:d0:4a:08:
                    8a:90:ab:6e:fd:32:21:f0:58:2e:f4:79:25:bc:f2:
                    34:7c:fd:52:96:cb:9b:4e:90:20:c6:04:96:8d:58:
                    e6:74:64:e9:ab:3d:e8:49:81:63:eb:c7:23:2d:c3:
                    c9:3f:1d:24:94:70:4b:1f:4e:b4:a4:00:45:d3:77:
                    48:b0:0f:d5:82:fc:10:56:bb:36:fa:2c:1a:92:39:
                    28:6e:26:04:1f:a6:00:8f:ea:64:ac:e4:d7:66:92:
                    cf:85:bb:e6:8c:f2:39:86:25:be:c2:00:5a:e9:49:
                    ae:b1:b7:de:15:53:b1:9c:e0:78:99:a1:ec:8c:7b:
                    eb:27:6e:d5:02:63:e3:82:f7:5f:5d:a2:fb:d4:8e:
                    99:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:0C:AA:91:0F:40:AA:42:2A:8A:58:09:0D:19:01:C5:8E:D4:79:7D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3AyqkQ9AqkIqilgJDRkBxY7UeX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:7b:de:c1:ba:49:a5:b6:bc:da:41:cb:be:b3:c1:4d:c9:13:
         f8:c1:c5:ff:2e:ee:17:7c:fc:e7:49:45:0e:8d:17:47:27:a7:
         51:f6:f1:2d:53:13:73:38:d0:95:73:68:15:a4:a6:10:b3:79:
         e6:ec:41:ba:31:af:22:47:01:9c:e0:8b:08:8f:28:56:e9:3e:
         23:a1:f8:fb:ec:6d:6a:b6:4b:7b:e0:71:0a:96:57:fb:52:ec:
         e8:76:d6:f4:6f:19:d1:b7:58:a7:35:c8:dc:14:a5:c0:b6:f5:
         2b:81:a9:0c:52:42:10:cf:cb:b2:ce:cf:5a:eb:f0:38:4c:01:
         11:62:88:df:93:e3:08:6b:02:37:e4:26:fd:ce:ea:47:16:db:
         fb:08:39:b8:78:2a:7d:70:7a:1f:6a:d3:90:59:51:a5:57:7c:
         b6:9b:6e:04:36:36:cf:a2:f7:de:6a:47:cf:23:d2:6d:a1:df:
         82:d4:ad:5f:2b:4b:06:1b:a9:f7:62:14:64:20:b4:c6:d4:23:
         e9:49:66:5d:17:b5:94:98:0a:e1:1c:15:a7:d9:40:71:31:dc:
         d4:ce:87:32:b5:b0:49:7d:ec:d4:1b:dd:c7:6e:ec:f5:cb:3c:
         08:e7:71:fc:6e:7c:90:e0:d0:84:04:2a:9a:60:00:0c:fa:a4:
         3d:3f:df:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWH3HaQ+txM4ot+huyQFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzBjYWE5MTBmNDBhYTQyMmE4YTU4MDkwZDE5MDFjNThlZDQ3OTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRvvFfu6hReUmxN9HOcyiE/vfYG5
LJF5WkG2gOopdMESOxxWEvElxEtr+FU/+ioHEOotWAf4P136mL8SKHApgtTJ3PEi
lFde2LMwxns8XOSU4XMDtiFA+YarDs0/lWeofob1BN3+Ap1XEmlpV4TCvaEbRxHQ
SgiKkKtu/TIh8Fgu9HklvPI0fP1SlsubTpAgxgSWjVjmdGTpqz3oSYFj68cjLcPJ
Px0klHBLH060pABF03dIsA/VgvwQVrs2+iwakjkobiYEH6YAj+pkrOTXZpLPhbvm
jPI5hiW+wgBa6UmusbfeFVOxnOB4maHsjHvrJ27VAmPjgvdfXaL71I6Z8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwMqpEPQKpCKopYCQ0ZAcWO1Hl9MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvM0F5cWtROUFxa0lxaWxnSkRSa0J4WTdVZVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowV4MA0G
CSqGSIb3DQEBCwUAA4IBAQCfe97BukmltrzaQcu+s8FNyRP4wcX/Lu4XfPznSUUO
jRdHJ6dR9vEtUxNzONCVc2gVpKYQs3nm7EG6Ma8iRwGc4IsIjyhW6T4jofj77G1q
tkt74HEKllf7Uuzodtb0bxnRt1inNcjcFKXAtvUrgakMUkIQz8uyzs9a6/A4TAER
Yojfk+MIawI35Cb9zupHFtv7CDm4eCp9cHofatOQWVGlV3y2m24ENjbPovfeakfP
I9Jtod+C1K1fK0sGG6n3YhRkILTG1CPpSWZdF7WUmArhHBWn2UBxMdzUzocytbBJ
fezUG93Hbuz1yzwI53H8bnyQ4NCEBCqaYAAM+qQ9P99k
-----END CERTIFICATE-----