Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7gg8Qx7Y8JDeJCVKNZdee6qlggE.roa
File:                     7gg8Qx7Y8JDeJCVKNZdee6qlggE.roa (raw, json)
Hash identifier:          gfqfrg+T0IbibxBFW5eVDHakzFuBkoa+4HhFxFaMqEU=
Subject key identifier:   EE:08:3C:43:1E:D8:F0:90:DE:24:25:4A:35:97:5E:7B:AA:A5:82:01
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4256E7F2BE3D786316032FCE0627194
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7gg8Qx7Y8JDeJCVKNZdee6qlggE.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400039
IP address blocks:        163.5.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6e:7f:2b:e3:d7:86:31:60:32:fc:e0:62:71:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee083c431ed8f090de24254a35975e7baaa58201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f7:71:df:fd:e4:51:d5:db:a4:4c:e1:54:c9:
                    ba:c8:c4:ef:ff:1d:ad:51:ee:d0:40:ad:3a:7a:be:
                    87:96:10:fd:8f:cd:bc:42:a0:fe:9c:8d:8e:ce:92:
                    1b:d4:e6:54:48:2b:1c:22:c6:4c:2a:c5:d5:1b:25:
                    c1:38:2b:44:73:2d:68:c0:ca:42:c6:57:14:8c:7a:
                    4d:eb:ef:78:0a:72:32:7d:07:7a:5d:95:8b:2c:83:
                    0d:1d:c1:77:cb:f9:be:db:6b:2c:66:77:23:54:30:
                    69:2a:23:88:63:7a:1d:14:76:34:25:00:16:53:fa:
                    89:80:8a:28:04:00:02:07:9a:f2:26:64:05:af:89:
                    81:c6:a5:d4:40:22:c6:a8:a0:4e:7c:e8:cd:09:5a:
                    66:70:6e:b9:5c:17:58:06:e3:e7:e0:22:03:de:6a:
                    ba:30:2d:72:6c:b1:15:e5:5c:e6:ee:aa:22:0b:d1:
                    1d:b5:5b:a5:21:5a:a8:13:fa:89:bf:6e:55:91:bd:
                    45:c4:76:af:17:50:d9:59:6f:26:0c:91:b7:54:e9:
                    a6:b5:42:64:94:2e:2c:08:f7:68:d1:1f:db:dd:ff:
                    16:47:c0:59:ec:75:7d:a2:ea:06:d7:1e:2d:21:73:
                    eb:31:8c:0e:cb:b1:97:89:e7:6d:74:f3:59:98:ab:
                    57:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:08:3C:43:1E:D8:F0:90:DE:24:25:4A:35:97:5E:7B:AA:A5:82:01
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7gg8Qx7Y8JDeJCVKNZdee6qlggE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:a6:f8:29:eb:b7:be:6b:74:58:a5:aa:fa:b2:e5:de:53:85:
         95:48:4a:3d:73:4d:30:21:14:ec:07:b7:25:76:6a:48:e7:df:
         51:25:53:82:03:be:d8:4a:a4:a2:86:5e:be:e0:f2:4f:5c:67:
         55:6f:df:d6:bb:24:4d:26:2d:6e:35:57:90:00:65:8c:12:25:
         bd:82:22:f2:80:80:95:89:80:45:fc:b8:69:27:f4:34:95:81:
         00:c7:03:6d:2b:0d:ab:a4:6b:6d:5f:7e:a1:c3:d4:c1:28:7c:
         c2:86:c4:87:1d:11:55:22:4f:6a:12:cb:b4:20:3a:bb:87:34:
         d1:65:a2:94:4b:b2:8b:09:8b:de:d7:c3:79:32:3f:b4:69:1c:
         0e:d1:e4:b0:db:a1:12:39:5b:5d:aa:e0:c4:f3:91:0f:16:9e:
         98:b0:71:56:b0:72:68:4a:c0:5d:f0:10:a0:50:6d:31:b9:27:
         8e:76:51:16:4d:bd:18:9b:40:b7:9b:d3:6d:e1:ce:39:ff:62:
         e4:3f:26:4b:a8:43:96:77:23:ba:09:96:a2:a6:0f:13:c2:40:
         97:5b:3e:9d:8b:de:30:82:15:27:b2:62:b9:cb:4d:71:6d:ed:
         21:30:fa:92:2b:6c:6f:11:f0:35:4f:5b:a7:99:8f:69:cc:7c:
         de:38:db:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJW5/K+PXhjFgMvzgYnGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTA4M2M0MzFlZDhmMDkwZGUyNDI1NGEzNTk3NWU3YmFhYTU4MjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvdx3/3kUdXbpEzhVMm6yMTv/x2t
Ue7QQK06er6HlhD9j828QqD+nI2OzpIb1OZUSCscIsZMKsXVGyXBOCtEcy1owMpC
xlcUjHpN6+94CnIyfQd6XZWLLIMNHcF3y/m+22ssZncjVDBpKiOIY3odFHY0JQAW
U/qJgIooBAACB5ryJmQFr4mBxqXUQCLGqKBOfOjNCVpmcG65XBdYBuPn4CID3mq6
MC1ybLEV5Vzm7qoiC9EdtVulIVqoE/qJv25Vkb1FxHavF1DZWW8mDJG3VOmmtUJk
lC4sCPdo0R/b3f8WR8BZ7HV9ouoG1x4tIXPrMYwOy7GXiedtdPNZmKtXXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4IPEMe2PCQ3iQlSjWXXnuqpYIBMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvN2dnOFF4N1k4SkRlSkNWS05aZGVlNnFsZ2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWnMA0G
CSqGSIb3DQEBCwUAA4IBAQAqpvgp67e+a3RYpar6suXeU4WVSEo9c00wIRTsB7cl
dmpI599RJVOCA77YSqSihl6+4PJPXGdVb9/WuyRNJi1uNVeQAGWMEiW9giLygICV
iYBF/LhpJ/Q0lYEAxwNtKw2rpGttX36hw9TBKHzChsSHHRFVIk9qEsu0IDq7hzTR
ZaKUS7KLCYve18N5Mj+0aRwO0eSw26ESOVtdquDE85EPFp6YsHFWsHJoSsBd8BCg
UG0xuSeOdlEWTb0Ym0C3m9Nt4c45/2LkPyZLqEOWdyO6CZaipg8TwkCXWz6di94w
ghUnsmK5y01xbe0hMPqSK2xvEfA1T1unmY9pzHzeONvs
-----END CERTIFICATE-----