Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/6IFXd53i_nqvMHV7YWSxP2FF8Ik.roa
File:                     6IFXd53i_nqvMHV7YWSxP2FF8Ik.roa (raw, json)
Hash identifier:          XbGwpAuT03dpQN3bkbCyA0exYxq/JKZrNVgHJogX4Mc=
Subject key identifier:   E8:81:57:77:9D:E2:FE:7A:AF:30:75:7B:61:64:B1:3F:61:45:F0:89
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01943D61FCD822C8C55687BDE8329853AF73
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/6IFXd53i_nqvMHV7YWSxP2FF8Ik.roa
Signing time:             Mon 06 Jan 2025 20:50:19 +0000
ROA not before:           Mon 06 Jan 2025 20:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        163.5.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3d:61:fc:d8:22:c8:c5:56:87:bd:e8:32:98:53:af:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  6 20:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e88157779de2fe7aaf30757b6164b13f6145f089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:44:d3:6a:c0:d3:52:a7:75:63:32:ba:8d:e7:
                    f2:00:3a:5e:df:5e:8f:84:d9:e5:74:37:25:15:22:
                    45:90:8e:17:63:66:a9:95:fb:08:38:3c:45:3e:e1:
                    82:0b:2a:a8:f0:e0:e9:e4:14:29:eb:3d:0c:69:e4:
                    b6:5a:67:59:78:e4:50:d8:2a:aa:a6:f0:b2:5e:79:
                    9f:83:f7:e0:d9:3b:97:e0:c6:5d:af:bb:77:59:94:
                    95:3c:a4:15:b1:3b:74:b6:b2:3e:e5:24:57:0e:62:
                    f9:f9:3b:d0:c2:2c:40:37:76:ba:04:93:29:5d:1b:
                    47:58:af:10:dd:20:18:a8:14:cd:ea:61:07:cb:88:
                    5c:30:83:78:af:99:a4:14:12:e3:cb:df:19:94:c5:
                    3e:d0:ae:91:e8:c4:ac:3a:35:ce:31:d1:d6:69:64:
                    66:08:dd:70:c9:61:0e:f1:85:87:e8:f5:73:0a:67:
                    6f:05:71:5e:cf:fe:19:45:68:a4:e3:60:1f:5a:1b:
                    84:de:2d:6b:c7:a7:30:7f:38:f0:56:de:ba:c1:a0:
                    62:00:da:82:be:7b:00:b9:5b:95:09:a4:0d:5a:db:
                    d5:ef:9a:7e:90:e7:30:44:45:51:63:04:9e:d0:f9:
                    17:bd:0b:5c:29:6c:42:39:39:57:62:0a:df:2b:99:
                    89:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:81:57:77:9D:E2:FE:7A:AF:30:75:7B:61:64:B1:3F:61:45:F0:89
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/6IFXd53i_nqvMHV7YWSxP2FF8Ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:cd:b3:32:55:d8:18:33:0a:a1:9d:4b:f9:b2:8f:67:0a:27:
         9b:2f:62:eb:22:60:dc:5c:a0:a3:03:18:1f:6e:12:75:fa:38:
         39:72:2b:3c:87:fc:e7:fe:46:a1:29:fa:e2:21:5b:93:84:b9:
         dd:09:a3:3c:0d:b6:cf:a8:7d:2b:96:fb:64:c8:77:fb:35:ec:
         d2:0e:f9:df:0f:ff:7e:52:7a:84:c2:f5:a1:8d:74:b4:8b:2b:
         ea:49:16:ae:64:03:7e:30:82:03:9e:ab:d1:1b:aa:4d:e0:54:
         45:9a:31:24:78:6a:4f:48:9f:b1:1a:c7:1c:d1:da:71:75:64:
         47:a7:a8:6e:0c:64:06:3d:4a:ca:c9:f8:73:b0:34:0c:ba:23:
         1f:7d:56:d4:d4:47:24:49:b0:1d:ac:2e:b5:0a:21:cd:88:d7:
         b2:fc:9b:72:94:31:90:9c:a4:e9:49:c4:05:b3:8d:cb:2a:de:
         e3:12:b8:00:72:fe:5b:93:73:24:c0:8c:72:12:33:fe:7b:2b:
         cf:ce:0f:83:f4:68:c0:5e:0f:08:e7:0d:1b:14:39:81:5a:11:
         95:55:96:ac:ce:71:3c:63:3d:33:08:a6:b0:25:44:73:d0:1f:
         21:d3:1a:16:d3:4a:5c:71:17:41:49:5d:dc:f1:9a:7c:5f:d5:
         cf:cf:21:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ9YfzYIsjFVoe96DKYU69zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTA2MjA1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODgxNTc3NzlkZTJmZTdhYWYzMDc1N2I2MTY0YjEzZjYxNDVmMDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kTTasDTUqd1YzK6jefyADpe316P
hNnldDclFSJFkI4XY2aplfsIODxFPuGCCyqo8ODp5BQp6z0MaeS2WmdZeORQ2Cqq
pvCyXnmfg/fg2TuX4MZdr7t3WZSVPKQVsTt0trI+5SRXDmL5+TvQwixAN3a6BJMp
XRtHWK8Q3SAYqBTN6mEHy4hcMIN4r5mkFBLjy98ZlMU+0K6R6MSsOjXOMdHWaWRm
CN1wyWEO8YWH6PVzCmdvBXFez/4ZRWik42AfWhuE3i1rx6cwfzjwVt66waBiANqC
vnsAuVuVCaQNWtvV75p+kOcwREVRYwSe0PkXvQtcKWxCOTlXYgrfK5mJuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiBV3ed4v56rzB1e2FksT9hRfCJMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNklGWGQ1M2lfbnF2TUhWN1lXU3hQMkZGOElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXdMA0G
CSqGSIb3DQEBCwUAA4IBAQBOzbMyVdgYMwqhnUv5so9nCiebL2LrImDcXKCjAxgf
bhJ1+jg5cis8h/zn/kahKfriIVuThLndCaM8DbbPqH0rlvtkyHf7NezSDvnfD/9+
UnqEwvWhjXS0iyvqSRauZAN+MIIDnqvRG6pN4FRFmjEkeGpPSJ+xGscc0dpxdWRH
p6huDGQGPUrKyfhzsDQMuiMffVbU1EckSbAdrC61CiHNiNey/JtylDGQnKTpScQF
s43LKt7jErgAcv5bk3MkwIxyEjP+eyvPzg+D9GjAXg8I5w0bFDmBWhGVVZasznE8
Yz0zCKawJURz0B8h0xoW00pccRdBSV3c8Zp8X9XPzyHf
-----END CERTIFICATE-----