Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5fhqZL7E0Pbq8_5iZgBzqYtCB_M.roa
File:                     5fhqZL7E0Pbq8_5iZgBzqYtCB_M.roa (raw, json)
Hash identifier:          LQYxIVrXbVmz8l3V6Ia0AZvOPNYcIMpuYh/nJLlWywQ=
Subject key identifier:   E5:F8:6A:64:BE:C4:D0:F6:EA:F3:FE:62:66:00:73:A9:8B:42:07:F3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01944F4BDD266184C328BA6A9C853D9224D9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5fhqZL7E0Pbq8_5iZgBzqYtCB_M.roa
Signing time:             Fri 10 Jan 2025 08:19:19 +0000
ROA not before:           Fri 10 Jan 2025 08:19:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136557
IP address blocks:        163.5.56.0/24 maxlen: 24
                          163.5.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4f:4b:dd:26:61:84:c3:28:ba:6a:9c:85:3d:92:24:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan 10 08:19:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5f86a64bec4d0f6eaf3fe62660073a98b4207f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:07:d3:a6:31:93:32:74:14:55:05:89:43:bf:
                    5d:a7:ba:18:4b:dd:dd:a6:07:72:2d:c1:e0:1c:a5:
                    6b:de:ed:20:9c:84:ee:65:89:49:05:47:4d:60:fc:
                    95:1d:d1:37:76:35:fc:d2:15:e6:be:2e:46:25:9a:
                    da:8c:c1:82:16:55:91:ca:7c:0d:ee:1c:17:cc:1a:
                    5c:24:5f:12:73:68:a7:cd:09:1d:86:fe:c4:6a:95:
                    09:f7:7e:2c:fc:14:3c:30:67:6d:6e:fe:23:de:b4:
                    be:1b:a0:9e:3f:ca:b5:51:a2:e5:3b:09:99:dc:11:
                    d5:8f:4e:bb:75:4d:da:c7:05:73:5b:36:9e:24:80:
                    5a:64:7d:79:a1:24:45:55:6d:c1:a0:78:b3:9b:34:
                    41:f2:9e:92:05:3b:a1:7e:5c:b6:63:66:78:35:2d:
                    8b:a7:86:a8:31:3d:82:55:65:40:a6:96:ce:f9:eb:
                    69:66:45:15:9f:67:e5:95:f2:ab:69:9c:10:7b:8c:
                    39:28:e0:06:4e:42:dc:82:d5:82:d1:b1:c7:1e:c3:
                    52:36:de:01:08:d5:15:1d:ee:78:33:d3:e6:12:f9:
                    19:96:c4:f8:eb:b9:b6:ac:a7:cd:21:dc:7d:5e:d4:
                    18:ca:18:42:6a:b8:1f:a5:e3:eb:a4:23:20:f6:a5:
                    6e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:F8:6A:64:BE:C4:D0:F6:EA:F3:FE:62:66:00:73:A9:8B:42:07:F3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5fhqZL7E0Pbq8_5iZgBzqYtCB_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.56.0/24
                  163.5.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:b2:83:73:a2:92:ed:8f:67:04:68:8e:06:1f:b7:3d:6d:00:
         97:d9:2d:55:b0:6f:63:5f:aa:0a:2e:51:ca:40:a2:e0:12:da:
         3b:cd:55:14:f7:d6:a2:b7:dc:9c:67:e6:94:5e:b4:1b:c5:58:
         4b:9b:9e:95:6b:40:26:56:01:72:1b:fb:4a:80:ce:52:47:ce:
         f0:09:fd:5b:42:ec:23:94:ff:66:79:af:46:c3:8a:f8:1e:bb:
         29:6c:f6:df:16:8e:52:53:05:8f:a5:03:45:4d:0e:84:ad:18:
         9c:58:50:b7:88:c7:cf:18:b5:b9:12:9e:f5:80:86:6a:9f:81:
         3a:ae:26:f4:ae:f2:00:1a:32:f7:66:a1:d7:15:3e:62:2c:4e:
         23:c3:cd:d5:d6:23:16:6e:3c:7c:b6:97:24:cd:7b:f3:b4:cd:
         38:0f:fd:4d:c3:33:74:ef:c7:c0:6e:c8:63:65:bd:38:97:55:
         5f:01:9a:94:9e:b1:94:28:44:96:97:d4:d8:3e:97:5c:83:9e:
         0f:52:2a:57:05:bd:f0:4b:b8:84:11:df:63:09:d2:78:f9:35:
         9a:b7:1c:56:d3:03:53:59:05:1a:68:2d:63:2a:76:d4:47:75:
         95:c6:01:68:14:c9:21:79:24:d7:e9:51:c3:3e:85:cd:8b:58:
         00:a3:22:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRPS90mYYTDKLpqnIU9kiTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTEwMDgxOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWY4NmE2NGJlYzRkMGY2ZWFmM2ZlNjI2NjAwNzNhOThiNDIwN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wfTpjGTMnQUVQWJQ79dp7oYS93d
pgdyLcHgHKVr3u0gnITuZYlJBUdNYPyVHdE3djX80hXmvi5GJZrajMGCFlWRynwN
7hwXzBpcJF8Sc2inzQkdhv7EapUJ934s/BQ8MGdtbv4j3rS+G6CeP8q1UaLlOwmZ
3BHVj067dU3axwVzWzaeJIBaZH15oSRFVW3BoHizmzRB8p6SBTuhfly2Y2Z4NS2L
p4aoMT2CVWVAppbO+etpZkUVn2fllfKraZwQe4w5KOAGTkLcgtWC0bHHHsNSNt4B
CNUVHe54M9PmEvkZlsT467m2rKfNIdx9XtQYyhhCargfpePrpCMg9qVuSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOX4amS+xND26vP+YmYAc6mLQgfzMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNWZocVpMN0UwUGJxOF81aVpnQnpxWXRDQl9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowU4AwQA
owVZMA0GCSqGSIb3DQEBCwUAA4IBAQCSsoNzopLtj2cEaI4GH7c9bQCX2S1VsG9j
X6oKLlHKQKLgEto7zVUU99ait9ycZ+aUXrQbxVhLm56Va0AmVgFyG/tKgM5SR87w
Cf1bQuwjlP9mea9Gw4r4HrspbPbfFo5SUwWPpQNFTQ6ErRicWFC3iMfPGLW5Ep71
gIZqn4E6rib0rvIAGjL3ZqHXFT5iLE4jw83V1iMWbjx8tpckzXvztM04D/1NwzN0
78fAbshjZb04l1VfAZqUnrGUKESWl9TYPpdcg54PUipXBb3wS7iEEd9jCdJ4+TWa
txxW0wNTWQUaaC1jKnbUR3WVxgFoFMkheSTX6VHDPoXNi1gAoyLk
-----END CERTIFICATE-----