Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4wfnItgFiIHLESAQJsFlg0GVS3k.roa
File:                     4wfnItgFiIHLESAQJsFlg0GVS3k.roa (raw, json)
Hash identifier:          aNXz4dfsm08HwvlHZDxbcvpcb01kpQcAci82FZlHPx4=
Subject key identifier:   E3:07:E7:22:D8:05:88:81:CB:11:20:10:26:C1:65:83:41:95:4B:79
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0192EC2F632D751C3F3C84381FD08F925EF2
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4wfnItgFiIHLESAQJsFlg0GVS3k.roa
Signing time:             Sat 02 Nov 2024 09:23:01 +0000
ROA not before:           Sat 02 Nov 2024 09:23:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25160
IP address blocks:        163.5.18.0/24 maxlen: 24
                          163.5.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ec:2f:63:2d:75:1c:3f:3c:84:38:1f:d0:8f:92:5e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov  2 09:23:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e307e722d8058881cb11201026c1658341954b79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ec:b3:92:b5:98:eb:07:a5:bc:65:9e:9e:2b:
                    0b:1c:96:c9:31:df:21:b8:b3:cc:5a:47:75:b7:cb:
                    b5:d1:81:b6:e4:92:de:37:83:63:76:85:c5:ee:30:
                    67:41:96:18:3b:db:56:3b:8c:95:06:5c:89:d9:ff:
                    e1:88:cd:01:af:87:df:b3:59:fb:59:43:93:9e:ff:
                    b0:3d:4c:5b:d8:a8:80:a6:e2:c2:d2:e0:2e:23:e0:
                    07:38:12:ee:ef:5b:ac:70:63:8a:aa:52:c8:fc:6d:
                    68:eb:5d:e5:1a:c1:07:85:76:56:85:fa:d0:c4:99:
                    22:bd:4b:db:59:01:cf:4e:50:78:98:d5:53:9b:e9:
                    e3:7a:0e:88:aa:65:06:05:6b:cc:0b:37:e8:de:5a:
                    35:f6:56:05:e5:3e:2e:fd:45:cf:22:bb:7f:d7:f1:
                    1c:85:f5:66:66:da:8c:61:4e:4e:18:da:ff:42:0a:
                    fe:91:fb:d8:a3:10:b7:b4:5f:f9:18:91:5a:a9:2a:
                    c3:68:16:c1:02:e5:00:f8:18:18:63:03:4f:c7:1a:
                    6e:4c:bf:c1:d0:5e:92:18:15:e7:5e:67:f0:bf:5b:
                    cb:eb:42:5b:19:64:b9:c8:b9:69:62:99:26:dc:a6:
                    96:65:ba:db:61:e8:f5:10:fb:bc:b9:5c:1f:60:92:
                    6b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:07:E7:22:D8:05:88:81:CB:11:20:10:26:C1:65:83:41:95:4B:79
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4wfnItgFiIHLESAQJsFlg0GVS3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:cc:83:30:f8:86:9b:cf:c4:a0:2e:11:cf:c2:95:d1:7a:9d:
         d8:27:aa:8f:0b:08:d6:d3:89:0c:31:e0:18:07:b1:69:58:7d:
         be:1d:fb:78:ec:fa:c3:c4:20:10:8f:d6:31:66:d4:31:4b:2c:
         f3:db:1f:87:78:de:95:c3:96:51:33:a0:e7:21:f4:75:5d:02:
         fb:ed:d3:72:15:75:90:83:3c:86:74:8d:0a:fb:28:70:c6:85:
         57:19:30:e0:d0:35:db:0d:72:99:e4:cf:07:6e:43:05:12:5b:
         06:72:de:3b:3a:37:9b:77:19:bd:a5:e8:b9:b0:b2:4f:bd:4a:
         ac:af:8b:e6:02:cc:37:2f:8d:00:63:e1:68:f7:59:64:58:8c:
         15:ba:9d:e6:58:a6:af:df:2b:c6:35:a0:cd:13:eb:97:d6:0d:
         9b:87:b4:93:0f:41:ca:62:64:b2:72:a4:66:30:b2:07:05:7c:
         83:89:ba:d0:3a:4a:ca:26:1a:2d:de:74:d5:6a:66:4f:70:a5:
         89:b4:8b:ad:96:fa:d4:ef:16:7e:f8:a6:f2:a0:c3:00:cd:c5:
         57:15:12:38:e1:5b:9a:0d:72:1a:18:ac:2c:75:bf:d3:b5:c8:
         ab:82:60:0b:24:20:48:e2:83:65:df:83:5f:86:59:1f:2a:6f:
         2e:39:6e:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLsL2MtdRw/PIQ4H9CPkl7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMTAyMDkyMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzA3ZTcyMmQ4MDU4ODgxY2IxMTIwMTAyNmMxNjU4MzQxOTU0Yjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+yzkrWY6welvGWenisLHJbJMd8h
uLPMWkd1t8u10YG25JLeN4NjdoXF7jBnQZYYO9tWO4yVBlyJ2f/hiM0Br4ffs1n7
WUOTnv+wPUxb2KiApuLC0uAuI+AHOBLu71uscGOKqlLI/G1o613lGsEHhXZWhfrQ
xJkivUvbWQHPTlB4mNVTm+njeg6IqmUGBWvMCzfo3lo19lYF5T4u/UXPIrt/1/Ec
hfVmZtqMYU5OGNr/Qgr+kfvYoxC3tF/5GJFaqSrDaBbBAuUA+BgYYwNPxxpuTL/B
0F6SGBXnXmfwv1vL60JbGWS5yLlpYpkm3KaWZbrbYej1EPu8uVwfYJJrVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMH5yLYBYiByxEgECbBZYNBlUt5MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNHdmbkl0Z0ZpSUhMRVNBUUpzRmxnMEdWUzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBowUSMA0G
CSqGSIb3DQEBCwUAA4IBAQB1zIMw+Iabz8SgLhHPwpXRep3YJ6qPCwjW04kMMeAY
B7FpWH2+Hft47PrDxCAQj9YxZtQxSyzz2x+HeN6Vw5ZRM6DnIfR1XQL77dNyFXWQ
gzyGdI0K+yhwxoVXGTDg0DXbDXKZ5M8HbkMFElsGct47Ojebdxm9pei5sLJPvUqs
r4vmAsw3L40AY+Fo91lkWIwVup3mWKav3yvGNaDNE+uX1g2bh7STD0HKYmSycqRm
MLIHBXyDibrQOkrKJhot3nTVamZPcKWJtIutlvrU7xZ++KbyoMMAzcVXFRI44Vua
DXIaGKwsdb/TtcirgmALJCBI4oNl34NfhlkfKm8uOW6Q
-----END CERTIFICATE-----