Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/RjLKghi-QvArGjltTRIflu_6wGo.roa
File:                     RjLKghi-QvArGjltTRIflu_6wGo.roa (raw, json)
Hash identifier:          fnUeMV8JmZ511tiJWJv+15UJI8qUDYbR4PETHZWUzSk=
Subject key identifier:   46:32:CA:82:18:BE:42:F0:2B:1A:39:6D:4D:12:1F:96:EF:FA:C0:6A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4254DC88C8E54A103525ECEA50FBF1F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/RjLKghi-QvArGjltTRIflu_6wGo.roa
Signing time:             Mon 01 Jan 2024 08:30:28 +0000
ROA not before:           Mon 01 Jan 2024 08:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     996
IP address blocks:        163.5.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4d:c8:8c:8e:54:a1:03:52:5e:ce:a5:0f:bf:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4632ca8218be42f02b1a396d4d121f96effac06a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:66:5e:6b:90:83:3c:b1:a5:43:ec:5a:2a:5d:
                    9e:b1:8f:71:28:96:a1:71:f3:6b:2f:f4:b8:59:8e:
                    76:fc:ba:e9:25:c1:72:3e:2a:bd:54:3a:49:89:0c:
                    24:de:ef:ce:82:16:1a:f2:ce:a2:7b:10:82:e2:5b:
                    fb:d0:6c:92:2f:41:43:01:fe:0d:14:26:63:b7:66:
                    b3:6b:c3:bb:22:4d:0d:01:2f:af:86:70:51:fe:36:
                    c0:e4:b1:92:cd:55:53:c9:17:9d:c9:43:90:dd:3e:
                    c2:8f:92:bc:ac:a0:f5:0f:68:21:bd:99:0b:7e:bf:
                    6f:31:42:14:70:87:d4:eb:e6:3a:cf:46:14:ef:ae:
                    8a:8f:a0:33:0b:5f:6b:e3:52:f1:d7:d4:b3:55:1f:
                    9d:78:3e:ca:71:2e:a2:0d:71:b0:a1:f7:34:99:6c:
                    9a:d1:5c:d8:45:89:bc:76:b9:54:26:10:9c:3c:b6:
                    04:c5:8e:6b:d6:be:d3:77:3d:ea:cb:b5:61:a4:65:
                    e5:81:31:26:3e:f8:40:1f:73:90:16:38:a7:77:96:
                    dc:a3:f0:33:35:cf:25:c1:c1:46:76:5e:23:53:84:
                    ab:21:53:2f:bb:d8:e9:83:8f:8e:d7:59:31:84:36:
                    0e:2e:d3:c7:17:3d:76:bd:f5:21:5d:8f:55:75:e1:
                    7a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:32:CA:82:18:BE:42:F0:2B:1A:39:6D:4D:12:1F:96:EF:FA:C0:6A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/RjLKghi-QvArGjltTRIflu_6wGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:68:0e:16:0b:6a:d4:46:3b:37:a1:5c:bb:dc:04:6e:1f:12:
         88:94:18:3f:76:29:6f:af:a2:75:d6:5d:04:f7:e2:78:0f:e7:
         2e:e0:f2:fb:77:2d:67:ac:2d:a4:ff:50:91:81:c8:20:e2:94:
         58:04:0d:d3:7e:ff:58:fa:b5:c5:77:90:22:44:1b:38:56:fc:
         4b:da:68:52:97:32:18:ef:b2:ed:85:57:16:b2:ce:03:a6:7e:
         b8:98:37:2b:69:f5:5d:e2:0b:d3:42:4e:a4:c1:18:36:30:c8:
         03:08:22:43:62:ee:ce:fb:a9:59:37:2f:6c:1a:48:4f:2b:96:
         db:a1:97:38:41:86:88:fa:48:9c:b4:05:cc:ed:05:87:82:59:
         6f:f6:bb:f1:f6:21:90:38:7f:13:57:6c:24:c6:bd:ea:43:0f:
         5e:88:84:10:6d:33:13:41:69:a8:76:df:cd:df:24:ae:eb:e3:
         18:63:f0:60:36:92:ca:f5:b8:3f:63:c6:ef:20:91:ef:59:29:
         7a:df:da:92:d9:aa:76:98:4c:e7:22:4a:87:cc:40:72:de:49:
         24:30:11:f2:73:bd:3d:40:36:21:44:35:08:a3:4b:30:6b:b9:
         d5:de:70:77:80:7e:95:35:a2:4a:92:44:9b:c8:46:21:36:11:
         80:28:2b:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJU3IjI5UoQNSXs6lD78fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjMyY2E4MjE4YmU0MmYwMmIxYTM5NmQ0ZDEyMWY5NmVmZmFjMDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWZea5CDPLGlQ+xaKl2esY9xKJah
cfNrL/S4WY52/LrpJcFyPiq9VDpJiQwk3u/OghYa8s6iexCC4lv70GySL0FDAf4N
FCZjt2aza8O7Ik0NAS+vhnBR/jbA5LGSzVVTyRedyUOQ3T7Cj5K8rKD1D2ghvZkL
fr9vMUIUcIfU6+Y6z0YU766Kj6AzC19r41Lx19SzVR+deD7KcS6iDXGwofc0mWya
0VzYRYm8drlUJhCcPLYExY5r1r7Tdz3qy7VhpGXlgTEmPvhAH3OQFjind5bco/Az
Nc8lwcFGdl4jU4SrIVMvu9jpg4+O11kxhDYOLtPHFz12vfUhXY9VdeF6qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYyyoIYvkLwKxo5bU0SH5bv+sBqMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUmpMS2doaS1RdkFyR2psdFRSSWZsdV82d0dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWlMA0G
CSqGSIb3DQEBCwUAA4IBAQAIaA4WC2rURjs3oVy73ARuHxKIlBg/dilvr6J11l0E
9+J4D+cu4PL7dy1nrC2k/1CRgcgg4pRYBA3Tfv9Y+rXFd5AiRBs4VvxL2mhSlzIY
77LthVcWss4Dpn64mDcrafVd4gvTQk6kwRg2MMgDCCJDYu7O+6lZNy9sGkhPK5bb
oZc4QYaI+kictAXM7QWHgllv9rvx9iGQOH8TV2wkxr3qQw9eiIQQbTMTQWmodt/N
3ySu6+MYY/BgNpLK9bg/Y8bvIJHvWSl639qS2ap2mEznIkqHzEBy3kkkMBHyc709
QDYhRDUIo0swa7nV3nB3gH6VNaJKkkSbyEYhNhGAKCuW
-----END CERTIFICATE-----