Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ALia9O-Ni0c9uqiGSKMxMZ2i5z8.roa
File:                     ALia9O-Ni0c9uqiGSKMxMZ2i5z8.roa (raw, json)
Hash identifier:          qJixhZmTGaf/YoQYdT1jj/j3m1hAWu66CKUDxi3LyDk=
Subject key identifier:   00:B8:9A:F4:EF:8D:8B:47:3D:BA:A8:86:48:A3:31:31:9D:A2:E7:3F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC42561B39F83DBE97ABE14209D71C107
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ALia9O-Ni0c9uqiGSKMxMZ2i5z8.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200181
IP address blocks:        163.5.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:61:b3:9f:83:db:e9:7a:be:14:20:9d:71:c1:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00b89af4ef8d8b473dbaa88648a331319da2e73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7c:c1:c9:36:6c:b5:e0:0c:11:64:87:32:1e:
                    1a:ae:75:04:7e:e0:95:52:3d:32:7e:98:69:33:14:
                    c3:e1:c4:9b:9d:5e:47:0b:15:dd:72:cd:e0:01:38:
                    7c:ce:33:5f:20:e4:26:f6:18:2d:32:2f:61:7e:dd:
                    b7:c7:8e:ac:3e:2c:c8:98:4c:1b:e3:9a:a4:6b:3c:
                    2b:ed:50:5b:e0:07:c5:34:c1:c3:67:dc:15:d5:ab:
                    e8:0d:7f:5e:8f:7f:1d:d2:c2:b3:1c:ab:0a:3c:b8:
                    49:7d:32:f7:77:87:bc:a1:c9:15:d0:60:84:04:f5:
                    79:b3:0d:cb:7e:d3:ee:6b:75:96:f8:bd:fc:b8:1b:
                    b5:79:31:97:87:57:64:b6:00:c0:d4:48:32:02:4f:
                    91:b1:f8:74:6e:37:9a:0c:fa:0d:92:b5:26:06:f2:
                    81:97:df:11:e9:ec:5b:fb:5c:73:00:2c:c5:34:52:
                    e3:8c:7b:95:f3:3d:b0:5f:57:cd:00:6c:d1:2a:8d:
                    ee:fd:ab:d2:1c:12:75:fa:d5:7f:5b:56:e4:f6:b5:
                    b6:99:5d:1c:ff:3e:6a:03:fc:ab:9a:a7:1b:e7:c3:
                    4f:85:4e:e1:a5:24:9d:54:ee:50:cb:b6:a8:38:d6:
                    c2:ae:47:b9:9c:40:f0:9f:30:09:a0:dc:c3:1c:98:
                    78:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B8:9A:F4:EF:8D:8B:47:3D:BA:A8:86:48:A3:31:31:9D:A2:E7:3F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ALia9O-Ni0c9uqiGSKMxMZ2i5z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:f0:96:fd:06:06:4c:a6:c2:ae:a6:8f:f0:a8:06:67:d5:ea:
         78:f5:27:83:29:67:e4:d7:e7:9e:a8:ec:13:76:e2:53:1b:66:
         41:de:63:e0:af:4e:90:81:e3:58:b4:03:be:14:8d:15:67:e5:
         10:dc:ab:78:bd:16:21:7c:ed:09:bc:3f:8c:f1:a7:41:04:b8:
         ac:4a:72:bf:11:ba:d1:a2:eb:c7:7d:8e:a5:4f:b7:a9:49:65:
         1b:d1:10:67:72:09:8d:50:9c:52:02:f7:d0:48:4b:4d:ec:45:
         6f:be:3e:8e:9f:1c:9f:6a:c9:57:aa:5c:55:81:95:59:fc:c4:
         19:c9:88:ba:9a:8e:50:05:e1:a5:49:65:2a:7c:52:4c:46:b6:
         22:e2:34:43:56:4a:31:7e:93:4a:5c:fe:a4:20:87:02:c3:78:
         41:f4:31:03:7e:58:06:42:56:a8:03:dd:95:40:b1:c6:1a:7e:
         0d:4f:f4:f5:f0:c2:45:38:3c:4d:91:63:5a:f0:b7:36:e2:17:
         4a:32:82:44:fe:8a:17:13:b2:c4:bd:cd:c1:f5:7f:d7:d8:d8:
         90:51:d2:7d:b8:9a:d9:65:dc:2c:88:73:68:a4:f5:27:c2:ac:
         fa:e2:2c:c5:d1:26:b7:e1:b2:d8:0a:70:45:c8:96:18:e8:c9:
         4c:89:ff:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWGzn4Pb6Xq+FCCdccEHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGI4OWFmNGVmOGQ4YjQ3M2RiYWE4ODY0OGEzMzEzMTlkYTJlNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXzByTZsteAMEWSHMh4arnUEfuCV
Uj0yfphpMxTD4cSbnV5HCxXdcs3gATh8zjNfIOQm9hgtMi9hft23x46sPizImEwb
45qkazwr7VBb4AfFNMHDZ9wV1avoDX9ej38d0sKzHKsKPLhJfTL3d4e8ockV0GCE
BPV5sw3LftPua3WW+L38uBu1eTGXh1dktgDA1EgyAk+Rsfh0bjeaDPoNkrUmBvKB
l98R6exb+1xzACzFNFLjjHuV8z2wX1fNAGzRKo3u/avSHBJ1+tV/W1bk9rW2mV0c
/z5qA/yrmqcb58NPhU7hpSSdVO5Qy7aoONbCrke5nEDwnzAJoNzDHJh4KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAC4mvTvjYtHPbqohkijMTGdouc/MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQUxpYTlPLU5pMGM5dXFpR1NLTXhNWjJpNXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXEMA0G
CSqGSIb3DQEBCwUAA4IBAQCO8Jb9BgZMpsKupo/wqAZn1ep49SeDKWfk1+eeqOwT
duJTG2ZB3mPgr06QgeNYtAO+FI0VZ+UQ3Kt4vRYhfO0JvD+M8adBBLisSnK/EbrR
ouvHfY6lT7epSWUb0RBncgmNUJxSAvfQSEtN7EVvvj6OnxyfaslXqlxVgZVZ/MQZ
yYi6mo5QBeGlSWUqfFJMRrYi4jRDVkoxfpNKXP6kIIcCw3hB9DEDflgGQlaoA92V
QLHGGn4NT/T18MJFODxNkWNa8Lc24hdKMoJE/ooXE7LEvc3B9X/X2NiQUdJ9uJrZ
ZdwsiHNopPUnwqz64izF0Sa34bLYCnBFyJYY6MlMif96
-----END CERTIFICATE-----