Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/JkuG9pyfbM2Axb9RxzJrE_G_Mwo.roa
File:                     JkuG9pyfbM2Axb9RxzJrE_G_Mwo.roa (raw, json)
Hash identifier:          wSYfhfJNLjH8FEUm6OJ9PI1d0kUirCHbKyNoQDoi/9Y=
Subject key identifier:   26:4B:86:F6:9C:9F:6C:CD:80:C5:BF:51:C7:32:6B:13:F1:BF:33:0A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4256C93CB1F4BACA1FD4E803D14CD78
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/JkuG9pyfbM2Axb9RxzJrE_G_Mwo.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395517
IP address blocks:        163.5.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6c:93:cb:1f:4b:ac:a1:fd:4e:80:3d:14:cd:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=264b86f69c9f6ccd80c5bf51c7326b13f1bf330a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:cc:d5:43:d3:8b:70:80:bf:92:f7:6e:41:80:
                    80:3e:74:b3:fe:56:9a:31:cc:ba:81:66:c6:f1:c7:
                    63:eb:75:42:79:ef:f5:38:db:03:86:06:2d:5f:42:
                    e6:af:c3:b4:70:66:88:5f:30:f4:f2:c6:da:83:0a:
                    15:0e:5f:4b:e9:da:0e:2f:50:ab:ba:a7:5c:fe:6b:
                    c8:0d:7e:33:a3:7e:db:e5:07:3d:b6:22:f1:f7:6e:
                    41:61:f5:59:5f:8e:f5:f2:c7:bd:a9:9f:d0:c7:eb:
                    7a:bb:1e:03:94:d9:3d:97:6a:de:f7:50:af:17:57:
                    3d:92:e9:bd:20:0f:e7:72:ab:65:84:f0:cc:a7:4f:
                    6f:10:0b:79:b9:72:12:dd:66:98:dc:8a:ec:e8:85:
                    bc:f9:13:1f:43:27:b5:b7:79:a5:43:81:7a:5c:b0:
                    4c:40:6f:c8:90:d1:2f:06:47:bb:a0:c8:40:58:fd:
                    dc:b0:fd:1f:2a:d2:28:0b:c9:81:61:f1:a9:89:dd:
                    bd:56:d1:13:65:08:41:da:23:e4:48:36:69:27:e3:
                    1c:b1:4d:67:16:7e:0b:24:82:e7:80:b3:1a:a1:78:
                    30:42:46:70:a1:09:6c:c6:81:9d:0a:b2:78:07:92:
                    fa:4e:44:51:28:c1:bd:e6:7f:79:06:7b:e4:38:e3:
                    99:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:4B:86:F6:9C:9F:6C:CD:80:C5:BF:51:C7:32:6B:13:F1:BF:33:0A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/JkuG9pyfbM2Axb9RxzJrE_G_Mwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:53:dd:53:55:e3:54:88:9a:95:e2:24:3c:09:ae:50:7f:72:
         32:e2:eb:ec:c5:25:50:cc:3d:21:b5:90:51:80:ac:67:ba:41:
         b7:90:cd:c0:11:62:42:e9:39:47:bd:8f:b1:80:a8:da:eb:7a:
         a5:54:f8:cc:b4:4d:ea:be:cf:e5:59:fd:04:c6:01:27:ad:4c:
         d2:83:35:6c:78:fe:99:0e:37:60:11:b5:8b:68:92:ea:07:c6:
         81:c0:5b:d1:85:f5:f3:4f:8c:fe:01:c9:8f:1c:c8:f4:60:84:
         61:ba:2e:f1:7f:ce:72:19:6c:2b:6e:a7:0c:fa:69:b8:f9:ba:
         ed:ed:ff:35:0e:48:44:61:96:a2:bb:b9:0f:0c:7e:ac:6e:a0:
         d4:ee:87:42:44:2b:fc:c6:44:c7:71:b5:dd:f5:c9:97:b7:f6:
         f7:73:3e:3a:85:a9:6b:73:0e:af:73:cf:ef:9a:42:3e:40:36:
         ad:04:d7:1c:a1:e3:61:43:c8:d3:e4:eb:24:47:a0:9a:42:4c:
         78:60:65:ed:ee:54:28:c9:be:ec:9e:57:a5:f9:f7:77:3c:e4:
         c5:dd:d7:46:05:a6:dc:ee:cb:f0:04:36:ba:68:7f:37:59:13:
         69:8a:54:a2:ca:41:0c:35:61:0d:89:7e:23:b4:4c:92:f9:20:
         c5:96:e5:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWyTyx9LrKH9ToA9FM14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjRiODZmNjljOWY2Y2NkODBjNWJmNTFjNzMyNmIxM2YxYmYzMzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MzVQ9OLcIC/kvduQYCAPnSz/laa
Mcy6gWbG8cdj63VCee/1ONsDhgYtX0Lmr8O0cGaIXzD08sbagwoVDl9L6doOL1Cr
uqdc/mvIDX4zo37b5Qc9tiLx925BYfVZX4718se9qZ/Qx+t6ux4DlNk9l2re91Cv
F1c9kum9IA/ncqtlhPDMp09vEAt5uXIS3WaY3Irs6IW8+RMfQye1t3mlQ4F6XLBM
QG/IkNEvBke7oMhAWP3csP0fKtIoC8mBYfGpid29VtETZQhB2iPkSDZpJ+McsU1n
Fn4LJILngLMaoXgwQkZwoQlsxoGdCrJ4B5L6TkRRKMG95n95BnvkOOOZWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZLhvacn2zNgMW/UccyaxPxvzMKMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSmt1RzlweWZiTTJBeGI5Unh6SnJFX0dfTXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXGMA0G
CSqGSIb3DQEBCwUAA4IBAQBWU91TVeNUiJqV4iQ8Ca5Qf3Iy4uvsxSVQzD0htZBR
gKxnukG3kM3AEWJC6TlHvY+xgKja63qlVPjMtE3qvs/lWf0ExgEnrUzSgzVseP6Z
DjdgEbWLaJLqB8aBwFvRhfXzT4z+AcmPHMj0YIRhui7xf85yGWwrbqcM+mm4+brt
7f81DkhEYZaiu7kPDH6sbqDU7odCRCv8xkTHcbXd9cmXt/b3cz46halrcw6vc8/v
mkI+QDatBNccoeNhQ8jT5OskR6CaQkx4YGXt7lQoyb7snlel+fd3POTF3ddGBabc
7svwBDa6aH83WRNpilSiykEMNWENiX4jtEyS+SDFluX1
-----END CERTIFICATE-----