Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/NmbobJoBMxoLcUxEw1_w2NQLSAk.roa
File:                     NmbobJoBMxoLcUxEw1_w2NQLSAk.roa (raw, json)
Hash identifier:          SEm9RlLcrzgeX45Ij0Hr4acrLJ6e/EvxlCfhgnktm5c=
Subject key identifier:   36:66:E8:6C:9A:01:33:1A:0B:71:4C:44:C3:5F:F0:D8:D4:0B:48:09
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A525985ADB414FF1977E3E5CE71DC
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/NmbobJoBMxoLcUxEw1_w2NQLSAk.roa
Signing time:             Wed 01 Jan 2025 19:49:17 +0000
ROA not before:           Wed 01 Jan 2025 19:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400039
IP address blocks:        163.5.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:52:59:85:ad:b4:14:ff:19:77:e3:e5:ce:71:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3666e86c9a01331a0b714c44c35ff0d8d40b4809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8b:86:e7:ef:33:2f:9c:2e:4f:32:9d:d4:21:
                    5f:ed:ec:ad:a7:fb:e6:51:8b:b4:3b:46:8a:8a:b8:
                    8c:75:6f:b2:cd:f7:29:e1:b4:e8:b5:b3:ce:3b:e5:
                    46:23:e2:79:de:c6:87:ec:36:8c:ed:1d:63:d9:19:
                    eb:87:4d:d5:46:8f:0c:27:37:1e:18:e7:5f:04:a0:
                    11:01:04:4b:e3:4c:42:10:f4:42:8b:3b:ab:c4:77:
                    2f:c1:53:c6:c5:5b:e2:d9:54:4f:95:02:b2:bf:b2:
                    ce:ce:c9:07:3e:30:c2:9a:17:5d:ff:df:f1:36:54:
                    3c:78:58:1d:34:f1:70:44:66:20:fa:be:29:86:44:
                    a5:48:64:42:c9:3f:d0:39:5c:0b:64:ed:10:15:ea:
                    79:ee:cd:d8:d8:e4:56:2b:c8:a7:14:ec:60:32:e1:
                    71:5b:3b:e8:4f:ff:57:16:3a:cd:f3:6a:dc:4d:4f:
                    31:57:54:75:b8:19:b7:bf:52:72:9c:ac:66:81:c3:
                    9a:d1:7d:c4:9b:4f:cd:b0:1a:ef:86:04:c6:ed:a1:
                    6f:e4:f8:70:57:91:0c:a9:0c:df:91:d9:e9:e7:06:
                    0e:6d:ef:f5:2a:62:87:f5:62:fb:8f:c6:bf:f6:f8:
                    3d:df:58:98:d3:38:ef:90:e8:14:2f:95:48:ad:d0:
                    39:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:66:E8:6C:9A:01:33:1A:0B:71:4C:44:C3:5F:F0:D8:D4:0B:48:09
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/NmbobJoBMxoLcUxEw1_w2NQLSAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:37:6b:75:3b:f6:cc:14:3e:46:3f:90:23:bf:fd:fa:4b:6e:
         66:77:b1:60:34:24:a4:dd:ff:d3:ae:57:83:9f:34:51:9b:25:
         58:37:66:be:ac:02:65:b1:15:11:0b:24:2a:bc:79:3f:52:ac:
         4b:82:f1:d6:77:35:b0:ff:52:98:e3:04:44:06:23:35:5e:97:
         1d:1f:5f:6d:ce:21:25:64:e8:c8:42:df:3c:e9:be:08:0a:de:
         0b:f3:1f:5f:ce:3b:46:4e:07:8c:b6:ed:0b:15:ba:9d:6c:59:
         ab:09:c9:82:86:1e:78:02:ef:b7:e5:10:77:3d:d1:dd:a0:28:
         3f:32:96:43:b2:c0:db:4f:5c:3e:79:84:19:9b:3d:21:50:90:
         2f:57:2b:0b:f6:c4:43:e7:6c:d6:70:77:69:da:5f:0a:7a:01:
         fb:fb:99:96:08:da:94:b1:4a:91:8a:46:38:b7:d8:90:3b:d8:
         91:3d:6a:91:3f:91:c5:b8:f1:e9:a5:5c:86:c9:b3:08:75:68:
         c2:39:e0:4f:65:ac:3e:02:2c:ee:a2:6e:97:f9:6a:e9:ed:2a:
         0d:21:95:10:fe:f4:e7:f3:54:9d:a1:0a:59:c0:66:d8:7f:dd:
         72:b4:07:88:3e:2c:c5:60:37:b1:47:61:cf:6e:98:ed:30:7c:
         cd:1c:94:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjalJZha20FP8Zd+PlznHcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjY2ZTg2YzlhMDEzMzFhMGI3MTRjNDRjMzVmZjBkOGQ0MGI0ODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIuG5+8zL5wuTzKd1CFf7eytp/vm
UYu0O0aKiriMdW+yzfcp4bTotbPOO+VGI+J53saH7DaM7R1j2Rnrh03VRo8MJzce
GOdfBKARAQRL40xCEPRCizurxHcvwVPGxVvi2VRPlQKyv7LOzskHPjDCmhdd/9/x
NlQ8eFgdNPFwRGYg+r4phkSlSGRCyT/QOVwLZO0QFep57s3Y2ORWK8inFOxgMuFx
WzvoT/9XFjrN82rcTU8xV1R1uBm3v1JynKxmgcOa0X3Em0/NsBrvhgTG7aFv5Phw
V5EMqQzfkdnp5wYObe/1KmKH9WL7j8a/9vg931iY0zjvkOgUL5VIrdA5sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZm6GyaATMaC3FMRMNf8NjUC0gJMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTm1ib2JKb0JNeG9MY1V4RXcxX3cyTlFMU0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWnMA0G
CSqGSIb3DQEBCwUAA4IBAQA2N2t1O/bMFD5GP5Ajv/36S25md7FgNCSk3f/TrleD
nzRRmyVYN2a+rAJlsRURCyQqvHk/UqxLgvHWdzWw/1KY4wREBiM1XpcdH19tziEl
ZOjIQt886b4ICt4L8x9fzjtGTgeMtu0LFbqdbFmrCcmChh54Au+35RB3PdHdoCg/
MpZDssDbT1w+eYQZmz0hUJAvVysL9sRD52zWcHdp2l8KegH7+5mWCNqUsUqRikY4
t9iQO9iRPWqRP5HFuPHppVyGybMIdWjCOeBPZaw+Aizuom6X+Wrp7SoNIZUQ/vTn
81SdoQpZwGbYf91ytAeIPizFYDexR2HPbpjtMHzNHJQU
-----END CERTIFICATE-----