Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OX81yIvDZV94CtXeIzp60mSrT0k.roa
File:                     OX81yIvDZV94CtXeIzp60mSrT0k.roa (raw, json)
Hash identifier:          1CgLL8lpKeScmjpGGQef/jB9NcMgu/+Qe0i2IxwVoqk=
Subject key identifier:   39:7F:35:C8:8B:C3:65:5F:78:0A:D5:DE:23:3A:7A:D2:64:AB:4F:49
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC425666CEDA9648405A08C1B4446DD5B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OX81yIvDZV94CtXeIzp60mSrT0k.roa
Signing time:             Mon 01 Jan 2024 08:30:34 +0000
ROA not before:           Mon 01 Jan 2024 08:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209181
IP address blocks:        163.5.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 17:59:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:66:6c:ed:a9:64:84:05:a0:8c:1b:44:46:dd:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=397f35c88bc3655f780ad5de233a7ad264ab4f49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a6:ee:4a:5a:ec:f8:36:54:71:f3:c5:a6:cb:
                    3e:ae:b4:f6:22:00:73:b3:1d:7c:2b:a5:b3:64:91:
                    c5:0c:8c:60:97:6a:d9:13:d6:f4:ac:92:cf:67:75:
                    89:5b:13:50:87:d4:c2:94:2a:b7:eb:1c:73:ef:fe:
                    ac:26:38:ac:78:f4:9b:48:f0:23:bd:c8:86:59:d4:
                    48:f9:1a:bf:4e:0a:78:b6:bf:c8:8b:54:60:a1:8f:
                    93:3b:ce:d4:2e:13:45:d1:38:a4:5a:6d:61:5b:ea:
                    56:19:6e:a1:d6:de:d1:3f:00:83:f3:73:a0:9e:41:
                    c5:1f:22:42:14:bd:d1:a1:25:b0:4c:2f:4b:ad:3c:
                    6d:ff:33:bf:7b:38:e0:19:23:31:56:86:c0:8d:ba:
                    68:00:c2:6c:75:42:ba:16:f2:0e:da:77:e7:50:c5:
                    2f:ef:d2:46:0d:76:d9:cf:1f:2a:c8:87:0c:07:81:
                    f5:44:27:83:91:2a:3f:50:6c:89:3d:20:fd:dd:ab:
                    40:f2:0b:8c:57:3b:39:a3:7b:24:44:75:b5:fe:cc:
                    77:e4:a9:13:e8:eb:d7:90:44:5e:1a:47:90:20:f7:
                    47:67:7d:44:26:63:57:0f:99:85:1c:3b:5d:7c:e3:
                    5d:63:ab:68:16:ac:ce:62:6a:4b:59:36:2f:3b:78:
                    6b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:7F:35:C8:8B:C3:65:5F:78:0A:D5:DE:23:3A:7A:D2:64:AB:4F:49
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OX81yIvDZV94CtXeIzp60mSrT0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:5f:65:63:10:a2:03:d3:8c:b1:26:e6:24:8a:64:93:fe:fe:
         0d:17:5e:c2:b2:8d:5f:a4:e0:10:f2:51:32:2e:26:e9:0c:81:
         8b:ee:ab:24:34:36:7f:7b:18:65:8e:36:e3:16:1a:6a:a4:82:
         4b:a8:65:80:fb:95:5d:bd:75:e3:9a:bc:9e:7a:d3:49:c3:1b:
         87:0e:fb:1a:a5:1e:48:a1:49:d4:e9:0d:f3:04:2f:1a:cf:73:
         3f:5e:8b:d9:a2:42:78:f2:80:7c:8e:ed:3c:08:6c:44:dc:6e:
         30:b0:ea:7d:8e:51:07:e1:3d:4e:0e:70:ce:5f:ba:a3:39:6b:
         9b:ef:67:be:00:df:ed:2c:f1:6f:04:03:a8:b3:be:98:b6:41:
         4a:48:26:6f:df:69:13:d3:24:9e:06:b2:3a:c3:89:69:88:71:
         35:68:04:ae:e0:af:67:b4:c4:a6:69:b0:8d:e6:16:fd:44:ca:
         df:18:b6:28:c0:4f:08:eb:d5:18:a1:25:0b:3b:6c:3d:53:65:
         4c:55:79:04:81:a4:f4:ba:e0:c2:f7:b8:1b:0b:1c:e8:99:e1:
         39:1d:08:1e:75:ba:46:52:b4:07:f0:6f:1f:f9:a5:82:62:7c:
         1f:b8:4b:49:bc:4b:6f:75:bc:fe:9a:70:11:09:f1:88:35:9b:
         29:ab:e6:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWZs7alkhAWgjBtERt1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTdmMzVjODhiYzM2NTVmNzgwYWQ1ZGUyMzNhN2FkMjY0YWI0ZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6buSlrs+DZUcfPFpss+rrT2IgBz
sx18K6WzZJHFDIxgl2rZE9b0rJLPZ3WJWxNQh9TClCq36xxz7/6sJjisePSbSPAj
vciGWdRI+Rq/Tgp4tr/Ii1RgoY+TO87ULhNF0TikWm1hW+pWGW6h1t7RPwCD83Og
nkHFHyJCFL3RoSWwTC9LrTxt/zO/ezjgGSMxVobAjbpoAMJsdUK6FvIO2nfnUMUv
79JGDXbZzx8qyIcMB4H1RCeDkSo/UGyJPSD93atA8guMVzs5o3skRHW1/sx35KkT
6OvXkEReGkeQIPdHZ31EJmNXD5mFHDtdfONdY6toFqzOYmpLWTYvO3hrJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDl/NciLw2VfeArV3iM6etJkq09JMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvT1g4MXlJdkRaVjk0Q3RYZUl6cDYwbVNyVDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXaMA0G
CSqGSIb3DQEBCwUAA4IBAQAtX2VjEKID04yxJuYkimST/v4NF17Cso1fpOAQ8lEy
LibpDIGL7qskNDZ/exhljjbjFhpqpIJLqGWA+5VdvXXjmryeetNJwxuHDvsapR5I
oUnU6Q3zBC8az3M/XovZokJ48oB8ju08CGxE3G4wsOp9jlEH4T1ODnDOX7qjOWub
72e+AN/tLPFvBAOos76YtkFKSCZv32kT0ySeBrI6w4lpiHE1aASu4K9ntMSmabCN
5hb9RMrfGLYowE8I69UYoSULO2w9U2VMVXkEgaT0uuDC97gbCxzomeE5HQgedbpG
UrQH8G8f+aWCYnwfuEtJvEtvdbz+mnARCfGINZspq+bl
-----END CERTIFICATE-----