Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7UCdFFDlgzfz_HJ0_XkQ5FfgoiI.roa
File:                     7UCdFFDlgzfz_HJ0_XkQ5FfgoiI.roa (raw, json)
Hash identifier:          3YaeF8aIPWvPXGXtk5MOw64tj0e/ylXDhmJlD7qbyNQ=
Subject key identifier:   ED:40:9D:14:50:E5:83:37:F3:FC:72:74:FD:79:10:E4:57:E0:A2:22
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A3F6B0539B97873BDF9F9F0204994
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7UCdFFDlgzfz_HJ0_XkQ5FfgoiI.roa
Signing time:             Wed 01 Jan 2025 19:49:13 +0000
ROA not before:           Wed 01 Jan 2025 19:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202656
IP address blocks:        163.5.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3f:6b:05:39:b9:78:73:bd:f9:f9:f0:20:49:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed409d1450e58337f3fc7274fd7910e457e0a222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:06:3d:27:9f:cb:3b:b8:58:b1:70:76:60:bd:
                    af:03:84:1d:37:7a:00:1b:f8:ab:a7:bd:31:a8:7b:
                    67:4f:22:be:82:b9:5e:38:6c:81:a1:f4:dc:3a:c4:
                    ae:30:b5:ee:1c:03:33:4b:6b:eb:d2:40:39:f0:18:
                    7e:8e:f0:ba:0a:ab:81:3d:7c:4e:46:17:f6:1d:31:
                    a5:bc:49:9f:94:e4:1a:ee:25:e5:66:3a:14:5d:3a:
                    ff:f3:ef:81:60:60:42:86:be:c7:a5:4d:cb:2a:9e:
                    8f:ab:4a:3c:3b:fa:19:e3:b7:89:6d:8e:0a:f7:2a:
                    54:43:73:b3:d4:69:cc:a6:c3:a4:f5:5e:b3:6c:5f:
                    a2:2d:81:fb:51:f6:3a:c9:6a:b9:e6:48:c7:5b:b9:
                    1e:35:8e:c0:7b:f5:33:33:46:af:9d:e0:39:e0:65:
                    3a:73:ba:fc:53:04:91:71:ed:7a:71:5c:26:a2:68:
                    a7:71:c2:ea:b8:5e:cf:30:cb:df:29:52:dc:2d:d0:
                    87:52:91:7e:65:5a:de:34:21:a0:9c:70:0b:09:49:
                    f6:90:9b:b8:43:a4:10:0c:d1:ac:ec:a6:1e:c2:77:
                    ee:10:04:6c:fa:e6:fc:4f:a0:12:77:42:10:ff:f2:
                    af:a7:87:da:d7:67:df:c7:6c:76:09:ba:5f:69:4d:
                    de:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:40:9D:14:50:E5:83:37:F3:FC:72:74:FD:79:10:E4:57:E0:A2:22
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7UCdFFDlgzfz_HJ0_XkQ5FfgoiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:b4:7d:d0:a0:d6:f2:12:5e:57:85:57:a1:e0:79:bd:c4:e3:
         13:b2:fe:80:4a:e1:07:ba:ee:90:a4:61:11:1a:51:70:6b:2f:
         ee:9e:33:9c:20:8a:7d:c0:05:21:cf:6f:0f:37:4f:61:4d:b5:
         a7:f2:25:53:37:6c:26:44:cf:a0:c1:5c:03:6e:ea:90:ea:0f:
         b5:6b:7e:7f:69:cd:0b:65:91:26:06:3c:9a:df:c9:62:2b:95:
         f6:ec:57:a6:9d:68:d8:39:87:7d:db:6b:57:8e:19:d3:1a:5f:
         b2:99:fc:fd:39:04:d5:59:ea:a2:32:5f:76:a2:6d:22:49:84:
         da:99:7e:bf:96:13:19:5f:07:f9:8f:ae:0e:b2:25:af:d7:13:
         90:85:75:fb:6f:45:b1:21:11:ff:8d:88:5a:ae:a4:40:5a:ed:
         66:54:20:c3:be:bd:16:e8:84:ad:a2:ff:e5:85:47:aa:c0:3e:
         17:64:15:f9:9e:45:56:20:ad:3f:a4:5c:03:78:3e:0a:c9:43:
         17:5a:98:ca:9f:34:a8:cc:3e:ec:cd:d5:6e:22:13:39:ed:8d:
         b4:46:cf:b9:1f:e9:34:c8:d9:22:b4:9c:eb:28:62:bf:16:3b:
         ad:0b:af:a6:50:a1:e0:b6:b6:9c:97:d6:b7:76:b6:83:bf:0b:
         f2:5f:17:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaj9rBTm5eHO9+fnwIEmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQwOWQxNDUwZTU4MzM3ZjNmYzcyNzRmZDc5MTBlNDU3ZTBhMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAY9J5/LO7hYsXB2YL2vA4QdN3oA
G/irp70xqHtnTyK+grleOGyBofTcOsSuMLXuHAMzS2vr0kA58Bh+jvC6CquBPXxO
Rhf2HTGlvEmflOQa7iXlZjoUXTr/8++BYGBChr7HpU3LKp6Pq0o8O/oZ47eJbY4K
9ypUQ3Oz1GnMpsOk9V6zbF+iLYH7UfY6yWq55kjHW7keNY7Ae/UzM0avneA54GU6
c7r8UwSRce16cVwmominccLquF7PMMvfKVLcLdCHUpF+ZVreNCGgnHALCUn2kJu4
Q6QQDNGs7KYewnfuEARs+ub8T6ASd0IQ//Kvp4fa12ffx2x2CbpfaU3exQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1AnRRQ5YM38/xydP15EORX4KIiMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvN1VDZEZGRGxnemZ6X0hKMF9Ya1E1RmZnb2lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWJMA0G
CSqGSIb3DQEBCwUAA4IBAQAatH3QoNbyEl5XhVeh4Hm9xOMTsv6ASuEHuu6QpGER
GlFway/unjOcIIp9wAUhz28PN09hTbWn8iVTN2wmRM+gwVwDbuqQ6g+1a35/ac0L
ZZEmBjya38liK5X27FemnWjYOYd922tXjhnTGl+ymfz9OQTVWeqiMl92om0iSYTa
mX6/lhMZXwf5j64OsiWv1xOQhXX7b0WxIRH/jYharqRAWu1mVCDDvr0W6IStov/l
hUeqwD4XZBX5nkVWIK0/pFwDeD4KyUMXWpjKnzSozD7szdVuIhM57Y20Rs+5H+k0
yNkitJzrKGK/FjutC6+mUKHgtracl9a3draDvwvyXxeK
-----END CERTIFICATE-----