Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/E1EbuQRPfk32aD2LT9ACwQ5OTCY.roa
File:                     E1EbuQRPfk32aD2LT9ACwQ5OTCY.roa (raw, json)
Hash identifier:          ZUzdtauE/Bn657HUouKJathOj7vqdz1yzdX6hzkY8yY=
Subject key identifier:   13:51:1B:B9:04:4F:7E:4D:F6:68:3D:8B:4F:D0:02:C1:0E:4E:4C:26
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018E7BD252C4E8E5A8288AD381B50712DBD1
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/E1EbuQRPfk32aD2LT9ACwQ5OTCY.roa
Signing time:             Tue 26 Mar 2024 17:32:45 +0000
ROA not before:           Tue 26 Mar 2024 17:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        163.5.96.0/24 maxlen: 24
                          163.5.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:d2:52:c4:e8:e5:a8:28:8a:d3:81:b5:07:12:db:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 26 17:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13511bb9044f7e4df6683d8b4fd002c10e4e4c26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:55:9c:d0:91:67:27:73:95:e2:c9:ed:c5:76:
                    1a:a6:70:dc:d0:31:b8:7c:7d:03:c4:6b:60:3a:53:
                    aa:31:7a:7a:f6:ac:31:ec:a0:d1:ab:95:4c:64:ed:
                    4e:c8:ed:af:b1:66:1d:ea:61:5f:2e:4f:19:86:75:
                    b6:1e:89:5f:75:20:25:35:8d:52:01:34:f6:63:11:
                    18:14:74:28:6f:a4:26:2a:05:2c:4c:bb:8e:da:1b:
                    d8:61:05:95:67:2b:19:eb:92:22:ae:cf:e9:72:41:
                    af:3a:94:63:6f:ae:db:d1:62:5f:ea:22:c5:99:d3:
                    e9:e6:ea:c9:f5:58:06:fd:e6:98:ad:57:62:ac:96:
                    3e:e6:00:e6:8d:bd:c3:20:e5:71:ca:ff:ab:46:9b:
                    d8:d2:ca:db:bd:db:6b:fa:23:f4:56:e1:e2:3a:38:
                    ea:c7:62:27:f5:bd:90:d2:43:66:ae:c9:21:1c:d7:
                    a0:79:bc:21:1d:5b:90:40:e1:48:30:57:81:1f:85:
                    45:90:22:3f:92:3a:3a:f6:0e:ce:dc:25:ea:63:5a:
                    75:0a:03:59:7d:de:b4:11:ca:9a:d6:ab:e9:92:89:
                    7e:40:3b:cd:48:c4:fe:b1:04:14:0f:a7:38:f4:79:
                    69:a8:79:9d:e5:99:52:ae:83:83:93:6d:dc:65:cc:
                    3f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:51:1B:B9:04:4F:7E:4D:F6:68:3D:8B:4F:D0:02:C1:0E:4E:4C:26
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/E1EbuQRPfk32aD2LT9ACwQ5OTCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.96.0/24
                  163.5.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:99:fe:54:c7:55:ba:dd:d0:b6:76:df:cd:21:ce:79:d6:3b:
         ab:0b:5f:dc:f6:df:cc:0a:ca:33:aa:30:90:78:9a:c7:2d:c6:
         f6:b6:07:db:41:aa:22:59:08:95:e3:5c:d6:4f:80:c6:aa:14:
         e9:a8:93:28:1f:3d:42:b3:cf:cc:79:83:62:0d:ee:ed:da:06:
         0c:45:f9:99:6d:70:af:21:a1:f6:d5:82:98:6d:fd:2c:5e:fe:
         53:ea:bc:0f:a4:46:a8:7d:22:f5:f1:c8:c3:57:61:98:f1:f5:
         3c:7f:87:07:9b:21:da:3a:ba:7f:92:bc:dc:d4:6c:91:9f:e4:
         93:25:9a:7a:e3:08:68:d2:86:ae:80:9c:1e:af:07:e4:ac:12:
         d0:f9:54:39:ab:0a:35:b7:f2:f0:73:d9:25:ef:56:33:90:cb:
         62:c2:fc:85:fa:ec:a3:51:7b:9d:a5:5d:a0:47:58:d6:cc:07:
         22:82:a8:56:ec:b2:c8:5e:27:63:45:09:38:64:88:6f:ad:53:
         7d:da:f3:cd:7e:e3:74:dc:c2:6d:bf:9b:91:ac:bc:39:42:2b:
         fa:5e:17:9d:4f:d7:be:f6:2b:e2:04:30:ed:0d:2a:97:7e:d6:
         7e:0e:36:f2:6a:e8:60:e7:bf:c8:73:a3:d4:de:c3:76:48:32:
         17:f0:28:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY570lLE6OWoKIrTgbUHEtvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMzI2MTczMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzUxMWJiOTA0NGY3ZTRkZjY2ODNkOGI0ZmQwMDJjMTBlNGU0YzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1Wc0JFnJ3OV4sntxXYapnDc0DG4
fH0DxGtgOlOqMXp69qwx7KDRq5VMZO1OyO2vsWYd6mFfLk8ZhnW2HolfdSAlNY1S
ATT2YxEYFHQob6QmKgUsTLuO2hvYYQWVZysZ65Iirs/pckGvOpRjb67b0WJf6iLF
mdPp5urJ9VgG/eaYrVdirJY+5gDmjb3DIOVxyv+rRpvY0srbvdtr+iP0VuHiOjjq
x2In9b2Q0kNmrskhHNegebwhHVuQQOFIMFeBH4VFkCI/kjo69g7O3CXqY1p1CgNZ
fd60Ecqa1qvpkol+QDvNSMT+sQQUD6c49HlpqHmd5ZlSroODk23cZcw/gwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBNRG7kET35N9mg9i0/QAsEOTkwmMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRTFFYnVRUlBmazMyYUQyTFQ5QUN3UTVPVENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVgAwQA
owWBMA0GCSqGSIb3DQEBCwUAA4IBAQB2mf5Ux1W63dC2dt/NIc551jurC1/c9t/M
CsozqjCQeJrHLcb2tgfbQaoiWQiV41zWT4DGqhTpqJMoHz1Cs8/MeYNiDe7t2gYM
RfmZbXCvIaH21YKYbf0sXv5T6rwPpEaofSL18cjDV2GY8fU8f4cHmyHaOrp/krzc
1GyRn+STJZp64who0oaugJwerwfkrBLQ+VQ5qwo1t/Lwc9kl71YzkMtiwvyF+uyj
UXudpV2gR1jWzAcigqhW7LLIXidjRQk4ZIhvrVN92vPNfuN03MJtv5uRrLw5Qiv6
XhedT9e+9iviBDDtDSqXftZ+Djbyauhg57/Ic6PU3sN2SDIX8Cju
-----END CERTIFICATE-----