Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4HVZib3i-Q5U_7oiE-SVHawIHKQ.roa
File:                     4HVZib3i-Q5U_7oiE-SVHawIHKQ.roa (raw, json)
Hash identifier:          t17Dgml6wL2fK5/oKvlKdokO2qoWjxSGQZfwVAUabCE=
Subject key identifier:   E0:75:59:89:BD:E2:F9:0E:54:FF:BA:22:13:E4:95:1D:AC:08:1C:A4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0191905348EAB805DD78ADABE677438A4D0F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4HVZib3i-Q5U_7oiE-SVHawIHKQ.roa
Signing time:             Mon 26 Aug 2024 20:14:22 +0000
ROA not before:           Mon 26 Aug 2024 20:14:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205733
IP address blocks:        163.5.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:90:53:48:ea:b8:05:dd:78:ad:ab:e6:77:43:8a:4d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug 26 20:14:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0755989bde2f90e54ffba2213e4951dac081ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:83:f1:b1:9f:63:0a:e3:b1:dd:28:80:fa:ee:
                    16:f6:47:85:46:c5:f9:8c:89:6b:40:36:2b:39:66:
                    87:39:35:bf:32:46:58:00:1e:20:ec:80:a3:19:86:
                    f3:d7:e3:c7:a2:b7:d8:9f:cf:a0:3a:d8:19:ca:03:
                    e8:ce:3a:da:a6:83:50:d5:d2:ab:84:2b:07:2f:b8:
                    bb:ee:08:84:aa:0c:32:56:5c:39:ad:2b:dc:5c:ae:
                    1f:8d:18:e2:83:a4:a4:61:0c:ba:44:90:81:ee:31:
                    c0:3b:66:03:fa:57:5c:a3:c4:47:14:e1:88:68:05:
                    7a:8a:21:e0:c8:19:0c:7e:3d:74:56:ce:cf:0b:42:
                    39:67:49:d4:26:a5:0d:a4:08:72:20:ed:66:da:3a:
                    ea:67:2a:63:30:2a:3e:9d:ad:48:83:da:3e:b2:af:
                    d6:a2:4f:b2:10:09:c9:47:5f:6e:18:fa:6f:87:7c:
                    cc:70:f9:31:2a:93:81:a4:b0:1a:09:ca:cc:7b:0a:
                    9a:a5:7b:86:10:7a:8b:2c:c2:6c:19:b4:2a:83:32:
                    fb:64:76:93:d4:11:58:d5:69:d7:13:9f:43:7c:f4:
                    c0:1f:3b:40:a8:20:1b:b3:1f:0a:a3:a8:6e:2d:15:
                    c4:a1:c8:72:0f:52:41:01:63:9d:7b:74:08:78:ed:
                    20:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:75:59:89:BD:E2:F9:0E:54:FF:BA:22:13:E4:95:1D:AC:08:1C:A4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4HVZib3i-Q5U_7oiE-SVHawIHKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:f8:a5:6d:30:e4:ab:ef:70:00:bd:93:7a:15:43:e3:89:64:
         38:59:c4:4e:97:1d:be:2d:15:20:fd:8c:3e:02:f1:52:53:52:
         94:1b:3a:67:b6:df:9a:e2:54:85:34:39:ea:72:ed:1a:1e:fe:
         ad:af:ab:08:f1:fc:3f:49:41:b6:7e:b7:a2:e7:8f:d1:f6:e6:
         32:ed:55:42:fb:2d:77:93:7c:47:ae:fa:a9:f4:a5:14:ac:bf:
         92:89:5f:5c:27:c5:90:4e:d7:8b:87:68:7f:42:42:66:ec:82:
         38:ae:0d:d1:f0:c8:63:c3:10:aa:fb:ee:38:28:6e:a9:37:41:
         e4:db:b3:11:b0:1f:43:e8:56:f2:96:8e:59:3e:52:ef:99:a1:
         8f:35:d8:ea:4d:ec:09:35:f8:b3:db:e8:83:7f:42:80:3f:10:
         8e:ae:fa:d2:7d:a7:09:6f:65:71:a2:35:fd:7e:e0:a5:80:ba:
         0c:fb:c5:4d:c8:65:34:b3:ae:67:89:f6:c8:ed:24:f1:f7:09:
         b3:73:dc:31:33:20:bf:15:c3:52:0c:7e:fe:43:dc:ee:f0:9a:
         3e:4c:2b:dd:c6:51:4d:fd:66:d8:3c:c4:dc:00:aa:02:ba:33:
         d7:de:9c:89:1a:77:be:8a:c8:bb:2d:a4:92:c1:39:bd:f8:ae:
         43:31:4c:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGQU0jquAXdeK2r5ndDik0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwODI2MjAxNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDc1NTk4OWJkZTJmOTBlNTRmZmJhMjIxM2U0OTUxZGFjMDgxY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIPxsZ9jCuOx3SiA+u4W9keFRsX5
jIlrQDYrOWaHOTW/MkZYAB4g7ICjGYbz1+PHorfYn8+gOtgZygPozjrapoNQ1dKr
hCsHL7i77giEqgwyVlw5rSvcXK4fjRjig6SkYQy6RJCB7jHAO2YD+ldco8RHFOGI
aAV6iiHgyBkMfj10Vs7PC0I5Z0nUJqUNpAhyIO1m2jrqZypjMCo+na1Ig9o+sq/W
ok+yEAnJR19uGPpvh3zMcPkxKpOBpLAaCcrMewqapXuGEHqLLMJsGbQqgzL7ZHaT
1BFY1WnXE59DfPTAHztAqCAbsx8Ko6huLRXEochyD1JBAWOde3QIeO0g6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOB1WYm94vkOVP+6IhPklR2sCBykMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNEhWWmliM2ktUTVVXzdvaUUtU1ZIYXdJSEtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWoMA0G
CSqGSIb3DQEBCwUAA4IBAQAj+KVtMOSr73AAvZN6FUPjiWQ4WcROlx2+LRUg/Yw+
AvFSU1KUGzpntt+a4lSFNDnqcu0aHv6tr6sI8fw/SUG2frei54/R9uYy7VVC+y13
k3xHrvqp9KUUrL+SiV9cJ8WQTteLh2h/QkJm7II4rg3R8MhjwxCq++44KG6pN0Hk
27MRsB9D6Fbylo5ZPlLvmaGPNdjqTewJNfiz2+iDf0KAPxCOrvrSfacJb2VxojX9
fuClgLoM+8VNyGU0s65nifbI7STx9wmzc9wxMyC/FcNSDH7+Q9zu8Jo+TCvdxlFN
/WbYPMTcAKoCujPX3pyJGne+isi7LaSSwTm9+K5DMUzk
-----END CERTIFICATE-----