Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/P_8iAcBnR_y1-i0RJPjtI5Vq3AE.roa
File:                     P_8iAcBnR_y1-i0RJPjtI5Vq3AE.roa (raw, json)
Hash identifier:          nK3hEFWEACEngt0IgfA4qWmCFOtLvAFliVJnKEQIRzQ=
Subject key identifier:   3F:FF:22:01:C0:67:47:FC:B5:FA:2D:11:24:F8:ED:23:95:6A:DC:01
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018DDA9EFB0158C1489AC0B2248C68F4CBB6
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/P_8iAcBnR_y1-i0RJPjtI5Vq3AE.roa
Signing time:             Sat 24 Feb 2024 10:17:48 +0000
ROA not before:           Sat 24 Feb 2024 10:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        163.5.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:da:9e:fb:01:58:c1:48:9a:c0:b2:24:8c:68:f4:cb:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 24 10:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fff2201c06747fcb5fa2d1124f8ed23956adc01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ec:04:bf:e9:7b:7e:16:aa:38:f5:eb:9d:28:
                    d6:d1:9d:d3:cb:2e:a4:54:d7:36:32:44:a6:68:09:
                    27:76:30:36:cc:b6:c9:f4:68:82:1b:fd:9b:8d:89:
                    76:d2:d9:9c:0c:c2:07:7a:9b:a4:54:df:69:80:aa:
                    ef:ec:4d:b6:81:60:70:2b:3e:b8:6b:48:c4:93:31:
                    c3:06:14:45:24:30:45:3c:17:dd:00:55:73:51:a2:
                    bd:7c:ca:6b:82:a0:33:9c:25:5a:e7:32:49:14:f7:
                    5a:65:1f:b3:3e:4a:4c:95:d0:c3:d5:15:b2:91:79:
                    a2:77:7e:a9:fa:c3:30:6e:3a:41:d5:80:79:56:51:
                    ad:96:11:aa:4c:64:36:51:4e:1e:86:b4:59:97:c0:
                    b1:68:14:bd:98:c2:75:2c:b4:56:4d:78:d7:11:4e:
                    a8:b8:75:6c:fd:3d:aa:b4:79:00:bb:55:3d:fa:fc:
                    85:cf:f1:83:0e:95:fe:83:63:4c:9c:d1:3d:f9:86:
                    0f:77:1f:d1:e8:5a:fe:0f:52:09:6a:6f:6f:5a:94:
                    b4:0a:3d:9a:46:b3:19:5c:e7:cc:2a:f8:73:05:92:
                    d0:91:d0:06:40:5a:9a:83:91:6e:51:2c:96:b2:ce:
                    f6:d1:b8:c2:5a:a0:5b:8d:7d:f4:75:1a:27:a5:98:
                    c3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:FF:22:01:C0:67:47:FC:B5:FA:2D:11:24:F8:ED:23:95:6A:DC:01
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/P_8iAcBnR_y1-i0RJPjtI5Vq3AE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:47:5c:c9:07:e1:0d:7c:e7:86:db:54:75:f2:4e:fb:a4:87:
         cd:e7:99:bc:c9:a8:67:aa:6a:2b:2e:fe:75:d5:26:88:18:98:
         fd:28:7e:0f:49:10:7f:db:78:a4:e8:0e:96:82:02:ab:10:fa:
         e8:a0:77:80:e3:38:8a:dc:d7:bd:62:ce:03:dd:84:7f:89:67:
         a6:4d:40:c8:38:97:fc:58:50:fd:ea:f8:db:1a:62:1b:56:5d:
         90:e7:2d:37:e2:1d:af:07:81:66:66:e7:f7:d0:15:5f:09:33:
         52:eb:8f:03:7f:00:ae:eb:8e:1a:20:07:42:a4:1f:20:1e:21:
         05:61:3e:c5:07:ab:b0:8f:43:70:34:9d:e8:77:ff:5b:4d:ec:
         65:fd:ed:60:a5:35:86:75:9c:27:0a:1a:dc:1a:e7:71:1b:06:
         d1:40:33:8e:d3:5c:8f:0a:d6:78:d0:c5:1b:1d:26:5d:e0:83:
         d2:99:7f:64:62:b2:e3:16:e4:8a:39:21:09:0f:33:44:d0:b2:
         04:81:3c:7c:f5:b2:2f:7c:c5:88:b5:6d:3c:c6:ff:93:b0:96:
         95:71:dd:02:be:54:57:af:c6:58:0c:eb:21:c4:6d:db:bf:8a:
         ad:b2:3b:94:3e:c9:9e:8a:66:c2:e6:c3:3c:35:d5:08:5a:87:
         ad:cf:7d:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3anvsBWMFImsCyJIxo9Mu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMjI0MTAxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmZmMjIwMWMwNjc0N2ZjYjVmYTJkMTEyNGY4ZWQyMzk1NmFkYzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+wEv+l7fhaqOPXrnSjW0Z3Tyy6k
VNc2MkSmaAkndjA2zLbJ9GiCG/2bjYl20tmcDMIHepukVN9pgKrv7E22gWBwKz64
a0jEkzHDBhRFJDBFPBfdAFVzUaK9fMprgqAznCVa5zJJFPdaZR+zPkpMldDD1RWy
kXmid36p+sMwbjpB1YB5VlGtlhGqTGQ2UU4ehrRZl8CxaBS9mMJ1LLRWTXjXEU6o
uHVs/T2qtHkAu1U9+vyFz/GDDpX+g2NMnNE9+YYPdx/R6Fr+D1IJam9vWpS0Cj2a
RrMZXOfMKvhzBZLQkdAGQFqag5FuUSyWss720bjCWqBbjX30dRonpZjDRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD//IgHAZ0f8tfotEST47SOVatwBMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUF84aUFjQm5SX3kxLWkwUkpQanRJNVZxM0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXHMA0G
CSqGSIb3DQEBCwUAA4IBAQAWR1zJB+ENfOeG21R18k77pIfN55m8yahnqmorLv51
1SaIGJj9KH4PSRB/23ik6A6WggKrEProoHeA4ziK3Ne9Ys4D3YR/iWemTUDIOJf8
WFD96vjbGmIbVl2Q5y034h2vB4FmZuf30BVfCTNS648DfwCu644aIAdCpB8gHiEF
YT7FB6uwj0NwNJ3od/9bTexl/e1gpTWGdZwnChrcGudxGwbRQDOO01yPCtZ40MUb
HSZd4IPSmX9kYrLjFuSKOSEJDzNE0LIEgTx89bIvfMWItW08xv+TsJaVcd0CvlRX
r8ZYDOshxG3bv4qtsjuUPsmeimbC5sM8NdUIWoetz30y
-----END CERTIFICATE-----