Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/9p0j1A4IXQzgYwbWhk8wqdqrAyE.roa
File:                     9p0j1A4IXQzgYwbWhk8wqdqrAyE.roa (raw, json)
Hash identifier:          fRSHbPS121O0JxFMVt52PGHc1P0nPpa0ku1pYJNpKz0=
Subject key identifier:   F6:9D:23:D4:0E:08:5D:0C:E0:63:06:D6:86:4F:30:A9:DA:AB:03:21
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A1C7D1DB72D603F4079FFA1AB03C2
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/9p0j1A4IXQzgYwbWhk8wqdqrAyE.roa
Signing time:             Wed 01 Jan 2025 19:49:04 +0000
ROA not before:           Wed 01 Jan 2025 19:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        163.5.155.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:1c:7d:1d:b7:2d:60:3f:40:79:ff:a1:ab:03:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f69d23d40e085d0ce06306d6864f30a9daab0321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5f:a5:f5:09:53:3e:f4:00:55:22:c3:e2:b6:
                    89:86:a1:1f:7d:a8:c8:2a:17:38:65:51:87:66:ee:
                    c5:75:9d:48:db:47:8f:21:53:16:30:e0:2b:e5:57:
                    c6:fb:49:85:af:28:bd:48:a4:6d:5e:cf:ab:3d:41:
                    2c:e3:3d:06:26:87:b8:97:df:ff:09:aa:b4:de:b5:
                    b3:e3:53:b9:d1:85:f1:3e:ba:fc:49:92:7e:ef:64:
                    63:78:c6:47:a7:ba:04:57:7d:21:7d:e6:31:3b:df:
                    17:db:30:1e:2c:54:24:ec:d9:f1:ba:b7:52:f3:15:
                    59:61:58:25:ac:e3:2f:2a:1b:06:9f:9e:30:02:d4:
                    de:9b:1c:4c:c3:13:81:7d:af:41:88:f9:ec:13:c6:
                    85:2b:a2:9d:82:75:ca:ea:63:ee:9f:71:25:59:cf:
                    3d:d0:27:f8:2f:2c:11:47:43:a0:33:93:59:f3:3c:
                    66:7c:df:61:71:c6:bf:c9:8c:2b:62:33:00:f8:98:
                    61:ff:8f:03:2b:de:e4:1a:5f:f6:30:0a:62:1a:4c:
                    9d:c6:c2:f9:7b:6f:9a:92:c8:d1:96:db:37:d0:3f:
                    26:3c:e1:aa:3c:0a:ba:26:2a:ca:aa:3a:f7:41:1f:
                    07:56:30:0a:5a:d5:2b:db:6d:4d:a4:39:4e:ad:12:
                    a0:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:9D:23:D4:0E:08:5D:0C:E0:63:06:D6:86:4F:30:A9:DA:AB:03:21
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/9p0j1A4IXQzgYwbWhk8wqdqrAyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.155.0/24
                  163.5.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a1:46:87:70:11:d2:5f:f9:ba:9b:92:53:a4:2c:af:0b:48:
         33:da:4c:b7:be:00:e5:e7:6e:eb:cb:42:be:13:b3:01:fc:bc:
         c8:c7:9f:d5:ff:cb:08:81:ac:b0:3e:6a:ea:f1:49:6b:66:de:
         ba:b0:ee:76:28:38:09:93:76:ac:5d:75:d8:9c:13:a6:c5:62:
         30:bc:68:d3:72:50:99:a4:48:16:77:6a:e6:e0:fb:2d:e0:ed:
         e7:fa:ca:25:fc:f8:4d:55:0e:59:4f:52:8c:76:10:65:90:a4:
         79:57:95:9b:a7:a9:2e:d0:53:66:2d:2c:11:97:6e:b3:85:a5:
         10:2b:ac:33:e7:1b:46:69:13:af:e9:a9:d8:3b:7f:ba:05:36:
         58:46:8b:7e:fa:e3:d6:ec:9b:86:cf:9c:24:3a:0c:3f:73:75:
         ae:96:1d:51:b7:f3:a1:aa:af:26:c2:a1:4b:f2:21:30:4c:db:
         52:6c:12:02:ec:65:31:c4:57:8f:80:82:ef:a3:a1:7a:60:52:
         c7:2e:7a:f3:3e:fd:b9:9d:4f:6b:6a:11:c7:b9:c7:5c:93:eb:
         23:be:ac:c0:7d:61:ac:39:8d:75:50:12:d6:1f:0f:d6:45:48:
         5a:e9:91:f4:cb:91:c5:48:16:70:6b:d2:24:8d:62:71:a8:58:
         5e:b7:ab:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjahx9HbctYD9Aef+hqwPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjlkMjNkNDBlMDg1ZDBjZTA2MzA2ZDY4NjRmMzBhOWRhYWIwMzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1+l9QlTPvQAVSLD4raJhqEffajI
Khc4ZVGHZu7FdZ1I20ePIVMWMOAr5VfG+0mFryi9SKRtXs+rPUEs4z0GJoe4l9//
Caq03rWz41O50YXxPrr8SZJ+72RjeMZHp7oEV30hfeYxO98X2zAeLFQk7NnxurdS
8xVZYVglrOMvKhsGn54wAtTemxxMwxOBfa9BiPnsE8aFK6KdgnXK6mPun3ElWc89
0Cf4LywRR0OgM5NZ8zxmfN9hcca/yYwrYjMA+Jhh/48DK97kGl/2MApiGkydxsL5
e2+aksjRlts30D8mPOGqPAq6JirKqjr3QR8HVjAKWtUr221NpDlOrRKg1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPadI9QOCF0M4GMG1oZPMKnaqwMhMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvOXAwajFBNElYUXpnWXdiV2hrOHdxZHFyQXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowWbAwQA
owXcMA0GCSqGSIb3DQEBCwUAA4IBAQBpoUaHcBHSX/m6m5JTpCyvC0gz2ky3vgDl
527ry0K+E7MB/LzIx5/V/8sIgaywPmrq8UlrZt66sO52KDgJk3asXXXYnBOmxWIw
vGjTclCZpEgWd2rm4Pst4O3n+sol/PhNVQ5ZT1KMdhBlkKR5V5Wbp6ku0FNmLSwR
l26zhaUQK6wz5xtGaROv6anYO3+6BTZYRot++uPW7JuGz5wkOgw/c3Wulh1Rt/Oh
qq8mwqFL8iEwTNtSbBIC7GUxxFePgILvo6F6YFLHLnrzPv25nU9rahHHucdck+sj
vqzAfWGsOY11UBLWHw/WRUha6ZH0y5HFSBZwa9IkjWJxqFhet6tb
-----END CERTIFICATE-----