Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IyVf8K7mCMNG498wv2Xu35OKqwU.roa
File:                     IyVf8K7mCMNG498wv2Xu35OKqwU.roa (raw, json)
Hash identifier:          +VMbqIoQRkqodRNpIEogMziZNuBONz0EI56ZLgsiw30=
Subject key identifier:   23:25:5F:F0:AE:E6:08:C3:46:E3:DF:30:BF:65:EE:DF:93:8A:AB:05
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01971C00AB7EBA94B00D918481E94E3E179F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IyVf8K7mCMNG498wv2Xu35OKqwU.roa
Signing time:             Thu 29 May 2025 12:24:54 +0000
ROA not before:           Thu 29 May 2025 12:24:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62610
IP address blocks:        163.5.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:00:ab:7e:ba:94:b0:0d:91:84:81:e9:4e:3e:17:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 29 12:24:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23255ff0aee608c346e3df30bf65eedf938aab05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:23:24:cc:a3:40:40:4f:ab:e1:bc:50:60:48:
                    0b:f1:b7:a2:95:0b:94:c8:b7:3b:7c:bf:4e:6c:3e:
                    0b:cf:54:7f:4e:16:0c:c4:5d:d3:11:b1:22:68:e9:
                    8e:3d:20:39:67:b2:e6:ce:1a:72:e0:d5:f8:81:64:
                    f3:09:6e:71:f9:2f:4b:95:c4:9e:52:42:a9:31:64:
                    49:0e:7e:32:25:ee:70:ef:82:8c:8c:bd:df:81:3f:
                    1a:41:64:c9:27:e8:a8:d8:1e:d1:3f:c9:3b:80:50:
                    70:d8:a1:3f:34:76:38:6f:5c:5c:44:01:dc:c3:21:
                    79:20:80:f8:bf:e5:31:13:0e:c3:34:60:33:be:0c:
                    4d:a1:e1:a9:5c:dc:95:08:81:c0:00:05:7a:c6:76:
                    99:01:05:e0:b9:3b:99:34:ca:fa:ab:10:a8:c3:9c:
                    1b:fe:e3:48:ab:3f:b9:ad:3d:67:eb:04:25:40:09:
                    d5:93:0a:8d:03:80:6b:96:ce:b0:4a:5e:35:bb:59:
                    96:41:c8:02:c5:79:98:7e:e3:78:6a:c3:f3:a5:91:
                    84:6f:ca:31:9f:5e:8d:93:a7:a1:06:16:be:1a:10:
                    58:a4:0b:f6:37:bf:fa:1c:57:53:73:22:92:d6:05:
                    d4:f2:40:db:be:32:d5:25:b7:22:88:48:01:54:3f:
                    84:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:25:5F:F0:AE:E6:08:C3:46:E3:DF:30:BF:65:EE:DF:93:8A:AB:05
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IyVf8K7mCMNG498wv2Xu35OKqwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:70:33:0c:29:d6:49:e9:c0:e6:5d:a3:99:f0:d4:77:4c:a3:
         a7:dd:6b:75:6e:2e:61:15:0e:76:dd:79:22:fd:84:76:63:3c:
         76:8e:68:4d:24:63:ee:c6:0f:19:de:a7:32:7d:39:25:1a:81:
         53:68:3e:08:8f:4e:1f:34:ff:af:ac:44:9d:c8:3f:f3:4a:7f:
         0f:a3:d1:a7:d8:27:11:69:42:f8:56:6a:34:6e:e2:7d:3e:16:
         5a:2f:b7:c6:9c:26:a7:9f:89:d9:b4:ce:6e:8c:34:25:32:44:
         9e:17:a0:21:43:05:87:0a:a7:c0:57:28:d1:3c:9d:ae:8d:f2:
         73:a2:39:e8:ba:e6:a6:3e:42:a5:d6:98:54:6e:f4:29:23:d2:
         db:ba:cc:54:4b:6c:7a:65:24:dd:da:4c:f0:29:31:16:53:b3:
         f6:0e:cf:0b:20:17:fa:fc:db:1a:58:c5:e4:cf:cd:3e:38:fb:
         dc:ea:cf:d6:c2:9f:6f:77:5c:c2:67:87:7a:0c:27:96:9f:71:
         35:3f:12:03:c4:43:80:d9:a9:72:40:1b:4f:ef:c6:f9:12:18:
         3b:bd:35:de:4d:2f:d1:12:be:4a:ec:15:da:37:76:a5:37:4f:
         13:49:6b:60:a7:61:50:9f:ea:6b:d2:5e:70:29:63:23:25:11:
         3e:41:a8:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZccAKt+upSwDZGEgelOPhefMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNTI5MTIyNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzI1NWZmMGFlZTYwOGMzNDZlM2RmMzBiZjY1ZWVkZjkzOGFhYjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4iMkzKNAQE+r4bxQYEgL8beilQuU
yLc7fL9ObD4Lz1R/ThYMxF3TEbEiaOmOPSA5Z7Lmzhpy4NX4gWTzCW5x+S9LlcSe
UkKpMWRJDn4yJe5w74KMjL3fgT8aQWTJJ+io2B7RP8k7gFBw2KE/NHY4b1xcRAHc
wyF5IID4v+UxEw7DNGAzvgxNoeGpXNyVCIHAAAV6xnaZAQXguTuZNMr6qxCow5wb
/uNIqz+5rT1n6wQlQAnVkwqNA4Brls6wSl41u1mWQcgCxXmYfuN4asPzpZGEb8ox
n16Nk6ehBha+GhBYpAv2N7/6HFdTcyKS1gXU8kDbvjLVJbciiEgBVD+EqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMlX/Cu5gjDRuPfML9l7t+TiqsFMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSXlWZjhLN21DTU5HNDk4d3YyWHUzNU9LcXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXtMA0G
CSqGSIb3DQEBCwUAA4IBAQAycDMMKdZJ6cDmXaOZ8NR3TKOn3Wt1bi5hFQ523Xki
/YR2Yzx2jmhNJGPuxg8Z3qcyfTklGoFTaD4Ij04fNP+vrESdyD/zSn8Po9Gn2CcR
aUL4Vmo0buJ9PhZaL7fGnCann4nZtM5ujDQlMkSeF6AhQwWHCqfAVyjRPJ2ujfJz
ojnouuamPkKl1phUbvQpI9LbusxUS2x6ZSTd2kzwKTEWU7P2Ds8LIBf6/NsaWMXk
z80+OPvc6s/Wwp9vd1zCZ4d6DCeWn3E1PxIDxEOA2alyQBtP78b5Ehg7vTXeTS/R
Er5K7BXaN3alN08TSWtgp2FQn+pr0l5wKWMjJRE+Qajz
-----END CERTIFICATE-----