Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Cj0a8znlx3zDdRAItfI1oomBR2E.roa
File:                     Cj0a8znlx3zDdRAItfI1oomBR2E.roa (raw, json)
Hash identifier:          JSgnUWRqAtIGq5HiYAwG0+/Yesccr8SRzpiDYTc7AGE=
Subject key identifier:   0A:3D:1A:F3:39:E5:C7:7C:C3:75:10:08:B5:F2:35:A2:89:81:47:61
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A2289A63BD0E429738C7181089A86
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Cj0a8znlx3zDdRAItfI1oomBR2E.roa
Signing time:             Wed 01 Jan 2025 19:49:05 +0000
ROA not before:           Wed 01 Jan 2025 19:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        163.5.74.0/24 maxlen: 24
                          163.5.83.0/24 maxlen: 24
                          163.5.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:22:89:a6:3b:d0:e4:29:73:8c:71:81:08:9a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a3d1af339e5c77cc3751008b5f235a289814761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f5:6e:a1:47:5a:56:dc:47:de:71:fd:dd:49:
                    86:94:da:6d:0e:d9:d9:86:6a:19:70:53:a6:b9:b2:
                    a2:7f:4b:65:92:5e:2c:47:64:4d:3d:ed:c3:be:7c:
                    84:38:24:97:82:b1:7c:db:2f:d3:8f:8e:a3:60:8d:
                    9a:63:32:4b:65:9c:5d:8b:5b:c8:e2:cc:38:11:be:
                    52:a9:51:87:9e:af:5b:cb:7d:2d:2f:85:40:19:b1:
                    58:7f:fc:0f:f3:e0:fe:20:b2:4e:53:65:c1:23:18:
                    b6:ea:3c:ba:e2:ba:ec:fe:0c:c8:63:b1:d3:60:15:
                    56:76:83:66:74:66:16:f0:5b:12:40:9f:de:b7:d6:
                    2b:a9:1b:1d:b7:f2:4f:bd:38:0d:d3:76:63:08:01:
                    b0:5b:04:93:3c:e6:d8:31:4c:68:b6:67:3c:7b:93:
                    b1:95:7b:ab:e6:3f:c5:2d:e8:59:3c:d4:4c:68:7a:
                    f1:b3:b9:31:d9:09:dd:8a:e4:5b:38:72:1a:23:87:
                    f4:c3:c7:2b:77:b6:32:67:00:ff:ef:2d:66:02:b2:
                    94:1f:0c:37:53:5a:33:ba:7e:41:69:be:27:46:17:
                    3b:1f:ab:6e:8b:3c:a4:2c:8f:24:8d:6b:5d:69:70:
                    07:4d:1e:19:70:29:1d:1c:cb:6e:ec:6c:09:a7:b0:
                    cf:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:3D:1A:F3:39:E5:C7:7C:C3:75:10:08:B5:F2:35:A2:89:81:47:61
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Cj0a8znlx3zDdRAItfI1oomBR2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.74.0/24
                  163.5.83.0/24
                  163.5.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:3a:5a:5b:8c:fb:c7:21:46:ae:df:a8:38:c0:25:73:91:59:
         58:f2:90:f9:b7:18:7f:6a:e7:21:5f:2a:e1:e2:0f:1f:ca:50:
         55:3b:94:97:be:a5:4a:f7:29:35:6e:21:a3:60:98:4e:66:bd:
         fd:e6:36:3d:3c:25:64:d4:81:70:cd:f0:ec:0b:03:66:8c:b0:
         5d:64:a6:dd:4d:4f:8e:b8:b0:ea:22:80:4c:b6:ed:b2:54:03:
         12:3f:57:42:c2:9b:1f:8d:5c:61:86:e5:46:d8:4f:5b:e8:96:
         41:38:65:53:b7:15:8e:3f:f9:ab:0b:45:55:86:0f:f1:23:de:
         00:c8:72:62:dd:bd:b1:a6:b6:df:e5:b0:9f:f3:2e:c1:d3:81:
         14:4b:6b:6f:d0:4e:6d:c1:77:ad:01:32:09:9d:4d:2f:12:05:
         5a:4c:f5:47:0f:d6:0b:eb:4d:c2:19:96:57:66:4c:41:bc:5d:
         ab:eb:3c:db:55:67:25:98:23:33:cb:99:33:28:68:9e:bd:59:
         1d:97:5e:1e:6f:ab:d6:51:c3:e3:f8:f8:f0:e8:bc:b9:16:1c:
         8c:f9:5c:62:c2:cc:5a:b9:d5:0c:d2:40:65:ae:63:d7:d4:12:
         27:ee:b3:12:d6:ac:d0:1f:39:cf:c7:54:11:e9:39:7b:e4:80:
         25:3d:1c:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjaiKJpjvQ5ClzjHGBCJqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTNkMWFmMzM5ZTVjNzdjYzM3NTEwMDhiNWYyMzVhMjg5ODE0NzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPVuoUdaVtxH3nH93UmGlNptDtnZ
hmoZcFOmubKif0tlkl4sR2RNPe3DvnyEOCSXgrF82y/Tj46jYI2aYzJLZZxdi1vI
4sw4Eb5SqVGHnq9by30tL4VAGbFYf/wP8+D+ILJOU2XBIxi26jy64rrs/gzIY7HT
YBVWdoNmdGYW8FsSQJ/et9YrqRsdt/JPvTgN03ZjCAGwWwSTPObYMUxotmc8e5Ox
lXur5j/FLehZPNRMaHrxs7kx2QndiuRbOHIaI4f0w8crd7YyZwD/7y1mArKUHww3
U1ozun5Bab4nRhc7H6tuizykLI8kjWtdaXAHTR4ZcCkdHMtu7GwJp7DPgQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAo9GvM55cd8w3UQCLXyNaKJgUdhMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQ2owYTh6bmx4M3pEZFJBSXRmSTFvb21CUjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowVKAwQA
owVTAwQAowWXMA0GCSqGSIb3DQEBCwUAA4IBAQBaOlpbjPvHIUau36g4wCVzkVlY
8pD5txh/auchXyrh4g8fylBVO5SXvqVK9yk1biGjYJhOZr395jY9PCVk1IFwzfDs
CwNmjLBdZKbdTU+OuLDqIoBMtu2yVAMSP1dCwpsfjVxhhuVG2E9b6JZBOGVTtxWO
P/mrC0VVhg/xI94AyHJi3b2xprbf5bCf8y7B04EUS2tv0E5twXetATIJnU0vEgVa
TPVHD9YL603CGZZXZkxBvF2r6zzbVWclmCMzy5kzKGievVkdl14eb6vWUcPj+Pjw
6Ly5FhyM+VxiwsxaudUM0kBlrmPX1BIn7rMS1qzQHznPx1QR6Tl75IAlPRzG
-----END CERTIFICATE-----