Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GxaCo1MUcBeUqjsIt1MSIlYQnEo.roa
File:                     GxaCo1MUcBeUqjsIt1MSIlYQnEo.roa (raw, json)
Hash identifier:          2jgpEaQEtNAJ7zsWMBMohlZf5UJTEvsV4aw2h50W1oI=
Subject key identifier:   1B:16:82:A3:53:14:70:17:94:AA:3B:08:B7:53:12:22:56:10:9C:4A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A3CAABFE6A46DE05A152F763C3B4F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GxaCo1MUcBeUqjsIt1MSIlYQnEo.roa
Signing time:             Wed 01 Jan 2025 19:49:12 +0000
ROA not before:           Wed 01 Jan 2025 19:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199058
IP address blocks:        163.5.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3c:aa:bf:e6:a4:6d:e0:5a:15:2f:76:3c:3b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b1682a35314701794aa3b08b753122256109c4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0c:5b:83:ec:c5:24:cf:b3:2a:c5:74:4e:e5:
                    8e:eb:66:d2:d2:3f:39:65:4d:fd:cb:c7:2a:a4:d3:
                    49:69:f6:c2:b6:c6:6d:90:e7:3c:08:71:56:b0:44:
                    59:cc:f9:3e:ff:90:44:6f:0a:fb:75:25:b5:8f:70:
                    db:26:dd:6a:11:f2:74:84:8e:65:31:ae:fe:79:17:
                    eb:7d:81:17:13:36:5e:bc:99:d9:cd:0b:51:cb:4d:
                    01:07:7c:13:bb:37:f9:70:56:2f:03:4c:15:b7:6e:
                    14:c8:25:97:a2:77:49:50:00:9e:db:8a:f2:d4:e5:
                    c2:f0:bc:8a:dc:82:e6:05:62:e9:97:28:01:eb:36:
                    7b:25:d1:01:23:b0:43:c1:64:63:05:11:b8:20:2f:
                    7b:dd:50:d0:7f:7e:b8:d3:da:2a:66:0d:71:f5:c3:
                    0e:e8:16:66:ca:b3:1b:2d:cb:4d:76:c7:f4:f0:26:
                    e9:3f:a7:5b:37:d8:3f:90:75:5c:6a:84:3f:68:c3:
                    13:25:49:8c:b8:a2:77:a4:79:10:a7:dd:00:e9:9d:
                    cc:68:a7:5a:ce:72:52:7b:57:65:e7:59:56:03:b6:
                    a3:ee:43:04:f2:31:dc:54:43:1d:16:1a:ae:73:c8:
                    36:fc:ba:84:18:b6:38:fe:83:d6:46:f7:18:8b:f5:
                    0d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:16:82:A3:53:14:70:17:94:AA:3B:08:B7:53:12:22:56:10:9C:4A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GxaCo1MUcBeUqjsIt1MSIlYQnEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:9f:b7:9a:78:65:dc:ce:74:c9:6e:fa:c1:25:cc:21:fe:1b:
         e0:cd:0f:ba:b5:01:80:69:a5:54:1d:a7:60:88:8a:f1:1c:9f:
         22:6b:1f:00:37:79:1e:33:4f:f5:5f:32:c8:ee:90:a3:3b:6d:
         74:df:39:47:13:84:72:47:5e:78:2c:7c:6e:34:c8:ab:1e:5c:
         b3:a1:80:67:87:30:75:e2:1d:f7:9e:e2:7d:c8:7e:7c:23:24:
         ee:04:d1:50:f2:2a:28:62:1d:4f:c6:eb:02:c2:2f:47:36:75:
         de:fd:02:c4:65:b6:2d:2c:df:4a:22:c5:e0:1e:d9:ca:a5:d7:
         9a:53:ad:63:b0:45:dc:05:38:85:51:dc:1b:eb:5d:ac:08:ba:
         09:68:74:53:bc:d8:f7:3f:60:c3:20:ed:29:86:79:93:bb:9f:
         c5:28:cc:fd:38:e4:6e:28:47:15:12:b5:56:bd:d1:9f:9b:66:
         6a:d0:c4:d6:87:df:8a:a5:93:3c:e1:3c:66:4c:2b:30:2b:4d:
         e7:0e:6e:77:ce:26:ce:37:df:0e:ab:e0:f2:d7:dc:bd:ab:e7:
         f9:05:9e:5e:a6:76:a4:d1:0b:46:80:e0:fe:1b:c0:21:96:b7:
         71:fc:27:ad:47:40:a3:fd:be:d8:46:6b:c0:18:b7:1b:58:01:
         66:32:66:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajyqv+akbeBaFS92PDtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjE2ODJhMzUzMTQ3MDE3OTRhYTNiMDhiNzUzMTIyMjU2MTA5YzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgxbg+zFJM+zKsV0TuWO62bS0j85
ZU39y8cqpNNJafbCtsZtkOc8CHFWsERZzPk+/5BEbwr7dSW1j3DbJt1qEfJ0hI5l
Ma7+eRfrfYEXEzZevJnZzQtRy00BB3wTuzf5cFYvA0wVt24UyCWXondJUACe24ry
1OXC8LyK3ILmBWLplygB6zZ7JdEBI7BDwWRjBRG4IC973VDQf36409oqZg1x9cMO
6BZmyrMbLctNdsf08CbpP6dbN9g/kHVcaoQ/aMMTJUmMuKJ3pHkQp90A6Z3MaKda
znJSe1dl51lWA7aj7kME8jHcVEMdFhquc8g2/LqEGLY4/oPWRvcYi/UN9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsWgqNTFHAXlKo7CLdTEiJWEJxKMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvR3hhQ28xTVVjQmVVcWpzSXQxTVNJbFlRbkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXPMA0G
CSqGSIb3DQEBCwUAA4IBAQCRn7eaeGXcznTJbvrBJcwh/hvgzQ+6tQGAaaVUHadg
iIrxHJ8iax8AN3keM0/1XzLI7pCjO2103zlHE4RyR154LHxuNMirHlyzoYBnhzB1
4h33nuJ9yH58IyTuBNFQ8iooYh1PxusCwi9HNnXe/QLEZbYtLN9KIsXgHtnKpdea
U61jsEXcBTiFUdwb612sCLoJaHRTvNj3P2DDIO0phnmTu5/FKMz9OORuKEcVErVW
vdGfm2Zq0MTWh9+KpZM84TxmTCswK03nDm53zibON98Oq+Dy19y9q+f5BZ5epnak
0QtGgOD+G8Ahlrdx/CetR0Cj/b7YRmvAGLcbWAFmMmab
-----END CERTIFICATE-----