Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OkdLyJfNgz9gfBviTeuabmIcHBs.roa
File:                     OkdLyJfNgz9gfBviTeuabmIcHBs.roa (raw, json)
Hash identifier:          GMYLHZYjeSM0pT7A4hOQE5cfhVId9vWEvY2eQQ36NEI=
Subject key identifier:   3A:47:4B:C8:97:CD:83:3F:60:7C:1B:E2:4D:EB:9A:6E:62:1C:1C:1B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0193122A4BEDAACC3571C0E9B22C44E3857C
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OkdLyJfNgz9gfBviTeuabmIcHBs.roa
Signing time:             Sat 09 Nov 2024 18:23:02 +0000
ROA not before:           Sat 09 Nov 2024 18:23:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        163.5.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:12:2a:4b:ed:aa:cc:35:71:c0:e9:b2:2c:44:e3:85:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov  9 18:23:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a474bc897cd833f607c1be24deb9a6e621c1c1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:3e:64:46:46:83:6f:af:40:c8:5b:13:d5:d2:
                    39:43:8b:33:2d:70:be:4c:41:d7:23:e8:99:36:83:
                    23:d4:05:f9:a4:43:2a:da:0b:e4:44:1c:20:99:fe:
                    89:f9:51:81:57:8f:27:47:13:ee:e5:ce:1e:a8:d2:
                    b6:ea:cb:94:95:8d:01:01:e6:e4:68:2e:34:24:f9:
                    20:65:55:b6:23:6f:e1:0e:a7:e9:0d:ab:f4:58:27:
                    f2:b3:d3:e8:d3:0e:dd:7c:da:72:63:1d:fa:34:57:
                    52:b5:88:e7:f2:60:c7:0b:cd:95:2f:29:c8:c9:80:
                    1c:2c:79:ce:17:61:7b:71:64:b1:cd:c8:d5:90:28:
                    0a:99:8d:a4:05:ff:eb:88:b5:8e:77:ce:a8:cf:04:
                    c4:4f:14:5d:3b:dd:cf:d5:2c:8c:58:87:c3:ec:62:
                    36:5d:46:84:06:d4:69:95:3a:4b:a7:cd:9a:ec:10:
                    70:f7:bb:bc:26:66:5c:80:fd:50:50:fa:8e:e3:01:
                    3c:29:ac:35:66:e6:e0:f8:34:3b:5f:43:68:7c:24:
                    c1:c1:6f:21:f4:bf:20:48:db:b5:85:2b:66:c7:01:
                    01:2e:d1:5c:0e:ff:c6:4b:a1:1a:fa:c2:c0:c1:bc:
                    05:2a:3e:24:59:d2:b2:fe:23:79:fd:89:28:28:d9:
                    95:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:47:4B:C8:97:CD:83:3F:60:7C:1B:E2:4D:EB:9A:6E:62:1C:1C:1B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OkdLyJfNgz9gfBviTeuabmIcHBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:e0:ea:a6:03:a8:bb:bd:70:6f:6f:67:6e:e3:23:bd:e9:88:
         b8:30:0b:f1:8b:85:60:63:27:fd:30:b2:b9:e7:4d:9a:b4:70:
         db:1b:ca:a5:d8:0f:81:ce:e1:27:de:84:c0:d5:8c:6f:c8:3c:
         a4:74:99:3a:ce:73:bd:36:45:1b:4c:0b:62:bd:fb:48:e6:cb:
         12:6d:87:9a:a4:ab:96:a2:74:4e:4b:cd:4f:c7:9a:9e:1f:9b:
         0b:dc:1c:b1:08:e1:c5:53:ee:26:32:f1:6d:ad:11:19:fb:2b:
         31:97:08:5a:cc:33:76:a3:78:37:bd:37:a0:a4:0e:03:b0:8f:
         7a:fa:fb:37:26:c0:6d:dc:3c:0f:5e:0b:a9:06:de:e3:80:e0:
         e9:d2:6d:4f:21:1a:b8:8d:3b:0e:43:f5:50:0e:88:9d:fa:65:
         9e:7f:61:d3:44:8b:09:01:11:54:a1:3e:ac:e5:72:0c:af:9d:
         19:bc:c8:ef:93:81:4d:23:77:56:aa:86:7e:18:a8:34:df:a1:
         37:35:a2:b2:2e:40:e4:71:32:20:2b:50:d8:26:99:04:fd:66:
         86:9b:f4:66:6b:b3:81:27:0b:02:e3:41:24:6f:9c:0f:12:e9:
         33:da:83:15:7e:06:e4:11:17:db:8f:56:0f:03:0c:94:10:8d:
         a4:dc:6a:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMSKkvtqsw1ccDpsixE44V8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMTA5MTgyMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTQ3NGJjODk3Y2Q4MzNmNjA3YzFiZTI0ZGViOWE2ZTYyMWMxYzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7z5kRkaDb69AyFsT1dI5Q4szLXC+
TEHXI+iZNoMj1AX5pEMq2gvkRBwgmf6J+VGBV48nRxPu5c4eqNK26suUlY0BAebk
aC40JPkgZVW2I2/hDqfpDav0WCfys9Po0w7dfNpyYx36NFdStYjn8mDHC82VLynI
yYAcLHnOF2F7cWSxzcjVkCgKmY2kBf/riLWOd86ozwTETxRdO93P1SyMWIfD7GI2
XUaEBtRplTpLp82a7BBw97u8JmZcgP1QUPqO4wE8Kaw1Zubg+DQ7X0NofCTBwW8h
9L8gSNu1hStmxwEBLtFcDv/GS6Ea+sLAwbwFKj4kWdKy/iN5/YkoKNmVaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpHS8iXzYM/YHwb4k3rmm5iHBwbMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvT2tkTHlKZk5nejlnZkJ2aVRldWFibUljSEJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWOMA0G
CSqGSIb3DQEBCwUAA4IBAQCm4OqmA6i7vXBvb2du4yO96Yi4MAvxi4VgYyf9MLK5
502atHDbG8ql2A+BzuEn3oTA1YxvyDykdJk6znO9NkUbTAtivftI5ssSbYeapKuW
onROS81Px5qeH5sL3ByxCOHFU+4mMvFtrREZ+ysxlwhazDN2o3g3vTegpA4DsI96
+vs3JsBt3DwPXgupBt7jgODp0m1PIRq4jTsOQ/VQDoid+mWef2HTRIsJARFUoT6s
5XIMr50ZvMjvk4FNI3dWqoZ+GKg036E3NaKyLkDkcTIgK1DYJpkE/WaGm/Rma7OB
JwsC40Ekb5wPEukz2oMVfgbkERfbj1YPAwyUEI2k3Go4
-----END CERTIFICATE-----