Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/HeL_0ndLhGJDUN0zpojS5-i2Q3I.roa
File:                     HeL_0ndLhGJDUN0zpojS5-i2Q3I.roa (raw, json)
Hash identifier:          Wi4rE+gEt6QtoZs06CAi77aKqr0uHVlsIxt12ykV9pw=
Subject key identifier:   1D:E2:FF:D2:77:4B:84:62:43:50:DD:33:A6:88:D2:E7:E8:B6:43:72
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4254F5D6F8EDC98C8A176D8D4B8BB45
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/HeL_0ndLhGJDUN0zpojS5-i2Q3I.roa
Signing time:             Mon 01 Jan 2024 08:30:28 +0000
ROA not before:           Mon 01 Jan 2024 08:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        163.5.77.0/24 maxlen: 24
                          163.5.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4f:5d:6f:8e:dc:98:c8:a1:76:d8:d4:b8:bb:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1de2ffd2774b84624350dd33a688d2e7e8b64372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:12:dd:e4:bb:8d:11:be:04:a2:5e:58:1d:4f:
                    91:74:42:6b:0a:d7:15:97:74:4f:a5:6c:3a:a6:02:
                    12:cd:5f:cc:70:3e:6b:da:8d:39:d0:9a:b2:43:4f:
                    df:be:c8:4d:97:a5:3e:87:a9:be:39:72:2e:de:73:
                    e0:a4:f1:64:79:8b:c7:a1:c0:d4:9b:c1:29:ae:6a:
                    57:94:61:86:87:bb:f4:24:d2:6e:73:a9:7a:0b:ef:
                    88:6a:53:cb:d3:15:89:43:de:3f:ca:fa:93:bc:f2:
                    0a:85:6f:bb:dd:60:ba:4e:a2:2a:5c:cf:40:95:3b:
                    1a:1f:f8:b6:11:e9:65:2d:bd:91:b3:87:53:d4:5d:
                    b4:4b:95:d7:d0:c0:08:84:a0:f2:f6:6c:6a:a5:ea:
                    11:ad:db:6f:1d:18:9e:1b:71:d1:74:6f:2c:ae:c2:
                    d6:9b:53:4e:39:93:8d:ce:c2:7b:e2:3f:15:e1:8b:
                    64:af:e6:c6:60:e9:18:e9:73:3c:ea:00:69:e9:41:
                    a8:f2:90:cf:f8:42:2d:84:f5:c3:73:32:31:39:49:
                    bf:00:72:75:c1:34:7e:17:39:5a:95:c3:0c:8e:95:
                    f0:7b:45:f4:e1:18:3b:fc:4a:4e:65:af:c1:b7:a1:
                    b2:73:9c:c8:c8:b0:6f:ee:d4:20:76:ad:20:ba:a4:
                    c0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:E2:FF:D2:77:4B:84:62:43:50:DD:33:A6:88:D2:E7:E8:B6:43:72
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/HeL_0ndLhGJDUN0zpojS5-i2Q3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.72.0/24
                  163.5.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:1d:08:2e:ef:69:c6:98:f8:ce:4a:10:68:ad:f2:dd:25:15:
         11:e7:bd:2f:24:ff:2c:0f:c5:95:88:c2:fc:49:98:32:bd:c6:
         5b:c8:e4:df:9a:9a:93:02:a3:27:f3:de:a6:40:71:98:2f:64:
         35:d2:bf:2b:76:74:40:80:58:a8:5d:42:69:b0:bd:4e:0e:45:
         7f:e1:0b:bc:6b:3b:cd:5a:bf:49:bd:91:7a:10:a1:f8:99:7d:
         73:d9:6c:78:af:43:33:dd:e1:88:70:f9:78:1c:58:47:96:b4:
         52:58:a2:de:59:d5:98:7c:9d:a8:c2:b6:26:d5:94:d3:b9:e0:
         75:f0:c5:20:9b:d7:00:a1:45:8c:0a:41:e4:ea:47:95:98:cf:
         f0:5f:ca:b7:19:23:df:2b:49:da:ef:09:07:1b:61:2b:11:33:
         3a:06:ba:2a:b1:9b:21:4b:e8:af:a0:7b:ec:9b:09:b8:cc:ef:
         4a:a1:1e:54:46:ab:82:be:11:19:bf:e8:2f:b6:83:5a:41:43:
         47:04:63:fe:3d:94:27:9b:4e:4d:a9:76:6d:5a:41:67:72:ad:
         50:62:1a:96:00:b0:e2:d9:62:8c:a8:96:99:0d:03:74:52:33:
         7d:1c:09:28:c1:5c:52:b6:61:ac:85:0b:97:53:01:7a:d4:2f:
         90:9b:14:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJU9db47cmMihdtjUuLtFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGUyZmZkMjc3NGI4NDYyNDM1MGRkMzNhNjg4ZDJlN2U4YjY0MzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRLd5LuNEb4Eol5YHU+RdEJrCtcV
l3RPpWw6pgISzV/McD5r2o050JqyQ0/fvshNl6U+h6m+OXIu3nPgpPFkeYvHocDU
m8EprmpXlGGGh7v0JNJuc6l6C++IalPL0xWJQ94/yvqTvPIKhW+73WC6TqIqXM9A
lTsaH/i2EellLb2Rs4dT1F20S5XX0MAIhKDy9mxqpeoRrdtvHRieG3HRdG8srsLW
m1NOOZONzsJ74j8V4Ytkr+bGYOkY6XM86gBp6UGo8pDP+EIthPXDczIxOUm/AHJ1
wTR+FzlalcMMjpXwe0X04Rg7/EpOZa/Bt6Gyc5zIyLBv7tQgdq0guqTAUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB3i/9J3S4RiQ1DdM6aI0ufotkNyMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSGVMXzBuZExoR0pEVU4wenBvalM1LWkyUTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVIAwQA
owVNMA0GCSqGSIb3DQEBCwUAA4IBAQBQHQgu72nGmPjOShBorfLdJRUR570vJP8s
D8WViML8SZgyvcZbyOTfmpqTAqMn896mQHGYL2Q10r8rdnRAgFioXUJpsL1ODkV/
4Qu8azvNWr9JvZF6EKH4mX1z2Wx4r0Mz3eGIcPl4HFhHlrRSWKLeWdWYfJ2owrYm
1ZTTueB18MUgm9cAoUWMCkHk6keVmM/wX8q3GSPfK0na7wkHG2ErETM6BroqsZsh
S+ivoHvsmwm4zO9KoR5URquCvhEZv+gvtoNaQUNHBGP+PZQnm05NqXZtWkFncq1Q
YhqWALDi2WKMqJaZDQN0UjN9HAkowVxStmGshQuXUwF61C+QmxRo
-----END CERTIFICATE-----