Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/HwmzH3DRrXClwcY8f2wVAOVWnlc.roa
File:                     HwmzH3DRrXClwcY8f2wVAOVWnlc.roa (raw, json)
Hash identifier:          IA3W6raYixr7XrZslw8O8qN0rrqknuEG9XOcRmyv5YM=
Subject key identifier:   1F:09:B3:1F:70:D1:AD:70:A5:C1:C6:3C:7F:6C:15:00:E5:56:9E:57
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0195FC3F6DB1277F3F79297CB97C4EF39C08
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/HwmzH3DRrXClwcY8f2wVAOVWnlc.roa
Signing time:             Thu 03 Apr 2025 15:22:50 +0000
ROA not before:           Thu 03 Apr 2025 15:22:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63025
IP address blocks:        163.5.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fc:3f:6d:b1:27:7f:3f:79:29:7c:b9:7c:4e:f3:9c:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr  3 15:22:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f09b31f70d1ad70a5c1c63c7f6c1500e5569e57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:71:2e:35:e8:92:3d:ba:27:7d:11:c0:9a:89:
                    85:8e:07:94:5a:b0:3a:4f:09:d5:6d:58:44:ac:e3:
                    37:fe:7a:3d:17:1e:80:c6:a9:b2:2c:54:dd:2d:d0:
                    cc:01:39:3b:8d:2c:d7:a2:e2:72:d3:93:bf:ef:98:
                    e5:37:d9:fb:e7:e7:4a:c0:b7:ea:92:6e:f0:8d:d8:
                    6c:e5:cf:0b:03:07:53:eb:60:6c:ae:f8:1e:0b:c3:
                    83:53:5c:03:65:a2:61:24:f9:04:9c:f8:53:c2:07:
                    8a:dd:84:6e:74:20:57:6e:9a:b6:ca:11:2a:6f:0c:
                    a3:7b:ae:5b:af:d5:4a:fd:9d:8b:40:83:51:cc:8e:
                    9a:4f:85:da:ad:31:40:64:42:35:79:6a:5e:d9:0e:
                    bb:2e:5a:bf:bb:ff:5a:22:97:bc:0e:0a:dd:c4:d0:
                    62:f2:80:4b:9e:a2:44:bf:c3:56:63:77:71:07:b8:
                    06:53:de:9d:95:a9:32:c3:35:21:95:99:f4:d7:6e:
                    61:60:bd:52:77:39:c3:3b:73:0c:bb:26:4a:d8:63:
                    16:38:3e:04:ac:60:cf:f1:81:22:cd:75:2d:6a:05:
                    2a:cc:15:a2:9d:64:28:0b:d0:6d:7b:11:05:bd:e2:
                    ef:af:41:4e:dd:8d:64:51:dc:32:14:cd:d8:e4:a5:
                    75:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:09:B3:1F:70:D1:AD:70:A5:C1:C6:3C:7F:6C:15:00:E5:56:9E:57
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/HwmzH3DRrXClwcY8f2wVAOVWnlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:77:24:b7:9d:f4:df:54:40:5b:ff:86:bf:e5:75:50:03:90:
         aa:d6:01:5b:a8:58:5d:2f:8c:ea:80:12:85:ed:e3:80:1d:88:
         5a:fb:8a:fe:a4:1a:4e:8c:86:82:bc:2e:7c:d5:b9:98:e1:b9:
         86:9c:98:fe:1f:ac:2c:4b:85:77:2f:73:f5:4b:84:55:1f:da:
         1e:44:a7:ac:87:ee:ed:85:b3:25:37:30:2b:82:b3:47:66:90:
         ff:17:f2:36:92:44:40:63:0f:6d:e5:a3:a1:3e:8f:26:6b:c5:
         bd:96:1e:e0:6d:3c:b5:dd:d3:70:74:0d:e4:35:7b:96:2d:ea:
         c2:8f:7d:3a:ab:0e:6d:fc:f1:a7:b9:56:1e:33:e0:0a:98:89:
         9c:9b:b1:1d:03:ec:05:36:34:e6:b2:22:1d:58:c6:5f:7f:8b:
         dc:6b:75:58:01:2c:ff:07:db:d5:63:e4:ee:bb:35:aa:22:c0:
         c1:5a:80:74:40:ec:ac:d9:54:6b:e7:a7:ef:1d:10:80:87:d1:
         61:4e:95:d0:40:19:a2:39:b5:ba:70:07:30:01:b8:46:46:91:
         b4:61:86:9e:58:af:d4:7f:85:41:55:66:75:24:48:f2:9d:a5:
         fd:c2:62:d2:cd:5a:e4:77:e3:6d:3b:5e:8f:81:c6:15:2e:e3:
         b2:d1:f4:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX8P22xJ38/eSl8uXxO85wIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNDAzMTUyMjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjA5YjMxZjcwZDFhZDcwYTVjMWM2M2M3ZjZjMTUwMGU1NTY5ZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HEuNeiSPbonfRHAmomFjgeUWrA6
TwnVbVhErOM3/no9Fx6AxqmyLFTdLdDMATk7jSzXouJy05O/75jlN9n75+dKwLfq
km7wjdhs5c8LAwdT62BsrvgeC8ODU1wDZaJhJPkEnPhTwgeK3YRudCBXbpq2yhEq
bwyje65br9VK/Z2LQINRzI6aT4XarTFAZEI1eWpe2Q67Llq/u/9aIpe8DgrdxNBi
8oBLnqJEv8NWY3dxB7gGU96dlakywzUhlZn0125hYL1SdznDO3MMuyZK2GMWOD4E
rGDP8YEizXUtagUqzBWinWQoC9BtexEFveLvr0FO3Y1kUdwyFM3Y5KV1tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8Jsx9w0a1wpcHGPH9sFQDlVp5XMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSHdtekgzRFJyWENsd2NZOGYyd1ZBT1ZXbmxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXhMA0G
CSqGSIb3DQEBCwUAA4IBAQAJdyS3nfTfVEBb/4a/5XVQA5Cq1gFbqFhdL4zqgBKF
7eOAHYha+4r+pBpOjIaCvC581bmY4bmGnJj+H6wsS4V3L3P1S4RVH9oeRKesh+7t
hbMlNzArgrNHZpD/F/I2kkRAYw9t5aOhPo8ma8W9lh7gbTy13dNwdA3kNXuWLerC
j306qw5t/PGnuVYeM+AKmImcm7EdA+wFNjTmsiIdWMZff4vca3VYASz/B9vVY+Tu
uzWqIsDBWoB0QOys2VRr56fvHRCAh9FhTpXQQBmiObW6cAcwAbhGRpG0YYaeWK/U
f4VBVWZ1JEjynaX9wmLSzVrkd+NtO16PgcYVLuOy0fS+
-----END CERTIFICATE-----