Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Hyfr-WbRcI_bunpXA6y64ejmx1M.roa
File:                     Hyfr-WbRcI_bunpXA6y64ejmx1M.roa (raw, json)
Hash identifier:          H3HjZRWbir/oCFKlEFSAofcu6X1JKWxlHdeqIBrlFoc=
Subject key identifier:   1F:27:EB:F9:66:D1:70:8F:DB:BA:7A:57:03:AC:BA:E1:E8:E6:C7:53
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A374678602F35E5895FA0DAED2F2F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Hyfr-WbRcI_bunpXA6y64ejmx1M.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     132825
IP address blocks:        163.5.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:37:46:78:60:2f:35:e5:89:5f:a0:da:ed:2f:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f27ebf966d1708fdbba7a5703acbae1e8e6c753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:c3:d4:8b:77:1f:a6:6a:c4:6a:1e:88:bd:e2:
                    18:5e:1f:09:ca:f7:7b:ba:2f:7e:f2:5d:1a:f3:13:
                    e7:f5:f2:52:4e:b0:a5:a2:c1:ba:62:bd:0e:85:88:
                    65:03:70:41:78:92:dc:d6:6b:8b:c1:e1:6c:a9:e9:
                    1e:46:60:9b:81:fc:d6:e4:f6:82:f6:2e:e4:b4:c5:
                    86:4a:ff:6a:7a:34:f9:48:8f:57:2c:2b:58:40:63:
                    e9:c1:04:5f:22:46:a0:9a:94:a9:8c:0c:82:79:ff:
                    be:03:9b:06:b7:42:26:6d:4c:4d:47:dc:1e:d9:94:
                    e8:f0:7a:07:ac:dd:07:b6:be:5d:66:f4:e5:4c:4c:
                    da:bf:05:fe:c4:0e:00:e2:60:ca:a6:ee:77:7f:1f:
                    88:9c:ca:65:dd:0d:53:3d:17:04:c8:dc:b8:94:a9:
                    ea:d7:84:36:4f:ab:6a:1c:24:5d:74:f1:0f:43:fa:
                    7e:30:d7:cf:1f:2e:49:d9:de:8a:87:e9:66:bb:81:
                    1f:c6:ca:26:da:18:7a:ed:f1:c4:ed:a1:cc:d6:4b:
                    2b:5e:22:c5:46:89:9f:79:6c:42:34:a6:96:06:f8:
                    cb:69:95:38:18:32:8a:92:24:5a:0c:c9:00:bc:60:
                    14:dd:01:83:1c:a5:a1:20:0b:8f:fe:ad:7f:db:4a:
                    f7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:27:EB:F9:66:D1:70:8F:DB:BA:7A:57:03:AC:BA:E1:E8:E6:C7:53
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Hyfr-WbRcI_bunpXA6y64ejmx1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:14:ae:af:67:ee:af:f3:3d:8d:70:79:b1:ea:d1:94:08:35:
         a0:c1:e7:65:ba:d5:a7:a6:cc:6c:13:71:64:13:8f:ec:88:81:
         e1:df:82:f8:f2:55:94:31:c7:3d:9e:6b:5a:1d:dc:08:88:74:
         e3:97:93:10:02:02:c0:1e:58:af:dd:30:06:b8:8e:29:38:b3:
         9e:1b:50:f1:2e:a6:5a:02:c5:9a:b1:da:9e:29:89:a3:6f:f1:
         7e:ec:3c:88:68:8e:3d:a3:1d:43:98:6b:45:f3:c1:12:27:46:
         27:85:69:71:06:61:71:4e:2c:96:12:e4:cc:be:83:7b:e3:4c:
         f0:55:c1:0c:4f:42:ed:d1:3e:02:3d:f7:91:92:4a:15:af:c8:
         54:08:cf:97:31:00:bc:ed:a8:39:88:50:c8:79:5b:82:4c:ce:
         91:6b:d7:69:b5:ab:9c:30:6c:d5:1f:81:5a:4a:37:36:39:d0:
         94:d8:59:ba:32:73:3f:88:28:67:df:5d:78:e8:85:b2:b8:46:
         66:b4:91:ee:d2:35:18:bb:08:a4:a2:f0:e0:fd:3d:2e:69:d3:
         37:f2:50:11:63:a8:4f:bd:ee:e5:79:fa:69:7d:e3:6a:5b:5c:
         51:97:8f:af:10:dc:27:ad:a2:31:e9:cb:28:9b:16:79:fa:c1:
         33:8c:59:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajdGeGAvNeWJX6Da7S8vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjI3ZWJmOTY2ZDE3MDhmZGJiYTdhNTcwM2FjYmFlMWU4ZTZjNzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cPUi3cfpmrEah6IveIYXh8Jyvd7
ui9+8l0a8xPn9fJSTrClosG6Yr0OhYhlA3BBeJLc1muLweFsqekeRmCbgfzW5PaC
9i7ktMWGSv9qejT5SI9XLCtYQGPpwQRfIkagmpSpjAyCef++A5sGt0ImbUxNR9we
2ZTo8HoHrN0Htr5dZvTlTEzavwX+xA4A4mDKpu53fx+InMpl3Q1TPRcEyNy4lKnq
14Q2T6tqHCRddPEPQ/p+MNfPHy5J2d6Kh+lmu4Efxsom2hh67fHE7aHM1ksrXiLF
RomfeWxCNKaWBvjLaZU4GDKKkiRaDMkAvGAU3QGDHKWhIAuP/q1/20r38wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8n6/lm0XCP27p6VwOsuuHo5sdTMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSHlmci1XYlJjSV9idW5wWEE2eTY0ZWpteDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVGMA0G
CSqGSIb3DQEBCwUAA4IBAQAXFK6vZ+6v8z2NcHmx6tGUCDWgwedlutWnpsxsE3Fk
E4/siIHh34L48lWUMcc9nmtaHdwIiHTjl5MQAgLAHliv3TAGuI4pOLOeG1DxLqZa
AsWasdqeKYmjb/F+7DyIaI49ox1DmGtF88ESJ0YnhWlxBmFxTiyWEuTMvoN740zw
VcEMT0Lt0T4CPfeRkkoVr8hUCM+XMQC87ag5iFDIeVuCTM6Ra9dptaucMGzVH4Fa
Sjc2OdCU2Fm6MnM/iChn31146IWyuEZmtJHu0jUYuwikovDg/T0uadM38lARY6hP
ve7lefppfeNqW1xRl4+vENwnraIx6csomxZ5+sEzjFkX
-----END CERTIFICATE-----