Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/G4yLOxskNNcJuEDUZyODqGlnejc.roa
File:                     G4yLOxskNNcJuEDUZyODqGlnejc.roa (raw, json)
Hash identifier:          AYPGke1C6vpq8TMpNc1L5trLwYkA/1XuJpBUZYxjJqk=
Subject key identifier:   1B:8C:8B:3B:1B:24:34:D7:09:B8:40:D4:67:23:83:A8:69:67:7A:37
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0195B97F1C6D8B59DAABD4CE2018973D0E33
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/G4yLOxskNNcJuEDUZyODqGlnejc.roa
Signing time:             Fri 21 Mar 2025 16:17:50 +0000
ROA not before:           Fri 21 Mar 2025 16:17:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36530
IP address blocks:        163.5.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b9:7f:1c:6d:8b:59:da:ab:d4:ce:20:18:97:3d:0e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 21 16:17:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b8c8b3b1b2434d709b840d4672383a869677a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ec:91:bd:35:17:a4:ad:8c:9d:c3:c3:9f:ff:
                    a1:2b:15:3a:e2:ff:d2:e3:07:0b:cf:d3:6c:ec:82:
                    40:fe:51:30:14:02:63:6c:26:9c:02:80:53:60:2b:
                    38:98:5e:77:16:17:ef:d0:08:9d:dc:d5:a0:44:a9:
                    2b:11:91:0d:45:17:80:60:83:3c:23:e2:d9:ac:be:
                    0e:32:58:8b:e2:45:9c:9a:28:ca:e0:74:6f:9e:27:
                    db:d2:86:09:e4:aa:54:dc:e1:84:c9:07:ce:ca:a2:
                    4b:7d:8c:7b:fc:c3:ad:45:9c:69:5f:92:a0:eb:bb:
                    1b:9b:c6:e8:69:a3:55:98:9c:47:af:04:6c:27:c0:
                    53:ca:09:58:97:ac:d5:93:1b:55:77:99:11:b4:55:
                    12:c3:d5:2c:7e:09:f6:65:c6:3d:31:77:3d:16:5e:
                    e6:cd:ae:9b:39:4a:c3:b0:ff:f6:ea:b0:7e:8c:cf:
                    a1:78:ba:bc:1c:e5:d5:44:c0:ac:7b:ee:fa:d1:41:
                    7a:3a:99:71:d6:61:a4:3f:af:cf:aa:64:fe:c6:ad:
                    5e:70:08:fa:80:4f:e6:43:de:ca:50:e0:e8:a3:87:
                    75:45:7a:14:a4:45:4b:1a:ae:cf:92:62:e1:75:4d:
                    28:c8:1f:3b:03:65:d6:1a:a5:f9:85:1b:f9:de:59:
                    60:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:8C:8B:3B:1B:24:34:D7:09:B8:40:D4:67:23:83:A8:69:67:7A:37
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/G4yLOxskNNcJuEDUZyODqGlnejc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:0a:42:16:65:6d:62:1a:fd:72:50:44:b5:c5:cd:c6:a6:6e:
         d8:c8:c0:36:df:c6:82:9a:e2:bb:39:ea:85:6c:eb:36:ce:31:
         04:41:ec:b3:8e:d9:a9:08:97:c9:7d:a1:f9:a1:68:64:d0:86:
         ab:0c:6b:24:7c:8c:27:67:a1:45:7a:fb:cd:00:9a:65:4f:6b:
         c6:ca:ea:b8:77:d6:56:3d:c4:50:5e:69:91:ec:98:4b:c7:23:
         48:7c:3a:63:67:d7:41:36:c9:bb:0b:13:2c:5c:b7:cc:36:3e:
         55:38:c7:d5:03:51:8b:18:54:97:02:04:23:33:e2:d1:f8:1c:
         29:be:89:0f:bf:bb:a2:07:7d:90:91:35:3c:57:54:10:db:1a:
         e6:1d:25:94:88:6a:79:29:c9:57:ba:5d:f4:cd:96:19:c9:9a:
         0f:e7:30:f8:1c:fe:71:c4:73:04:5f:0a:94:11:ef:0f:47:f1:
         e0:ec:ba:4e:2d:34:b4:b8:6d:f1:00:55:86:a4:4f:19:5c:c0:
         f5:d3:25:4d:58:cc:5d:30:de:c4:a2:18:c6:ef:29:a2:5d:d9:
         b1:8f:33:c3:eb:43:75:bc:80:42:e7:ce:66:3c:96:e9:f3:d7:
         01:be:a7:a1:f6:0f:eb:6b:9c:d3:e1:10:5c:57:e2:44:fb:71:
         d6:5a:b3:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW5fxxti1naq9TOIBiXPQ4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMzIxMTYxNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjhjOGIzYjFiMjQzNGQ3MDliODQwZDQ2NzIzODNhODY5Njc3YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreyRvTUXpK2MncPDn/+hKxU64v/S
4wcLz9Ns7IJA/lEwFAJjbCacAoBTYCs4mF53Fhfv0Aid3NWgRKkrEZENRReAYIM8
I+LZrL4OMliL4kWcmijK4HRvnifb0oYJ5KpU3OGEyQfOyqJLfYx7/MOtRZxpX5Kg
67sbm8boaaNVmJxHrwRsJ8BTyglYl6zVkxtVd5kRtFUSw9Usfgn2ZcY9MXc9Fl7m
za6bOUrDsP/26rB+jM+heLq8HOXVRMCse+760UF6Oplx1mGkP6/PqmT+xq1ecAj6
gE/mQ97KUODoo4d1RXoUpEVLGq7PkmLhdU0oyB87A2XWGqX5hRv53llgnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuMizsbJDTXCbhA1Gcjg6hpZ3o3MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRzR5TE94c2tOTmNKdUVEVVp5T0RxR2xuZWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXlMA0G
CSqGSIb3DQEBCwUAA4IBAQB/CkIWZW1iGv1yUES1xc3Gpm7YyMA238aCmuK7OeqF
bOs2zjEEQeyzjtmpCJfJfaH5oWhk0IarDGskfIwnZ6FFevvNAJplT2vGyuq4d9ZW
PcRQXmmR7JhLxyNIfDpjZ9dBNsm7CxMsXLfMNj5VOMfVA1GLGFSXAgQjM+LR+Bwp
vokPv7uiB32QkTU8V1QQ2xrmHSWUiGp5KclXul30zZYZyZoP5zD4HP5xxHMEXwqU
Ee8PR/Hg7LpOLTS0uG3xAFWGpE8ZXMD10yVNWMxdMN7EohjG7ymiXdmxjzPD60N1
vIBC585mPJbp89cBvqeh9g/ra5zT4RBcV+JE+3HWWrPf
-----END CERTIFICATE-----