Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Q2tZZAiE-FjavHsiNTBX4SRWl3w.roa
File:                     Q2tZZAiE-FjavHsiNTBX4SRWl3w.roa (raw, json)
Hash identifier:          yYLT8sUWMCdy1ly7q0YDiZ6x4T7aIPLOtqsK6Pud7Xk=
Subject key identifier:   43:6B:59:64:08:84:F8:58:DA:BC:7B:22:35:30:57:E1:24:56:97:7C
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A4683AFE1492CC4FC12748D801BA0
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Q2tZZAiE-FjavHsiNTBX4SRWl3w.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211415
IP address blocks:        163.5.75.0/24 maxlen: 24
                          163.5.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:46:83:af:e1:49:2c:c4:fc:12:74:8d:80:1b:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=436b59640884f858dabc7b22353057e12456977c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cf:5a:e3:a5:dc:4e:07:43:4a:42:d0:02:5d:
                    04:29:3e:ec:eb:83:76:08:f6:0a:d9:fa:bb:a9:9b:
                    c7:70:49:64:85:11:75:70:57:c1:b5:ac:48:c7:fa:
                    35:12:5b:4f:be:77:97:53:52:3c:35:cb:f5:ba:1e:
                    46:aa:3a:67:fe:3a:58:35:37:39:8d:5e:3d:17:bc:
                    ac:82:51:ed:8e:da:ce:1d:ab:5a:f2:45:48:9f:f9:
                    c2:2c:9a:8f:41:94:f5:8b:69:d4:fa:de:61:d7:4f:
                    33:4c:63:63:de:3d:bc:82:f2:19:55:23:de:78:d0:
                    b3:c5:37:14:ac:71:80:c8:cf:ba:fd:d2:b0:22:29:
                    1a:dd:1b:33:0c:eb:a8:f3:05:d5:64:db:e5:2b:b1:
                    9f:37:27:cb:bd:11:6b:29:6e:33:8a:ac:2b:f3:69:
                    69:b6:d2:dc:ef:19:22:84:75:18:53:df:24:15:58:
                    75:fc:79:83:66:3d:b4:86:43:65:b7:f8:23:fb:85:
                    e9:45:42:69:2d:aa:07:f5:24:ef:3a:c8:ff:06:5e:
                    34:45:79:03:de:08:12:0c:3a:f0:d2:3c:c2:7a:b3:
                    fd:5c:f4:a7:e0:b2:ce:16:3e:d9:a5:f7:3b:8b:85:
                    b2:f0:03:c0:a5:dd:26:88:9f:45:ef:ab:ad:52:60:
                    c6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:6B:59:64:08:84:F8:58:DA:BC:7B:22:35:30:57:E1:24:56:97:7C
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Q2tZZAiE-FjavHsiNTBX4SRWl3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.75.0/24
                  163.5.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:38:cd:a7:b9:ed:c1:81:67:4a:6c:13:88:c5:0e:a9:4b:32:
         7c:43:96:ca:5c:14:c9:5e:c5:a8:7a:e2:23:2d:5b:2b:61:21:
         dc:19:db:05:0d:69:13:f7:ac:5e:8d:f4:fb:b1:cf:31:76:25:
         02:31:b9:15:b5:1d:92:36:7e:c7:39:11:07:53:76:b7:36:28:
         2b:d1:2c:e7:95:ed:ea:20:8e:38:f6:ea:a4:4e:ef:ef:fd:88:
         09:a1:5f:75:d0:92:5f:bd:9c:b9:7f:f4:4e:3f:94:f9:fa:5b:
         97:bd:cc:76:e2:34:33:39:2a:4c:58:5f:aa:1a:4e:d9:87:fd:
         24:f6:4a:e3:02:ce:eb:91:66:bb:1d:76:f2:66:69:e7:bd:4d:
         2a:e5:9d:3c:7b:08:fe:38:6d:66:86:f2:dd:46:f3:62:85:fe:
         15:6c:42:ab:16:65:b9:1b:00:17:6e:98:11:ff:58:68:d3:8c:
         ca:8e:40:af:cc:bc:3e:fe:c1:5f:2c:95:a3:5e:c5:e2:41:ed:
         25:a5:3d:9d:5d:8f:30:52:54:19:bb:d3:76:62:f2:b6:f0:2d:
         0d:c4:2d:52:57:ff:f5:47:b9:f8:16:7d:c4:a5:d0:37:d4:bb:
         1c:4e:6c:12:b3:cf:ce:d0:a5:af:af:88:30:53:57:ca:66:62:
         54:d3:0c:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjakaDr+FJLMT8EnSNgBugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzZiNTk2NDA4ODRmODU4ZGFiYzdiMjIzNTMwNTdlMTI0NTY5NzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM9a46XcTgdDSkLQAl0EKT7s64N2
CPYK2fq7qZvHcElkhRF1cFfBtaxIx/o1EltPvneXU1I8Ncv1uh5Gqjpn/jpYNTc5
jV49F7ysglHtjtrOHata8kVIn/nCLJqPQZT1i2nU+t5h108zTGNj3j28gvIZVSPe
eNCzxTcUrHGAyM+6/dKwIika3RszDOuo8wXVZNvlK7GfNyfLvRFrKW4ziqwr82lp
ttLc7xkihHUYU98kFVh1/HmDZj20hkNlt/gj+4XpRUJpLaoH9STvOsj/Bl40RXkD
3ggSDDrw0jzCerP9XPSn4LLOFj7Zpfc7i4Wy8APApd0miJ9F76utUmDGnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFENrWWQIhPhY2rx7IjUwV+EkVpd8MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUTJ0WlpBaUUtRmphdkhzaU5UQlg0U1JXbDN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVLAwQA
owVOMA0GCSqGSIb3DQEBCwUAA4IBAQA9OM2nue3BgWdKbBOIxQ6pSzJ8Q5bKXBTJ
XsWoeuIjLVsrYSHcGdsFDWkT96xejfT7sc8xdiUCMbkVtR2SNn7HOREHU3a3Nigr
0Sznle3qII449uqkTu/v/YgJoV910JJfvZy5f/ROP5T5+luXvcx24jQzOSpMWF+q
Gk7Zh/0k9krjAs7rkWa7HXbyZmnnvU0q5Z08ewj+OG1mhvLdRvNihf4VbEKrFmW5
GwAXbpgR/1ho04zKjkCvzLw+/sFfLJWjXsXiQe0lpT2dXY8wUlQZu9N2YvK28C0N
xC1SV//1R7n4Fn3EpdA31LscTmwSs8/O0KWvr4gwU1fKZmJU0www
-----END CERTIFICATE-----