Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5ryaJxjSkzSfzaV1AOTmUIguyJY.roa
File:                     5ryaJxjSkzSfzaV1AOTmUIguyJY.roa (raw, json)
Hash identifier:          mKjMgxjOa9qu6tSeE0+wsBWsTeJRcYlLd1DuCbLBxgI=
Subject key identifier:   E6:BC:9A:27:18:D2:93:34:9F:CD:A5:75:00:E4:E6:50:88:2E:C8:96
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A39E1A357476A74AC6EFF9A10717B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5ryaJxjSkzSfzaV1AOTmUIguyJY.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152672
IP address blocks:        163.5.53.0/24 maxlen: 24
                          163.5.79.0/24 maxlen: 24
                          163.5.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:39:e1:a3:57:47:6a:74:ac:6e:ff:9a:10:71:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6bc9a2718d293349fcda57500e4e650882ec896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8b:c7:df:da:f9:9f:9a:fe:e2:b4:7b:18:1d:
                    2e:98:56:d3:4c:d0:a3:36:94:39:fe:ae:dd:e0:92:
                    a8:1e:6c:ec:7c:df:f7:fd:88:94:29:5f:be:53:49:
                    65:44:59:0a:fd:95:50:40:d0:0a:ef:d8:00:8d:d1:
                    74:d0:ba:29:83:05:b2:e0:58:92:75:a6:a5:be:75:
                    e6:b0:0c:e6:78:bd:cd:cd:31:98:7a:1a:cb:96:68:
                    e5:a9:5c:06:27:87:bd:63:cf:cd:96:e4:26:15:bc:
                    5c:c4:6b:ae:a6:04:e0:be:28:5f:3a:47:dc:f8:9f:
                    4e:6d:9e:02:9b:5d:6f:cc:e7:9f:ed:da:b2:cb:02:
                    24:6b:9d:8c:c6:59:36:c3:2f:a9:b4:8a:b1:8f:84:
                    4e:02:81:9a:f4:11:48:f5:0c:de:73:51:f9:f7:0a:
                    39:c1:db:f4:3f:a0:71:97:9f:e4:61:6f:62:ad:85:
                    b5:f8:70:dd:7c:f0:43:89:62:bb:4b:df:8c:ab:a0:
                    b7:8f:c8:63:88:f1:82:11:a6:1e:a3:4c:43:1c:19:
                    3a:ed:3d:98:d3:d4:c8:13:7f:ff:8c:aa:ca:c3:73:
                    95:62:5a:94:b7:f6:1c:11:99:ca:ef:0a:4d:d8:db:
                    1f:c0:11:0f:9f:81:a6:50:cd:a4:b3:f0:18:4a:6a:
                    87:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:BC:9A:27:18:D2:93:34:9F:CD:A5:75:00:E4:E6:50:88:2E:C8:96
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5ryaJxjSkzSfzaV1AOTmUIguyJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.53.0/24
                  163.5.79.0/24
                  163.5.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a1:2b:01:96:3c:c8:39:cd:f4:86:b6:0c:15:10:59:eb:1b:
         af:5c:37:bb:36:2b:84:6e:66:0d:77:26:63:bb:03:9a:85:7b:
         1e:39:d4:5f:e9:e8:9f:1b:db:67:74:1c:d8:e0:e2:ac:14:29:
         4e:ff:e6:11:de:36:15:0c:ca:4e:45:90:eb:23:d5:30:1e:e1:
         47:13:37:74:f4:02:e5:2b:d7:ac:76:a8:a9:b8:7c:2c:38:57:
         40:e0:02:68:af:1a:3a:27:e0:de:2d:3a:1a:49:68:ad:bd:48:
         a1:f9:03:8f:2c:ba:1a:ab:53:88:6e:0c:3e:79:58:fb:26:25:
         0a:af:1b:8c:19:69:19:fd:f3:b0:f3:aa:de:04:2b:a7:e6:f1:
         7f:e2:50:32:b4:46:bb:88:f8:bd:2d:b8:6d:80:6c:17:6e:26:
         98:18:8d:42:1f:cd:a1:2b:18:33:c3:a1:58:9e:84:53:58:0f:
         e9:a2:27:99:73:b3:38:fa:59:6a:7d:26:b4:12:be:df:e3:dc:
         5d:1c:59:b7:b3:60:11:b4:44:4a:0b:33:ff:49:4e:c7:5a:99:
         75:7a:c3:93:ba:0f:d2:95:f6:b6:ad:90:e5:3e:11:df:28:ba:
         88:a5:25:78:dc:63:45:c0:6e:66:6a:1a:fc:a8:84:30:2b:11:
         b8:5f:2a:ee
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjajnho1dHanSsbv+aEHF7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmJjOWEyNzE4ZDI5MzM0OWZjZGE1NzUwMGU0ZTY1MDg4MmVjODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIvH39r5n5r+4rR7GB0umFbTTNCj
NpQ5/q7d4JKoHmzsfN/3/YiUKV++U0llRFkK/ZVQQNAK79gAjdF00LopgwWy4FiS
daalvnXmsAzmeL3NzTGYehrLlmjlqVwGJ4e9Y8/NluQmFbxcxGuupgTgvihfOkfc
+J9ObZ4Cm11vzOef7dqyywIka52Mxlk2wy+ptIqxj4ROAoGa9BFI9Qzec1H59wo5
wdv0P6Bxl5/kYW9irYW1+HDdfPBDiWK7S9+Mq6C3j8hjiPGCEaYeo0xDHBk67T2Y
09TIE3//jKrKw3OVYlqUt/YcEZnK7wpN2NsfwBEPn4GmUM2ks/AYSmqHcwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOa8micY0pM0n82ldQDk5lCILsiWMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNXJ5YUp4alNrelNmemFWMUFPVG1VSWd1eUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowU1AwQA
owVPAwQAowWhMA0GCSqGSIb3DQEBCwUAA4IBAQADoSsBljzIOc30hrYMFRBZ6xuv
XDe7NiuEbmYNdyZjuwOahXseOdRf6eifG9tndBzY4OKsFClO/+YR3jYVDMpORZDr
I9UwHuFHEzd09ALlK9esdqipuHwsOFdA4AJorxo6J+DeLToaSWitvUih+QOPLLoa
q1OIbgw+eVj7JiUKrxuMGWkZ/fOw86reBCun5vF/4lAytEa7iPi9LbhtgGwXbiaY
GI1CH82hKxgzw6FYnoRTWA/poieZc7M4+llqfSa0Er7f49xdHFm3s2ARtERKCzP/
SU7HWpl1esOTug/Slfa2rZDlPhHfKLqIpSV43GNFwG5mahr8qIQwKxG4Xyru
-----END CERTIFICATE-----