Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Fnr6Ym18vj_C7RTguM2tUVblmjg.roa
File:                     Fnr6Ym18vj_C7RTguM2tUVblmjg.roa (raw, json)
Hash identifier:          BQ8vg8taQAhRn5MpK744I8L1iUpYh3+LelwQqF6k/zQ=
Subject key identifier:   16:7A:FA:62:6D:7C:BE:3F:C2:ED:14:E0:B8:CD:AD:51:56:E5:9A:38
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018D844C1C7008E5F2A0514CD5F14AF357B5
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Fnr6Ym18vj_C7RTguM2tUVblmjg.roa
Signing time:             Wed 07 Feb 2024 15:59:56 +0000
ROA not before:           Wed 07 Feb 2024 15:59:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35916
IP address blocks:        163.5.104.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:84:4c:1c:70:08:e5:f2:a0:51:4c:d5:f1:4a:f3:57:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb  7 15:59:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=167afa626d7cbe3fc2ed14e0b8cdad5156e59a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:36:08:50:b8:58:3c:ed:ad:8d:89:17:bb:ad:
                    85:39:61:ea:b7:ac:2b:5b:84:71:3b:1d:13:2b:58:
                    54:39:83:cc:cf:a2:53:e7:67:59:be:f4:0c:91:8f:
                    ab:c5:9c:b7:7f:b8:a7:34:05:df:d5:8c:96:b4:05:
                    43:be:9f:89:cf:f0:03:0f:92:e4:ad:cb:a4:52:8f:
                    e4:e3:fe:79:17:7c:3d:bb:cd:ba:37:58:1f:b5:41:
                    23:9b:e2:82:c0:5f:4e:b7:36:7f:e6:2e:cc:d8:df:
                    cd:06:ab:28:e2:c7:b4:dd:6f:fc:08:74:02:f4:53:
                    0d:8a:f2:d1:a0:9a:d8:29:15:e5:7e:cb:c5:65:33:
                    4f:3e:c7:8a:11:8c:81:10:35:e0:d1:48:64:d4:39:
                    c8:e8:1f:26:4f:f0:4b:d6:c5:b4:76:10:f8:ff:de:
                    45:12:a1:01:eb:71:a0:c4:25:c9:2c:e8:05:ac:b3:
                    89:4f:3c:4e:c3:b1:5d:79:14:6b:3e:7c:41:9d:3a:
                    51:37:64:a5:75:10:54:e4:ac:51:4d:c9:73:5b:d5:
                    a0:93:03:04:d5:0d:fe:f7:c6:81:ba:c7:d2:21:d1:
                    7f:e7:83:6f:ec:44:05:e6:ec:48:ff:61:74:c5:95:
                    5e:e1:a4:09:d0:7a:23:4d:12:a2:cd:ad:6a:93:cc:
                    9e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:7A:FA:62:6D:7C:BE:3F:C2:ED:14:E0:B8:CD:AD:51:56:E5:9A:38
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Fnr6Ym18vj_C7RTguM2tUVblmjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.104.0/24
                  163.5.106.0/24
                  163.5.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:e0:ee:24:6c:1d:d1:ec:be:fe:f5:b2:79:49:c9:c6:af:71:
         0a:18:95:2e:24:e7:b5:9c:86:a4:86:eb:d9:12:d5:51:ff:e1:
         3b:0c:30:f2:34:ad:5d:5e:cd:8a:49:d1:b5:7f:13:fe:11:1b:
         f0:0e:84:2a:a8:19:99:76:7f:a6:79:7f:7a:74:e4:21:3b:d3:
         e1:ea:ee:18:a9:59:6e:04:1f:f1:bb:40:44:d3:99:86:8c:c6:
         1c:7a:8f:f9:f8:25:0f:6b:76:44:be:77:3e:dc:c9:ff:a9:40:
         40:16:1f:01:30:b7:dc:e3:a7:b4:88:5b:48:73:f4:8a:09:a2:
         52:4f:41:02:14:fd:4e:cf:95:bd:4e:40:44:db:df:8e:04:90:
         e6:cc:e7:70:ba:5c:16:f8:5d:ea:0f:c6:15:09:74:24:45:6e:
         07:a4:59:25:6d:20:b9:4e:ea:c7:cb:04:ad:58:bb:9c:3b:77:
         76:bb:5a:70:65:e0:17:d1:67:ad:77:9b:8c:a4:bd:e4:a5:d5:
         ee:89:30:33:22:90:11:65:25:3f:60:8b:4b:ac:7d:15:3c:b6:
         ff:57:26:79:4b:ac:9e:bb:a5:4d:70:db:e8:34:09:6a:b9:f7:
         1b:76:ea:e9:bc:b0:be:20:cd:d6:6f:dd:0f:14:12:01:3b:0f:
         5a:8b:c1:d5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2ETBxwCOXyoFFM1fFK81e1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMjA3MTU1OTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjdhZmE2MjZkN2NiZTNmYzJlZDE0ZTBiOGNkYWQ1MTU2ZTU5YTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzYIULhYPO2tjYkXu62FOWHqt6wr
W4RxOx0TK1hUOYPMz6JT52dZvvQMkY+rxZy3f7inNAXf1YyWtAVDvp+Jz/ADD5Lk
rcukUo/k4/55F3w9u826N1gftUEjm+KCwF9OtzZ/5i7M2N/NBqso4se03W/8CHQC
9FMNivLRoJrYKRXlfsvFZTNPPseKEYyBEDXg0Uhk1DnI6B8mT/BL1sW0dhD4/95F
EqEB63GgxCXJLOgFrLOJTzxOw7FdeRRrPnxBnTpRN2SldRBU5KxRTclzW9WgkwME
1Q3+98aBusfSIdF/54Nv7EQF5uxI/2F0xZVe4aQJ0HojTRKiza1qk8yeCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBZ6+mJtfL4/wu0U4LjNrVFW5Zo4MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRm5yNlltMTh2al9DN1JUZ3VNMnRVVmJsbWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowVoAwQA
owVqAwQAowXKMA0GCSqGSIb3DQEBCwUAA4IBAQBW4O4kbB3R7L7+9bJ5ScnGr3EK
GJUuJOe1nIakhuvZEtVR/+E7DDDyNK1dXs2KSdG1fxP+ERvwDoQqqBmZdn+meX96
dOQhO9Ph6u4YqVluBB/xu0BE05mGjMYceo/5+CUPa3ZEvnc+3Mn/qUBAFh8BMLfc
46e0iFtIc/SKCaJST0ECFP1Oz5W9TkBE29+OBJDmzOdwulwW+F3qD8YVCXQkRW4H
pFklbSC5TurHywStWLucO3d2u1pwZeAX0Wetd5uMpL3kpdXuiTAzIpARZSU/YItL
rH0VPLb/VyZ5S6yeu6VNcNvoNAlqufcbdurpvLC+IM3Wb90PFBIBOw9ai8HV
-----END CERTIFICATE-----