Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4GEJAlxiJg_BavhpDpQcM6AiiNg.roa
File:                     4GEJAlxiJg_BavhpDpQcM6AiiNg.roa (raw, json)
Hash identifier:          sMUCWSA9EnVA59/J58m2KsMVtSuyPZ0WxdH+rn6Epp0=
Subject key identifier:   E0:61:09:02:5C:62:26:0F:C1:6A:F8:69:0E:94:1C:33:A0:22:88:D8
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0196FAE023FB5396996FE35CA387F0BFEB02
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4GEJAlxiJg_BavhpDpQcM6AiiNg.roa
Signing time:             Fri 23 May 2025 02:01:55 +0000
ROA not before:           Fri 23 May 2025 02:01:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46475
IP address blocks:        163.5.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fa:e0:23:fb:53:96:99:6f:e3:5c:a3:87:f0:bf:eb:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 23 02:01:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e06109025c62260fc16af8690e941c33a02288d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d6:54:90:93:09:4b:6e:ca:bd:f6:9a:a5:3c:
                    9b:65:83:4c:3a:5b:28:28:b3:52:24:b1:3c:33:49:
                    b0:84:da:3e:da:f0:c6:72:fd:c6:26:82:d2:1d:e1:
                    3f:b2:79:a1:27:3d:b2:86:ac:fa:76:14:6b:5a:1f:
                    ba:d1:c2:a3:ab:65:b2:4f:31:57:76:b0:67:11:1f:
                    02:72:ab:fb:04:4e:76:69:69:df:90:4a:d5:bd:81:
                    04:2d:82:e4:26:ea:30:8a:fc:b1:8e:c6:de:cc:47:
                    db:6f:f8:ae:57:74:0d:57:92:d9:02:43:bb:2d:57:
                    f4:e8:27:d8:5f:11:1b:c0:ba:dd:2d:1d:1b:e8:8b:
                    29:b3:aa:38:fe:25:78:8c:12:35:14:ef:ca:27:21:
                    9e:7a:e9:f3:40:27:3c:8a:e1:b8:e0:4c:49:5f:fb:
                    ff:bc:b0:a9:bc:c4:c5:72:92:7f:a3:e1:d4:0e:31:
                    92:97:4b:ed:9e:54:05:99:62:83:ec:59:b9:c8:c1:
                    22:48:9c:56:90:a7:63:6c:8c:b4:eb:52:36:2d:9e:
                    53:50:48:55:13:da:83:56:b7:ed:e4:c4:95:b6:d6:
                    e3:28:2b:85:53:e2:56:ab:ce:d8:e7:a0:60:a2:f5:
                    b2:ee:96:70:7f:f3:aa:84:72:d2:d6:f3:7b:76:d3:
                    9c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:61:09:02:5C:62:26:0F:C1:6A:F8:69:0E:94:1C:33:A0:22:88:D8
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4GEJAlxiJg_BavhpDpQcM6AiiNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:33:b6:5e:7b:54:7b:f1:b6:fb:71:12:24:9f:de:57:98:67:
         1f:57:f8:52:d4:dc:a7:42:2c:93:54:6a:72:22:6c:03:0b:14:
         fd:f9:84:f8:88:cd:00:67:77:b7:bc:0b:5b:6c:1b:81:22:4c:
         8f:bb:75:dc:e9:a4:4d:58:8e:ea:89:e3:10:ea:55:15:e3:81:
         7d:fa:3d:eb:12:f5:6f:47:2a:24:4d:d1:d3:69:ea:67:f3:b5:
         86:4d:4a:77:3a:5f:66:64:c1:ca:8b:62:bf:83:d1:58:6b:54:
         14:1a:9d:c7:d3:3f:b3:a7:57:de:97:fb:56:f9:85:8b:7d:12:
         4c:86:5e:94:93:27:11:78:4d:14:99:80:80:98:e9:f3:20:25:
         4b:04:12:3b:4c:98:a2:8f:c6:cf:21:a7:12:f7:e3:61:b7:44:
         b5:93:da:1f:58:4b:1e:15:4b:2e:9f:9c:3f:ad:aa:12:e9:0b:
         79:de:16:67:52:12:9c:f4:04:68:1f:28:d7:b3:b6:00:fb:f4:
         55:cd:34:c3:1c:c6:da:b5:35:cd:2d:63:49:43:c3:81:e2:92:
         0b:13:b4:a3:b0:d6:c6:66:71:ef:c7:ca:b6:9e:d5:cc:21:98:
         d7:7a:54:90:4f:8d:d8:c1:a4:37:e8:d0:a3:22:5c:58:50:f5:
         9b:15:5d:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb64CP7U5aZb+Nco4fwv+sCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNTIzMDIwMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDYxMDkwMjVjNjIyNjBmYzE2YWY4NjkwZTk0MWMzM2EwMjI4OGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9ZUkJMJS27KvfaapTybZYNMOlso
KLNSJLE8M0mwhNo+2vDGcv3GJoLSHeE/snmhJz2yhqz6dhRrWh+60cKjq2WyTzFX
drBnER8Ccqv7BE52aWnfkErVvYEELYLkJuowivyxjsbezEfbb/iuV3QNV5LZAkO7
LVf06CfYXxEbwLrdLR0b6Isps6o4/iV4jBI1FO/KJyGeeunzQCc8iuG44ExJX/v/
vLCpvMTFcpJ/o+HUDjGSl0vtnlQFmWKD7Fm5yMEiSJxWkKdjbIy061I2LZ5TUEhV
E9qDVrft5MSVttbjKCuFU+JWq87Y56BgovWy7pZwf/OqhHLS1vN7dtOcMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBhCQJcYiYPwWr4aQ6UHDOgIojYMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNEdFSkFseGlKZ19CYXZocERwUWNNNkFpaU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWkMA0G
CSqGSIb3DQEBCwUAA4IBAQBPM7Zee1R78bb7cRIkn95XmGcfV/hS1NynQiyTVGpy
ImwDCxT9+YT4iM0AZ3e3vAtbbBuBIkyPu3Xc6aRNWI7qieMQ6lUV44F9+j3rEvVv
RyokTdHTaepn87WGTUp3Ol9mZMHKi2K/g9FYa1QUGp3H0z+zp1fel/tW+YWLfRJM
hl6UkycReE0UmYCAmOnzICVLBBI7TJiij8bPIacS9+Nht0S1k9ofWEseFUsun5w/
raoS6Qt53hZnUhKc9ARoHyjXs7YA+/RVzTTDHMbatTXNLWNJQ8OB4pILE7SjsNbG
ZnHvx8q2ntXMIZjXelSQT43YwaQ36NCjIlxYUPWbFV0W
-----END CERTIFICATE-----