Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/R75J4UXSgtc3_ZHir5lX15A92v0.roa
File:                     R75J4UXSgtc3_ZHir5lX15A92v0.roa (raw, json)
Hash identifier:          p1nT+xAF0hiVHCRSceeKgWZwAlNmMd4SsyfXNhdhPjU=
Subject key identifier:   47:BE:49:E1:45:D2:82:D7:37:FD:91:E2:AF:99:57:D7:90:3D:DA:FD
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0191E6D90960015FB4C7BF3843C9A0659243
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/R75J4UXSgtc3_ZHir5lX15A92v0.roa
Signing time:             Thu 12 Sep 2024 15:27:48 +0000
ROA not before:           Thu 12 Sep 2024 15:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214766
IP address blocks:        163.5.35.0/24 maxlen: 24
                          163.5.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e6:d9:09:60:01:5f:b4:c7:bf:38:43:c9:a0:65:92:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 12 15:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47be49e145d282d737fd91e2af9957d7903ddafd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d1:2f:55:ea:4e:40:43:5a:20:38:19:61:a5:
                    a3:44:ac:88:38:6b:44:e8:20:7f:8a:6a:96:dc:cd:
                    cc:50:9c:5f:ca:56:f6:95:06:ab:24:29:b4:89:8d:
                    f2:71:d1:38:9e:35:f8:62:c0:ec:3b:00:58:1f:40:
                    a3:e7:fe:cd:8b:f6:de:c7:44:f0:27:42:a6:88:f2:
                    aa:6a:cb:3f:97:16:27:b1:1b:c6:79:3b:ae:c1:ab:
                    bb:13:5b:86:f4:b5:f3:c2:f4:f0:17:0e:4e:b4:54:
                    7f:3f:f3:88:e3:db:87:51:16:70:15:27:91:65:2b:
                    92:18:40:e1:7a:2b:75:d9:98:2a:cd:4d:3e:2f:75:
                    45:a1:64:bf:40:8a:5a:cf:33:24:03:42:78:0c:0f:
                    7f:09:8e:d7:53:4d:0e:59:fd:64:0f:8b:8c:fd:97:
                    47:c2:b8:37:ec:77:3d:e2:23:b0:f0:07:c9:97:6c:
                    c2:8f:da:77:4c:b2:4e:93:f0:c7:95:bf:f2:9b:df:
                    d9:92:63:8a:26:c8:7e:e9:94:2c:d0:36:cf:e8:23:
                    84:0b:30:0d:2f:4e:4d:3c:ef:36:6e:4f:37:c2:c9:
                    04:89:1f:60:09:13:79:70:0a:0e:57:09:44:12:a7:
                    dd:24:83:e2:ea:df:d3:91:a0:19:92:e9:03:5e:0f:
                    32:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BE:49:E1:45:D2:82:D7:37:FD:91:E2:AF:99:57:D7:90:3D:DA:FD
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/R75J4UXSgtc3_ZHir5lX15A92v0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.35.0/24
                  163.5.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:13:1e:9d:bb:90:ba:d3:ca:aa:e1:ac:bd:b7:da:93:a5:42:
         0c:91:ba:43:fb:1c:7e:4a:ee:8c:5f:4a:87:77:50:2b:eb:a4:
         24:b6:77:3b:53:5f:51:06:69:fc:0f:ab:19:84:76:62:3f:cd:
         e8:b9:19:c3:54:21:67:6d:82:06:cc:42:7d:6c:d6:3c:0a:4d:
         e5:93:6a:e4:a6:e9:23:aa:02:53:97:0c:e6:37:68:8d:d2:fa:
         be:2b:80:a0:52:d2:53:b1:de:6f:f1:4b:9d:78:ad:61:de:1e:
         f0:52:a9:81:ec:7c:17:31:aa:82:9c:bc:86:2e:56:43:85:02:
         16:43:e3:d8:ce:4e:30:cf:90:1c:f3:7b:9d:5e:58:66:a1:e7:
         a4:1c:4f:55:d9:74:a9:00:28:09:38:ec:68:16:00:a4:8c:b2:
         1e:47:c7:d9:74:f6:75:08:a7:12:5f:99:70:eb:71:b9:21:46:
         00:e1:77:24:32:4c:42:49:f3:57:f7:1b:24:99:51:df:6b:8b:
         7b:96:de:d4:24:53:3e:1a:74:da:71:c5:ea:c2:4f:49:2a:19:
         a1:ee:12:76:5f:07:d3:fc:d5:79:04:f1:4d:9c:b5:db:72:c4:
         f2:74:0d:81:f7:88:28:11:27:f4:e7:8c:db:ec:84:40:aa:55:
         13:c5:03:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHm2QlgAV+0x784Q8mgZZJDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwOTEyMTUyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JlNDllMTQ1ZDI4MmQ3MzdmZDkxZTJhZjk5NTdkNzkwM2RkYWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9EvVepOQENaIDgZYaWjRKyIOGtE
6CB/imqW3M3MUJxfylb2lQarJCm0iY3ycdE4njX4YsDsOwBYH0Cj5/7Ni/bex0Tw
J0KmiPKqass/lxYnsRvGeTuuwau7E1uG9LXzwvTwFw5OtFR/P/OI49uHURZwFSeR
ZSuSGEDheit12ZgqzU0+L3VFoWS/QIpazzMkA0J4DA9/CY7XU00OWf1kD4uM/ZdH
wrg37Hc94iOw8AfJl2zCj9p3TLJOk/DHlb/ym9/ZkmOKJsh+6ZQs0DbP6COECzAN
L05NPO82bk83wskEiR9gCRN5cAoOVwlEEqfdJIPi6t/TkaAZkukDXg8yEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEe+SeFF0oLXN/2R4q+ZV9eQPdr9MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUjc1SjRVWFNndGMzX1pIaXI1bFgxNUE5MnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowUjAwQA
owU2MA0GCSqGSIb3DQEBCwUAA4IBAQCJEx6du5C608qq4ay9t9qTpUIMkbpD+xx+
Su6MX0qHd1Ar66Qktnc7U19RBmn8D6sZhHZiP83ouRnDVCFnbYIGzEJ9bNY8Ck3l
k2rkpukjqgJTlwzmN2iN0vq+K4CgUtJTsd5v8UudeK1h3h7wUqmB7HwXMaqCnLyG
LlZDhQIWQ+PYzk4wz5Ac83udXlhmoeekHE9V2XSpACgJOOxoFgCkjLIeR8fZdPZ1
CKcSX5lw63G5IUYA4XckMkxCSfNX9xskmVHfa4t7lt7UJFM+GnTaccXqwk9JKhmh
7hJ2XwfT/NV5BPFNnLXbcsTydA2B94goESf054zb7IRAqlUTxQMR
-----END CERTIFICATE-----