Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4QEgdYqyMkTiMqCrGcYfOhbHlUw.roa
File:                     4QEgdYqyMkTiMqCrGcYfOhbHlUw.roa (raw, json)
Hash identifier:          ZDkjp7wzJkN68KbZmkbhGdqran55UV2RnaySaHJ8GCo=
Subject key identifier:   E1:01:20:75:8A:B2:32:44:E2:32:A0:AB:19:C6:1F:3A:16:C7:95:4C
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0195A9C58B1DFFD12D9BAA622F393B857A61
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4QEgdYqyMkTiMqCrGcYfOhbHlUw.roa
Signing time:             Tue 18 Mar 2025 15:00:50 +0000
ROA not before:           Tue 18 Mar 2025 15:00:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47741
IP address blocks:        163.5.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a9:c5:8b:1d:ff:d1:2d:9b:aa:62:2f:39:3b:85:7a:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 18 15:00:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e10120758ab23244e232a0ab19c61f3a16c7954c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a8:6d:4c:be:0e:28:db:fc:e9:b4:b0:70:8a:
                    a6:60:5c:c2:a0:74:7d:7d:79:a7:41:a5:b6:19:ce:
                    2e:8c:ea:05:88:5b:88:e1:1e:c4:67:25:7b:f4:1a:
                    70:2c:74:77:48:02:ca:b6:d8:8a:f3:22:52:18:ac:
                    f8:f7:d2:ab:7d:33:4e:58:8f:ae:c4:b6:7a:30:14:
                    dc:e7:42:7a:89:d3:a9:14:f6:47:f5:03:7d:9d:9a:
                    dc:56:c9:a9:ab:9b:8e:c1:21:06:42:8f:59:59:0d:
                    34:c8:e3:0b:b6:cf:6f:ed:6c:e6:64:f9:13:69:ee:
                    f0:a8:2f:37:27:d1:7c:71:6f:c5:d3:f8:ec:e1:ad:
                    3f:c7:9e:5d:9d:11:65:0d:ac:4b:48:b9:aa:60:30:
                    5f:6c:57:b5:c4:eb:d4:fe:42:71:f9:f5:7d:b2:9b:
                    fa:a1:39:0f:5a:32:c1:ef:88:8c:ae:ed:0e:54:5a:
                    a8:c4:92:f2:19:22:d9:cc:dd:32:4c:a5:1a:9f:f4:
                    14:18:26:e7:20:60:34:47:11:74:0a:e6:b9:f0:af:
                    d0:72:12:af:bd:29:da:d1:9c:86:5a:07:d6:54:3f:
                    9d:a9:0e:aa:37:70:7f:c8:16:c8:52:63:ee:2a:b5:
                    9e:6b:80:c7:e7:50:24:24:6d:ee:ff:76:70:55:d5:
                    82:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:01:20:75:8A:B2:32:44:E2:32:A0:AB:19:C6:1F:3A:16:C7:95:4C
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4QEgdYqyMkTiMqCrGcYfOhbHlUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:6a:76:07:59:4c:98:d6:11:d1:07:0c:ef:0d:56:5d:ea:00:
         f5:47:09:34:bf:ac:3a:01:8e:99:01:15:a4:12:11:f9:89:60:
         12:10:d5:9e:cc:c6:ad:f8:df:4b:0d:cb:f3:59:6a:56:42:61:
         76:31:1d:1d:24:47:c8:1c:47:bf:3e:e6:61:26:b6:58:18:04:
         0e:f5:e7:52:92:f4:5f:f2:a7:0c:08:72:08:6c:c6:4a:0b:47:
         ec:74:9d:7c:73:55:37:b0:65:38:9b:5b:8b:15:ef:7e:36:4a:
         3e:4c:3d:b8:92:a5:59:47:32:db:d6:bb:03:67:3c:b3:54:72:
         43:34:5e:93:b2:e3:e3:9d:ae:67:3c:79:9a:e8:c0:39:68:7b:
         11:08:70:bf:e2:dc:7c:ac:eb:29:00:a3:32:a9:d9:f7:a8:dd:
         ed:f8:86:5b:01:fd:b1:90:76:23:31:52:11:fd:38:c5:39:48:
         fd:41:26:94:7d:3a:e1:ca:37:35:8a:7a:75:f4:7b:18:87:59:
         56:a0:38:b9:05:e6:da:af:2c:b8:84:1a:bf:b3:91:f4:95:48:
         28:0e:a0:b9:f8:54:15:ba:7e:a0:cc:55:8d:d2:3f:70:58:2d:
         35:71:ec:a9:81:a9:ee:9a:79:46:f6:c7:09:6e:fb:15:e9:76:
         d6:40:f1:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWpxYsd/9Etm6piLzk7hXphMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMzE4MTUwMDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTAxMjA3NThhYjIzMjQ0ZTIzMmEwYWIxOWM2MWYzYTE2Yzc5NTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApahtTL4OKNv86bSwcIqmYFzCoHR9
fXmnQaW2Gc4ujOoFiFuI4R7EZyV79BpwLHR3SALKttiK8yJSGKz499KrfTNOWI+u
xLZ6MBTc50J6idOpFPZH9QN9nZrcVsmpq5uOwSEGQo9ZWQ00yOMLts9v7WzmZPkT
ae7wqC83J9F8cW/F0/js4a0/x55dnRFlDaxLSLmqYDBfbFe1xOvU/kJx+fV9spv6
oTkPWjLB74iMru0OVFqoxJLyGSLZzN0yTKUan/QUGCbnIGA0RxF0Cua58K/QchKv
vSna0ZyGWgfWVD+dqQ6qN3B/yBbIUmPuKrWea4DH51AkJG3u/3ZwVdWCAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEBIHWKsjJE4jKgqxnGHzoWx5VMMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNFFFZ2RZcXlNa1RpTXFDckdjWWZPaGJIbFV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVcMA0G
CSqGSIb3DQEBCwUAA4IBAQCnanYHWUyY1hHRBwzvDVZd6gD1Rwk0v6w6AY6ZARWk
EhH5iWASENWezMat+N9LDcvzWWpWQmF2MR0dJEfIHEe/PuZhJrZYGAQO9edSkvRf
8qcMCHIIbMZKC0fsdJ18c1U3sGU4m1uLFe9+Nko+TD24kqVZRzLb1rsDZzyzVHJD
NF6TsuPjna5nPHma6MA5aHsRCHC/4tx8rOspAKMyqdn3qN3t+IZbAf2xkHYjMVIR
/TjFOUj9QSaUfTrhyjc1inp19HsYh1lWoDi5Bebaryy4hBq/s5H0lUgoDqC5+FQV
un6gzFWN0j9wWC01ceypganumnlG9scJbvsV6XbWQPG9
-----END CERTIFICATE-----