Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/O9xa0htg3SIboiDzGh5U09cfZ_U.roa
File:                     O9xa0htg3SIboiDzGh5U09cfZ_U.roa (raw, json)
Hash identifier:          BkyL6dvCP3SR/6NBTBdbAkEPsDveH7N/UGEa6j2fgrY=
Subject key identifier:   3B:DC:5A:D2:1B:60:DD:22:1B:A2:20:F3:1A:1E:54:D3:D7:1F:67:F5
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194C336A89A14386F5A17B5AF0741FF3223
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/O9xa0htg3SIboiDzGh5U09cfZ_U.roa
Signing time:             Sat 01 Feb 2025 20:32:06 +0000
ROA not before:           Sat 01 Feb 2025 20:32:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        163.5.72.0/24 maxlen: 24
                          163.5.77.0/24 maxlen: 24
                          163.5.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c3:36:a8:9a:14:38:6f:5a:17:b5:af:07:41:ff:32:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb  1 20:32:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bdc5ad21b60dd221ba220f31a1e54d3d71f67f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d7:8d:d2:76:95:38:15:33:6c:9f:47:aa:84:
                    d5:e9:08:d6:06:6c:0d:95:93:7e:6e:8a:dc:b5:cd:
                    7e:2f:e9:ca:71:85:b0:20:8a:be:ae:ca:65:6e:82:
                    cb:29:85:34:f0:cd:27:b6:4c:14:58:34:b4:d8:f7:
                    ed:33:92:e3:ed:93:69:86:45:94:ce:52:cb:f3:d7:
                    20:db:f1:1b:8d:e9:35:ed:3d:04:bf:c3:cf:bd:d4:
                    a6:ba:30:1f:ab:bc:a7:33:db:1a:c9:64:70:af:3f:
                    13:8a:d9:bc:71:f9:5d:eb:a9:27:9d:92:bf:b0:a8:
                    d3:d1:16:31:41:d2:07:48:5d:1a:07:b7:72:27:88:
                    26:0a:f0:90:cf:49:31:49:e6:c9:76:d3:0c:f0:cc:
                    5b:e4:e5:ae:15:8c:f2:61:c5:67:14:f5:6e:fb:23:
                    c6:2c:eb:06:89:9b:79:50:d7:e4:2a:a9:53:70:01:
                    6e:0f:2b:3c:77:a4:3c:38:0b:34:89:93:fe:86:e2:
                    ea:e2:69:90:ec:4c:4f:ac:83:d0:0c:8d:95:56:25:
                    41:82:b6:d8:d6:5e:db:b5:26:2d:8e:77:3d:07:54:
                    45:33:de:2c:34:89:7e:be:c5:ec:6b:42:f7:91:90:
                    bc:ee:76:c0:cc:95:9e:71:d8:fa:60:af:54:ff:e9:
                    20:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:DC:5A:D2:1B:60:DD:22:1B:A2:20:F3:1A:1E:54:D3:D7:1F:67:F5
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/O9xa0htg3SIboiDzGh5U09cfZ_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.72.0/24
                  163.5.77.0/24
                  163.5.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:22:90:69:38:99:37:e8:47:a8:73:b6:59:16:b8:cf:20:d0:
         47:00:a0:67:cb:25:4f:c2:8f:99:32:c5:d8:91:66:e4:9f:41:
         44:6f:10:0d:7a:e2:80:86:cd:4e:36:23:4c:c5:ad:b9:a8:c5:
         0c:5f:ae:42:1f:cd:53:cb:4e:b2:c4:1c:4c:01:83:a5:d5:a1:
         5a:bb:8d:2b:44:5d:86:73:a3:96:c0:f3:be:96:d7:16:0f:8e:
         b3:08:a4:3b:dc:2c:21:18:63:4e:a4:2b:4a:70:63:6b:c1:20:
         97:d7:7d:43:4a:16:b6:8a:36:64:de:83:47:48:d2:8e:61:99:
         2b:32:6c:87:3a:8b:9a:84:53:12:57:01:a3:9b:ec:69:d0:08:
         94:e3:d0:96:10:18:2f:16:81:7a:b1:82:26:39:6d:b5:3d:cb:
         a8:c8:06:09:cb:95:36:63:4f:3a:56:b1:d4:99:c1:bc:69:53:
         5a:b3:aa:f0:3f:9d:ce:c3:89:1b:a8:59:fc:b4:f9:11:63:f9:
         bb:cf:47:5d:7f:43:23:d0:e4:ba:24:8d:85:f1:1f:df:c3:93:
         29:da:8e:97:3b:40:9a:40:53:f7:d4:10:55:a4:3b:9b:de:ec:
         69:56:13:92:5e:54:ef:47:21:91:d8:45:f2:07:de:04:1c:d4:
         a3:1d:5f:dd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZTDNqiaFDhvWhe1rwdB/zIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMjAxMjAzMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmRjNWFkMjFiNjBkZDIyMWJhMjIwZjMxYTFlNTRkM2Q3MWY2N2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09eN0naVOBUzbJ9HqoTV6QjWBmwN
lZN+borctc1+L+nKcYWwIIq+rsplboLLKYU08M0ntkwUWDS02PftM5Lj7ZNphkWU
zlLL89cg2/Ebjek17T0Ev8PPvdSmujAfq7ynM9sayWRwrz8Titm8cfld66knnZK/
sKjT0RYxQdIHSF0aB7dyJ4gmCvCQz0kxSebJdtMM8Mxb5OWuFYzyYcVnFPVu+yPG
LOsGiZt5UNfkKqlTcAFuDys8d6Q8OAs0iZP+huLq4mmQ7ExPrIPQDI2VViVBgrbY
1l7btSYtjnc9B1RFM94sNIl+vsXsa0L3kZC87nbAzJWecdj6YK9U/+kgPQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDvcWtIbYN0iG6Ig8xoeVNPXH2f1MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTzl4YTBodGczU0lib2lEekdoNVUwOWNmWl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowVIAwQA
owVNAwQAowWjMA0GCSqGSIb3DQEBCwUAA4IBAQBSIpBpOJk36Eeoc7ZZFrjPINBH
AKBnyyVPwo+ZMsXYkWbkn0FEbxANeuKAhs1ONiNMxa25qMUMX65CH81Ty06yxBxM
AYOl1aFau40rRF2Gc6OWwPO+ltcWD46zCKQ73CwhGGNOpCtKcGNrwSCX131DSha2
ijZk3oNHSNKOYZkrMmyHOouahFMSVwGjm+xp0AiU49CWEBgvFoF6sYImOW21Pcuo
yAYJy5U2Y086VrHUmcG8aVNas6rwP53Ow4kbqFn8tPkRY/m7z0ddf0Mj0OS6JI2F
8R/fw5Mp2o6XO0CaQFP31BBVpDub3uxpVhOSXlTvRyGR2EXyB94EHNSjHV/d
-----END CERTIFICATE-----