Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/SZarf1dBB-nPTfK9DkUlQwF4qrc.roa
File:                     SZarf1dBB-nPTfK9DkUlQwF4qrc.roa (raw, json)
Hash identifier:          fK7YTMAoUHOB5GE+p7nemKb6KUR8Y9udS1CKVvOYuhk=
Subject key identifier:   49:96:AB:7F:57:41:07:E9:CF:4D:F2:BD:0E:45:25:43:01:78:AA:B7
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4256E542532BBE31E4C957FCE3625ED
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/SZarf1dBB-nPTfK9DkUlQwF4qrc.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        163.5.105.0/24 maxlen: 24
                          163.5.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6e:54:25:32:bb:e3:1e:4c:95:7f:ce:36:25:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4996ab7f574107e9cf4df2bd0e4525430178aab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7a:37:6a:67:a9:fd:df:36:ce:83:b3:f6:26:
                    04:cb:7a:79:04:b7:1a:3b:71:e3:18:86:79:b6:fe:
                    4f:bc:2d:69:3b:91:9e:9c:36:64:42:ac:c5:63:07:
                    47:b0:cd:5c:c5:fe:5d:64:2b:1d:69:8c:d2:43:89:
                    19:ec:90:3f:6c:7c:92:6c:a9:13:53:23:8b:12:bd:
                    b4:e9:6e:80:dd:a2:e6:29:be:eb:17:c6:3a:81:84:
                    4b:d4:5a:4a:6b:ca:9b:de:57:ba:26:10:e2:71:7f:
                    a1:ec:4a:ce:1a:7f:b4:e0:8a:55:5f:28:66:22:5d:
                    82:ba:51:2c:da:6d:23:20:2d:a6:5d:03:b2:03:df:
                    cd:65:ab:2f:cf:83:1c:a8:13:1c:17:f8:fd:48:ca:
                    1a:f2:18:25:43:84:5a:b2:ce:a2:f0:30:cd:cb:bb:
                    ca:fb:fd:1d:41:bd:2d:d7:f8:1d:ec:2d:9a:eb:b6:
                    19:aa:5b:32:10:cc:65:0f:3c:c4:98:38:64:5b:ef:
                    81:7a:e5:71:39:4f:83:28:45:c9:7c:05:3d:2c:5e:
                    fc:87:c2:0a:e5:c6:d3:10:6e:0a:b4:6d:3e:2e:2e:
                    6f:2c:79:84:2e:82:77:3c:47:29:ba:03:40:27:ed:
                    f7:ea:cf:06:e1:61:1b:62:60:05:6f:bc:f6:2d:95:
                    3f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:96:AB:7F:57:41:07:E9:CF:4D:F2:BD:0E:45:25:43:01:78:AA:B7
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/SZarf1dBB-nPTfK9DkUlQwF4qrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.105.0/24
                  163.5.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:b1:4f:90:f4:a7:f9:26:ec:c6:5f:88:cf:ef:43:d8:69:7f:
         d4:69:73:a8:99:b3:29:70:40:a6:53:e9:00:4f:e0:0f:dd:6a:
         c2:39:47:6d:2e:18:04:c7:5a:24:6c:8a:1f:2d:3c:c9:8d:a4:
         a6:3c:d5:6f:e5:07:7a:d6:21:6f:c1:fa:6a:9f:c9:08:e1:77:
         1f:5b:bf:9e:bf:90:1d:c8:3a:a8:ae:85:03:ae:0b:2e:bc:72:
         72:ef:ea:6e:9f:71:0f:22:86:86:31:a2:4f:7e:58:a8:d6:f6:
         dd:76:4f:0b:ec:2f:cf:f6:aa:66:f3:0d:58:70:08:18:45:3e:
         a1:43:fb:0e:83:42:d1:ee:20:58:88:61:92:e7:f7:08:0b:1c:
         02:83:4a:73:28:3f:ae:77:a8:cc:44:07:16:c2:19:f2:2e:89:
         1c:90:a5:17:95:ac:23:86:97:41:70:40:16:c1:be:3b:1d:3b:
         ce:f4:d4:0c:38:fa:95:5d:fe:3f:ef:27:25:af:b2:cd:37:83:
         19:9f:38:0d:ef:17:19:42:fe:72:01:80:b3:91:04:88:11:ce:
         df:55:91:1f:4f:e5:82:05:31:d8:f0:c1:3b:99:ca:2d:1f:3f:
         e2:e3:99:95:e4:1c:27:b8:8f:3b:aa:7c:78:65:ec:0d:4f:7a:
         de:ce:d9:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJW5UJTK74x5MlX/ONiXtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTk2YWI3ZjU3NDEwN2U5Y2Y0ZGYyYmQwZTQ1MjU0MzAxNzhhYWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXo3amep/d82zoOz9iYEy3p5BLca
O3HjGIZ5tv5PvC1pO5GenDZkQqzFYwdHsM1cxf5dZCsdaYzSQ4kZ7JA/bHySbKkT
UyOLEr206W6A3aLmKb7rF8Y6gYRL1FpKa8qb3le6JhDicX+h7ErOGn+04IpVXyhm
Il2CulEs2m0jIC2mXQOyA9/NZasvz4McqBMcF/j9SMoa8hglQ4Rass6i8DDNy7vK
+/0dQb0t1/gd7C2a67YZqlsyEMxlDzzEmDhkW++BeuVxOU+DKEXJfAU9LF78h8IK
5cbTEG4KtG0+Li5vLHmELoJ3PEcpugNAJ+336s8G4WEbYmAFb7z2LZU/dQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEmWq39XQQfpz03yvQ5FJUMBeKq3MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvU1phcmYxZEJCLW5QVGZLOURrVWxRd0Y0cXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVpAwQA
owXrMA0GCSqGSIb3DQEBCwUAA4IBAQAMsU+Q9Kf5JuzGX4jP70PYaX/UaXOombMp
cECmU+kAT+AP3WrCOUdtLhgEx1okbIofLTzJjaSmPNVv5Qd61iFvwfpqn8kI4Xcf
W7+ev5AdyDqoroUDrgsuvHJy7+pun3EPIoaGMaJPflio1vbddk8L7C/P9qpm8w1Y
cAgYRT6hQ/sOg0LR7iBYiGGS5/cICxwCg0pzKD+ud6jMRAcWwhnyLokckKUXlawj
hpdBcEAWwb47HTvO9NQMOPqVXf4/7yclr7LNN4MZnzgN7xcZQv5yAYCzkQSIEc7f
VZEfT+WCBTHY8ME7mcotHz/i45mV5BwnuI87qnx4ZewNT3reztl9
-----END CERTIFICATE-----