Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IALy9xSMWdxgAxG7sDNDM_0xt5Q.roa
File:                     IALy9xSMWdxgAxG7sDNDM_0xt5Q.roa (raw, json)
Hash identifier:          gLBKVRRDHSLCF+lbMVQRNYZYz0yRh9nWj99JlUzlzPQ=
Subject key identifier:   20:02:F2:F7:14:8C:59:DC:60:03:11:BB:B0:33:43:33:FD:31:B7:94
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4255765517C125D4B84F11C65A6A99F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IALy9xSMWdxgAxG7sDNDM_0xt5Q.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54252
IP address blocks:        163.5.216.0/24 maxlen: 24
                          163.5.123.0/24 maxlen: 24
                          163.5.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:57:65:51:7c:12:5d:4b:84:f1:1c:65:a6:a9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2002f2f7148c59dc600311bbb0334333fd31b794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2c:e7:89:82:92:86:25:ce:9c:94:3e:34:04:
                    bc:b2:fb:eb:02:0b:94:3b:20:f4:f0:86:9a:6e:7c:
                    10:16:43:86:da:84:a5:b2:b4:bc:f7:26:87:97:e8:
                    b2:b7:c8:c8:b9:7d:62:ea:32:27:5c:91:ea:47:fe:
                    2c:2a:18:bc:6d:18:cf:57:0f:c4:ef:23:0e:ee:b1:
                    97:4b:ef:fa:6a:7d:20:21:b5:d3:8f:6b:6d:1a:ef:
                    66:e2:dd:17:e7:27:0e:f2:d7:b5:31:81:7e:d8:c2:
                    a1:01:37:e6:a0:78:1e:94:94:97:71:65:be:b0:26:
                    4a:35:f7:4e:54:a0:44:63:18:d1:0b:65:f3:f1:56:
                    fb:82:e5:c1:a3:7d:c6:8d:5d:2e:45:2c:de:2c:c1:
                    0c:c6:5f:ec:44:60:4c:02:6a:44:40:90:d3:84:8a:
                    59:97:35:14:5d:dd:05:b4:e0:f9:19:28:b4:84:76:
                    ab:13:10:0b:2b:3b:8c:ff:98:22:c0:47:24:a5:c9:
                    3c:aa:a0:03:f6:f4:65:07:64:68:e9:4b:6a:b5:50:
                    ec:ee:e9:46:28:f7:7c:08:4a:31:a4:47:18:0d:00:
                    9f:28:23:b2:fb:00:f8:ba:da:b5:16:d0:fd:65:b5:
                    8b:49:55:12:ee:86:a5:fc:e2:05:74:aa:f5:91:78:
                    69:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:02:F2:F7:14:8C:59:DC:60:03:11:BB:B0:33:43:33:FD:31:B7:94
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IALy9xSMWdxgAxG7sDNDM_0xt5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.30.0/24
                  163.5.123.0/24
                  163.5.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:e2:cb:0c:62:28:16:71:91:23:a5:a5:d6:be:61:fd:26:e6:
         9e:d0:29:55:d9:41:e8:81:07:48:d3:6c:82:9d:e1:2a:fb:a7:
         dd:c3:cc:9a:df:7b:25:75:0a:e9:50:73:48:15:b6:71:6f:95:
         d1:5a:e1:bc:71:3a:1e:6a:c0:a3:da:ba:60:fc:97:b0:99:df:
         aa:a2:11:e9:fb:e3:5e:cd:bc:73:6e:f3:9c:17:ed:8c:6c:20:
         54:68:5c:ab:42:76:16:90:ee:25:f0:5c:0f:5e:46:6c:fb:f0:
         4c:85:19:87:ac:de:46:6f:20:0f:6f:de:d7:b0:64:bc:8b:ce:
         24:f8:4d:95:0a:80:76:87:c6:6c:3c:cd:81:b3:fa:44:e6:72:
         ec:99:1b:9f:6f:05:d5:4d:6d:59:46:25:2e:f5:a5:01:be:3f:
         9f:bb:95:46:d0:fd:cd:a1:30:e6:b2:2a:a5:55:1f:2d:2d:bc:
         be:88:cf:d2:1c:b6:c6:7c:5a:5e:18:13:45:33:1c:06:ee:14:
         70:ff:b8:9b:8b:d0:c0:6b:ae:87:9a:aa:eb:07:62:e1:27:45:
         4b:d6:83:e7:a7:f6:09:7b:ad:28:0b:87:ea:b8:73:d8:85:20:
         f7:53:8e:ec:01:a8:8f:98:79:9f:a6:7b:1c:27:25:09:40:65:
         30:a0:8a:d8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEJVdlUXwSXUuE8RxlpqmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDAyZjJmNzE0OGM1OWRjNjAwMzExYmJiMDMzNDMzM2ZkMzFiNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyzniYKShiXOnJQ+NAS8svvrAguU
OyD08IaabnwQFkOG2oSlsrS89yaHl+iyt8jIuX1i6jInXJHqR/4sKhi8bRjPVw/E
7yMO7rGXS+/6an0gIbXTj2ttGu9m4t0X5ycO8te1MYF+2MKhATfmoHgelJSXcWW+
sCZKNfdOVKBEYxjRC2Xz8Vb7guXBo33GjV0uRSzeLMEMxl/sRGBMAmpEQJDThIpZ
lzUUXd0FtOD5GSi0hHarExALKzuM/5giwEckpck8qqAD9vRlB2Ro6UtqtVDs7ulG
KPd8CEoxpEcYDQCfKCOy+wD4utq1FtD9ZbWLSVUS7oal/OIFdKr1kXhpSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCAC8vcUjFncYAMRu7AzQzP9MbeUMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSUFMeTl4U01XZHhnQXhHN3NETkRNXzB4dDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowUeAwQA
owV7AwQAowXYMA0GCSqGSIb3DQEBCwUAA4IBAQBd4ssMYigWcZEjpaXWvmH9Juae
0ClV2UHogQdI02yCneEq+6fdw8ya33sldQrpUHNIFbZxb5XRWuG8cToeasCj2rpg
/Jewmd+qohHp++NezbxzbvOcF+2MbCBUaFyrQnYWkO4l8FwPXkZs+/BMhRmHrN5G
byAPb97XsGS8i84k+E2VCoB2h8ZsPM2Bs/pE5nLsmRufbwXVTW1ZRiUu9aUBvj+f
u5VG0P3NoTDmsiqlVR8tLby+iM/SHLbGfFpeGBNFMxwG7hRw/7ibi9DAa66Hmqrr
B2LhJ0VL1oPnp/YJe60oC4fquHPYhSD3U47sAaiPmHmfpnscJyUJQGUwoIrY
-----END CERTIFICATE-----