Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Rh3PyWX03jC8gpXrHy8EpJL6Z5Y.roa
File:                     Rh3PyWX03jC8gpXrHy8EpJL6Z5Y.roa (raw, json)
Hash identifier:          P9fP8lHqQqEtMwSxHdm+n/pCZogAOBr3WmtfFE6GZP4=
Subject key identifier:   46:1D:CF:C9:65:F4:DE:30:BC:82:95:EB:1F:2F:04:A4:92:FA:67:96
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018E953B257F5635B58FB50E46116654E73E
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Rh3PyWX03jC8gpXrHy8EpJL6Z5Y.roa
Signing time:             Sun 31 Mar 2024 15:57:45 +0000
ROA not before:           Sun 31 Mar 2024 15:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        163.5.79.0/24 maxlen: 24
                          163.5.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:3b:25:7f:56:35:b5:8f:b5:0e:46:11:66:54:e7:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 31 15:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=461dcfc965f4de30bc8295eb1f2f04a492fa6796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d3:33:39:e3:3a:64:15:58:69:c7:fa:ab:d2:
                    94:b5:ce:74:d4:39:a2:eb:50:7e:42:8d:e4:ce:be:
                    03:eb:13:90:a0:65:80:c9:25:4d:ca:96:82:72:e5:
                    4a:ba:e6:ba:23:f4:16:7d:c0:ee:b3:9c:0e:0d:49:
                    2b:d5:17:37:72:56:79:d1:af:b5:79:43:c0:42:4b:
                    77:50:e3:c9:c2:5d:f1:b4:7d:39:73:23:39:7b:59:
                    3f:c6:e6:48:9c:a9:f6:43:e1:07:42:03:88:53:09:
                    70:7c:13:ac:1a:78:20:62:f9:46:73:43:ba:56:a1:
                    be:c4:a7:7d:14:07:b5:b0:c4:06:76:78:f2:03:58:
                    cc:89:da:c7:16:3a:54:ff:fa:e8:f4:5d:fd:91:c0:
                    80:fe:46:b0:79:ca:92:ca:20:cc:5c:e7:54:65:a2:
                    3c:ff:ea:28:ce:af:d0:0d:cb:a7:47:f7:ec:30:4b:
                    30:58:7c:1a:d4:9f:04:3a:53:e3:d8:3f:97:1c:84:
                    79:27:3c:29:00:78:68:e5:7b:dc:8a:e5:7c:16:58:
                    34:db:89:f5:e5:c5:10:02:98:b5:e2:88:06:da:ec:
                    f5:e6:32:d7:9b:63:b7:7f:b6:d5:25:14:06:a2:93:
                    50:bc:04:be:93:d0:e1:dc:2a:55:8c:44:ea:65:12:
                    1d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:1D:CF:C9:65:F4:DE:30:BC:82:95:EB:1F:2F:04:A4:92:FA:67:96
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Rh3PyWX03jC8gpXrHy8EpJL6Z5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.79.0/24
                  163.5.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:75:9e:33:cf:b5:15:06:dd:f9:d9:c8:04:15:2e:93:f5:3e:
         7f:5a:5c:b7:c4:aa:d2:1f:ae:84:fc:a0:0d:8c:36:30:7e:6b:
         66:10:6f:ed:f4:8e:a0:8d:37:4b:2f:6c:1d:eb:0b:bb:25:79:
         de:f1:be:ce:c3:74:3f:e9:a9:3f:64:e7:37:d5:9f:9a:bf:9e:
         92:58:53:c3:0c:f0:25:58:a7:ac:0f:85:57:e5:80:08:9e:77:
         1d:fb:51:71:b0:57:e5:29:39:0d:ac:3d:28:37:c6:f1:c1:3a:
         c7:86:fb:41:d3:31:45:29:96:29:91:62:68:c8:67:e5:83:0f:
         d4:e6:69:4b:75:a8:3a:61:5b:12:8d:7e:99:31:ad:22:1e:5f:
         13:fa:e1:c3:26:00:89:2b:84:82:66:67:9c:f1:5c:89:87:53:
         8c:14:cd:44:43:b9:51:0d:25:68:fb:0a:b0:75:e2:46:a0:17:
         e3:85:e3:08:b4:c3:bb:c3:5d:5b:80:4b:9e:3f:e0:f4:2b:53:
         c8:9a:c2:c1:86:f1:60:c6:77:19:1c:32:84:17:0e:42:4d:f7:
         d2:6d:ee:a4:64:f5:7c:41:5b:d6:75:41:d5:80:ec:02:f9:62:
         f9:ab:20:41:d0:b1:20:61:40:22:b4:9e:8c:26:f1:6d:ff:0e:
         a8:7e:09:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6VOyV/VjW1j7UORhFmVOc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMzMxMTU1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjFkY2ZjOTY1ZjRkZTMwYmM4Mjk1ZWIxZjJmMDRhNDkyZmE2Nzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtMzOeM6ZBVYacf6q9KUtc501Dmi
61B+Qo3kzr4D6xOQoGWAySVNypaCcuVKuua6I/QWfcDus5wODUkr1Rc3clZ50a+1
eUPAQkt3UOPJwl3xtH05cyM5e1k/xuZInKn2Q+EHQgOIUwlwfBOsGnggYvlGc0O6
VqG+xKd9FAe1sMQGdnjyA1jMidrHFjpU//ro9F39kcCA/kawecqSyiDMXOdUZaI8
/+oozq/QDcunR/fsMEswWHwa1J8EOlPj2D+XHIR5JzwpAHho5XvciuV8Flg024n1
5cUQApi14ogG2uz15jLXm2O3f7bVJRQGopNQvAS+k9Dh3CpVjETqZRIdwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEYdz8ll9N4wvIKV6x8vBKSS+meWMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUmgzUHlXWDAzakM4Z3BYckh5OEVwSkw2WjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVPAwQA
owWhMA0GCSqGSIb3DQEBCwUAA4IBAQBidZ4zz7UVBt352cgEFS6T9T5/Wly3xKrS
H66E/KANjDYwfmtmEG/t9I6gjTdLL2wd6wu7JXne8b7Ow3Q/6ak/ZOc31Z+av56S
WFPDDPAlWKesD4VX5YAInncd+1FxsFflKTkNrD0oN8bxwTrHhvtB0zFFKZYpkWJo
yGflgw/U5mlLdag6YVsSjX6ZMa0iHl8T+uHDJgCJK4SCZmec8VyJh1OMFM1EQ7lR
DSVo+wqwdeJGoBfjheMItMO7w11bgEueP+D0K1PImsLBhvFgxncZHDKEFw5CTffS
be6kZPV8QVvWdUHVgOwC+WL5qyBB0LEgYUAitJ6MJvFt/w6ofgkz
-----END CERTIFICATE-----