Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Dxv_bbTDCWdsKUEuqEuLtdFr19U.roa
File:                     Dxv_bbTDCWdsKUEuqEuLtdFr19U.roa (raw, json)
Hash identifier:          ks2rzYnpGA0eVo07gyAsFNWSlajYApz8MoNk68UdgLw=
Subject key identifier:   0F:1B:FF:6D:B4:C3:09:67:6C:29:41:2E:A8:4B:8B:B5:D1:6B:D7:D5
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A3C11B3BC5900CC2976238646E42C
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Dxv_bbTDCWdsKUEuqEuLtdFr19U.roa
Signing time:             Wed 01 Jan 2025 19:49:12 +0000
ROA not before:           Wed 01 Jan 2025 19:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198883
IP address blocks:        163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.213.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3c:11:b3:bc:59:00:cc:29:76:23:86:46:e4:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f1bff6db4c309676c29412ea84b8bb5d16bd7d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:98:d9:04:e5:c7:19:3e:34:e6:6b:cc:74:3d:
                    a8:9f:cc:91:16:30:03:52:0c:fe:02:a5:c1:7f:a0:
                    27:7e:9d:48:c8:05:aa:8d:9b:6f:94:ed:53:f7:85:
                    76:24:b2:fb:b1:6b:79:29:2c:8e:93:ed:40:e1:18:
                    0b:7b:bb:3f:8a:00:7a:3e:a2:2e:0c:19:95:d2:11:
                    6f:20:6a:a0:6d:c5:06:55:da:9c:af:ea:2b:2c:1b:
                    38:1c:04:2c:2d:92:93:9c:0a:97:14:fe:97:50:bd:
                    8f:e7:21:ea:16:6d:62:8c:46:a9:c6:de:14:a9:89:
                    f1:8e:e5:0e:4e:5e:6b:f2:b8:6a:97:e8:06:dc:0f:
                    76:3e:33:1c:0c:7c:6c:25:42:1c:4b:67:b3:ca:96:
                    04:a3:76:3a:ca:da:7d:96:cc:c8:c6:be:b0:6b:16:
                    34:f3:7f:21:29:8b:74:f0:5a:84:32:d1:d1:db:c6:
                    49:09:05:9a:c7:71:b7:b8:91:0e:82:c2:7b:67:74:
                    fa:90:e2:77:bc:07:80:89:9a:99:f4:16:78:8a:57:
                    f1:ef:e7:57:90:f8:e4:3a:b2:a6:9b:e0:6d:67:e8:
                    0b:df:98:10:3e:f4:65:f1:39:24:d4:4a:d8:15:3e:
                    94:f3:f8:b4:20:a8:e8:96:aa:e4:82:69:8d:fa:a3:
                    b2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1B:FF:6D:B4:C3:09:67:6C:29:41:2E:A8:4B:8B:B5:D1:6B:D7:D5
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Dxv_bbTDCWdsKUEuqEuLtdFr19U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.192.0/23
                  163.5.213.0-163.5.214.255

    Signature Algorithm: sha256WithRSAEncryption
         93:91:8e:59:3c:bf:d6:a3:19:85:44:05:4f:bd:97:45:82:06:
         ff:4f:1c:44:c8:12:a0:7f:84:e6:4b:f0:27:1c:bc:ee:9f:b1:
         4d:89:cc:37:4e:fe:5d:63:52:a6:15:5f:37:62:38:c6:e7:c5:
         dd:f4:77:10:74:d8:4c:06:32:8f:6c:e4:2b:f2:e4:9e:46:a3:
         2e:bb:59:2c:f4:74:27:92:6e:2c:5d:61:07:84:1f:2f:a1:e6:
         ba:63:ae:76:62:d4:b5:f8:06:7e:4a:21:d8:d0:ca:39:73:b2:
         fb:09:6d:42:ae:3f:40:04:94:9a:56:be:7b:46:47:df:25:71:
         ac:01:22:dc:64:e0:e8:62:7b:da:e8:dc:98:4d:31:17:d6:81:
         c4:4d:6e:32:f3:d0:f2:82:02:5c:f8:93:55:48:66:40:60:ca:
         1d:d0:d3:f8:c6:b6:22:63:7a:92:41:16:da:4b:37:81:2e:da:
         96:c5:a5:08:f3:14:be:33:35:86:b8:be:e0:37:62:b2:b7:1f:
         36:18:cb:c6:c5:73:82:00:ad:8a:7d:3e:7f:17:44:9b:00:c0:
         c7:ce:94:85:2b:d6:28:59:7d:c3:b9:9c:33:ca:a0:91:11:ab:
         39:0b:57:ba:87:32:9a:2e:cf:4b:96:52:fb:c6:ad:56:85:08:
         e4:d0:19:c2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQjajwRs7xZAMwpdiOGRuQsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjFiZmY2ZGI0YzMwOTY3NmMyOTQxMmVhODRiOGJiNWQxNmJkN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJjZBOXHGT405mvMdD2on8yRFjAD
Ugz+AqXBf6Anfp1IyAWqjZtvlO1T94V2JLL7sWt5KSyOk+1A4RgLe7s/igB6PqIu
DBmV0hFvIGqgbcUGVdqcr+orLBs4HAQsLZKTnAqXFP6XUL2P5yHqFm1ijEapxt4U
qYnxjuUOTl5r8rhql+gG3A92PjMcDHxsJUIcS2ezypYEo3Y6ytp9lszIxr6waxY0
838hKYt08FqEMtHR28ZJCQWax3G3uJEOgsJ7Z3T6kOJ3vAeAiZqZ9BZ4ilfx7+dX
kPjkOrKmm+BtZ+gL35gQPvRl8Tkk1ErYFT6U8/i0IKjolqrkgmmN+qOyiwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFA8b/220wwlnbClBLqhLi7XRa9fVMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRHh2X2JiVERDV2RzS1VFdXFFdUx0ZEZyMTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBowXAMAwD
BACjBdUDBACjBdYwDQYJKoZIhvcNAQELBQADggEBAJORjlk8v9ajGYVEBU+9l0WC
Bv9PHETIEqB/hOZL8CccvO6fsU2JzDdO/l1jUqYVXzdiOMbnxd30dxB02EwGMo9s
5Cvy5J5Goy67WSz0dCeSbixdYQeEHy+h5rpjrnZi1LX4Bn5KIdjQyjlzsvsJbUKu
P0AElJpWvntGR98lcawBItxk4Ohie9ro3JhNMRfWgcRNbjLz0PKCAlz4k1VIZkBg
yh3Q0/jGtiJjepJBFtpLN4Eu2pbFpQjzFL4zNYa4vuA3YrK3HzYYy8bFc4IArYp9
Pn8XRJsAwMfOlIUr1ihZfcO5nDPKoJERqzkLV7qHMpouz0uWUvvGrVaFCOTQGcI=
-----END CERTIFICATE-----