Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Q-U8qxcG0A2JhPs6MXHWgTcmcL8.roa
File:                     Q-U8qxcG0A2JhPs6MXHWgTcmcL8.roa (raw, json)
Hash identifier:          nfdE19gj+gIW9Fidv/MW7IXlZCEx67KoIhkyK6PxNiU=
Subject key identifier:   43:E5:3C:AB:17:06:D0:0D:89:84:FB:3A:31:71:D6:81:37:26:70:BF
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019225726D7898A9338434BF7DD8C3B54F17
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Q-U8qxcG0A2JhPs6MXHWgTcmcL8.roa
Signing time:             Tue 24 Sep 2024 19:11:48 +0000
ROA not before:           Tue 24 Sep 2024 19:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134176
IP address blocks:        163.5.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:25:72:6d:78:98:a9:33:84:34:bf:7d:d8:c3:b5:4f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 24 19:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43e53cab1706d00d8984fb3a3171d681372670bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3c:1e:f3:1b:1f:d1:65:c9:1f:cf:3c:60:0e:
                    70:ba:e6:df:76:91:26:df:fd:dd:0c:d8:55:29:93:
                    5e:83:38:fe:47:6a:25:f9:56:a6:21:20:ae:0a:d5:
                    ed:80:0b:df:70:20:3e:05:87:88:2b:15:c9:1b:62:
                    20:38:e9:04:bc:d4:7b:00:d8:4c:27:f3:b6:54:84:
                    b1:90:54:e8:02:de:0c:38:25:60:b7:bd:6f:a9:50:
                    a6:59:af:ac:dc:63:58:8a:ab:3f:34:ba:37:cd:08:
                    ea:1a:74:4c:5d:b5:c5:fa:f8:57:87:0e:41:53:e9:
                    54:55:48:78:6c:ac:d6:32:a5:43:dd:40:48:49:d0:
                    14:e5:31:66:3d:f0:3e:af:c2:7d:48:53:63:5d:d4:
                    e3:31:2c:a1:c8:26:a3:2a:48:66:af:7b:a8:0a:5b:
                    68:80:bf:eb:bb:d3:e2:bf:cb:30:7f:fb:2a:30:12:
                    c3:6f:4f:ca:25:4f:ff:a6:58:77:18:42:c8:52:ae:
                    ce:c3:38:75:46:14:58:67:f0:e5:15:c2:b9:d5:5d:
                    fd:0d:d9:37:9f:0c:78:dc:76:5a:ee:b0:69:8d:27:
                    b7:a4:9d:82:aa:36:00:2a:0e:17:68:3e:67:6c:05:
                    56:56:9b:c4:e2:ff:4a:dd:77:29:b2:4e:a5:59:e5:
                    00:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E5:3C:AB:17:06:D0:0D:89:84:FB:3A:31:71:D6:81:37:26:70:BF
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Q-U8qxcG0A2JhPs6MXHWgTcmcL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:78:a3:08:79:89:1e:40:8a:08:9e:5d:62:b4:2c:86:b8:7c:
         31:6f:6c:22:29:c4:32:7f:bf:45:10:43:4c:87:03:46:69:4b:
         93:23:29:b6:9d:5f:5d:1a:6e:fb:e5:1c:e2:06:ea:82:fd:3b:
         d2:a2:35:12:81:a7:3c:76:26:84:06:54:05:65:40:2d:32:63:
         55:73:d7:b2:93:8c:d2:b1:6c:17:b8:1e:af:be:55:f3:51:df:
         66:34:1f:10:74:ef:c5:59:7a:58:51:97:f7:14:45:e4:13:ba:
         f0:f6:cf:4f:36:3c:ee:32:43:5e:5b:37:a8:d9:65:b2:43:88:
         51:5b:ac:98:6d:25:50:38:80:cb:66:95:8f:35:ee:8c:b9:9e:
         18:1c:98:0d:35:6c:e5:71:4f:92:04:ce:3b:2b:57:76:18:d4:
         0b:b6:8c:7c:68:55:2a:6c:d8:91:e9:3b:4c:71:6c:e7:ec:dc:
         5c:f7:2b:b2:ab:13:5d:6d:99:8b:5a:38:8d:11:3c:c5:c2:eb:
         00:74:e4:6c:e6:f2:d8:f3:6a:95:29:3d:ec:e7:48:0e:5d:47:
         08:cc:fd:9c:e0:f0:4e:21:00:75:d5:4f:e0:b7:96:50:27:5c:
         99:23:10:9f:38:9f:2a:a2:55:a8:eb:10:20:ee:d7:9a:b0:1d:
         bc:6f:89:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIlcm14mKkzhDS/fdjDtU8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwOTI0MTkxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2U1M2NhYjE3MDZkMDBkODk4NGZiM2EzMTcxZDY4MTM3MjY3MGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDwe8xsf0WXJH888YA5wuubfdpEm
3/3dDNhVKZNegzj+R2ol+VamISCuCtXtgAvfcCA+BYeIKxXJG2IgOOkEvNR7ANhM
J/O2VISxkFToAt4MOCVgt71vqVCmWa+s3GNYiqs/NLo3zQjqGnRMXbXF+vhXhw5B
U+lUVUh4bKzWMqVD3UBISdAU5TFmPfA+r8J9SFNjXdTjMSyhyCajKkhmr3uoClto
gL/ru9Piv8swf/sqMBLDb0/KJU//plh3GELIUq7Owzh1RhRYZ/DlFcK51V39Ddk3
nwx43HZa7rBpjSe3pJ2CqjYAKg4XaD5nbAVWVpvE4v9K3Xcpsk6lWeUAKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPlPKsXBtANiYT7OjFx1oE3JnC/MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUS1VOHF4Y0cwQTJKaFBzNk1YSFdnVGNtY0w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUxMA0G
CSqGSIb3DQEBCwUAA4IBAQAaeKMIeYkeQIoInl1itCyGuHwxb2wiKcQyf79FEENM
hwNGaUuTIym2nV9dGm775RziBuqC/TvSojUSgac8diaEBlQFZUAtMmNVc9eyk4zS
sWwXuB6vvlXzUd9mNB8QdO/FWXpYUZf3FEXkE7rw9s9PNjzuMkNeWzeo2WWyQ4hR
W6yYbSVQOIDLZpWPNe6MuZ4YHJgNNWzlcU+SBM47K1d2GNQLtox8aFUqbNiR6TtM
cWzn7Nxc9yuyqxNdbZmLWjiNETzFwusAdORs5vLY82qVKT3s50gOXUcIzP2c4PBO
IQB11U/gt5ZQJ1yZIxCfOJ8qolWo6xAg7teasB28b4kY
-----END CERTIFICATE-----