Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TNwnA0P8DLbj-9TJk5aSPJt-Tao.roa
File:                     TNwnA0P8DLbj-9TJk5aSPJt-Tao.roa (raw, json)
Hash identifier:          /txeXOX/xvnWb8ffzqAUIqUXIQn8kcmVd6lhrBMgYEI=
Subject key identifier:   4C:DC:27:03:43:FC:0C:B6:E3:FB:D4:C9:93:96:92:3C:9B:7E:4D:AA
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC42557A1FCC04C58A80F5788D005B643
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TNwnA0P8DLbj-9TJk5aSPJt-Tao.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55720
IP address blocks:        163.5.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:57:a1:fc:c0:4c:58:a8:0f:57:88:d0:05:b6:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cdc270343fc0cb6e3fbd4c99396923c9b7e4daa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f9:17:22:78:25:67:54:c4:53:15:78:91:64:
                    bb:45:7c:20:16:64:f5:e0:b5:cd:94:28:bc:9d:fe:
                    67:f2:43:73:1d:b8:ca:90:54:ba:49:33:79:48:8c:
                    e7:ef:4d:58:6f:56:34:24:4c:f3:62:d5:0d:d7:22:
                    c7:ef:b7:9c:6e:8e:32:ff:59:d9:ec:d6:97:54:45:
                    6c:17:85:00:ea:d7:7d:8d:7e:a3:cf:30:15:5e:4b:
                    49:13:a9:c3:3e:e8:f0:56:87:2d:98:8c:f4:15:2b:
                    72:cd:88:4b:57:62:58:e3:4a:40:12:97:e3:01:67:
                    fb:a0:60:e2:00:d2:7f:f1:0b:69:6a:f3:54:32:5d:
                    5f:8e:ee:cd:b8:73:3a:72:95:7f:cc:1f:24:ee:70:
                    cb:55:93:31:b2:4a:84:b4:b3:93:ce:60:db:cb:00:
                    6e:4b:77:86:7d:6e:02:df:ed:88:8b:83:38:64:52:
                    b5:a4:7b:b5:f9:94:de:fc:ea:e7:5f:2c:a5:e0:ea:
                    23:47:ef:45:f3:5d:5b:93:d2:03:64:7c:fa:6f:57:
                    6a:40:ae:f3:6f:d2:8a:f9:a2:f8:e0:ce:28:0f:15:
                    2a:5e:99:6b:60:fb:87:8f:aa:39:46:27:7d:0e:05:
                    43:19:9d:e3:e8:6b:fb:1f:c7:76:3a:22:1a:56:6b:
                    d1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:DC:27:03:43:FC:0C:B6:E3:FB:D4:C9:93:96:92:3C:9B:7E:4D:AA
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TNwnA0P8DLbj-9TJk5aSPJt-Tao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:93:7b:1b:2b:e4:63:1b:03:81:0a:a3:13:e8:01:8c:81:79:
         b4:63:c4:1b:a5:7b:73:41:0f:9b:3a:a7:08:11:a8:0b:53:2e:
         7f:fe:60:71:a6:16:9b:c5:cf:7a:11:45:56:ee:0c:47:95:4b:
         f6:b0:3e:d5:97:00:db:1b:6f:34:c8:69:95:de:27:5c:2d:34:
         83:81:4b:12:6a:f5:a0:5d:28:ea:fb:b0:b0:87:9c:8c:3a:01:
         ad:9c:2d:d2:be:f2:00:b9:5d:44:8e:2e:bb:d6:7e:2c:a6:ff:
         07:b7:36:18:e2:c4:e5:c2:b3:6d:22:76:07:8c:5d:cc:59:a4:
         90:37:24:6e:1c:28:75:d0:ad:5c:e4:cf:3f:63:1c:17:fa:8f:
         fb:90:07:66:b5:dc:97:4b:2a:55:a9:0b:13:7b:35:c0:a0:31:
         34:0e:ec:25:38:9f:d4:06:75:bb:dc:15:f0:c4:c9:e1:8e:9c:
         71:e5:86:95:51:ab:ed:dd:1f:ca:d6:f5:8f:a4:31:1a:6c:17:
         9f:4a:f4:46:84:76:cc:05:6f:4a:97:58:f4:05:61:87:32:2e:
         ba:a3:ac:58:90:d7:70:27:1b:da:eb:94:a8:78:91:b2:32:eb:
         e4:a4:18:0e:1c:b3:2f:9e:cd:67:aa:6a:82:8a:0f:45:7c:df:
         f4:14:b8:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVeh/MBMWKgPV4jQBbZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2RjMjcwMzQzZmMwY2I2ZTNmYmQ0Yzk5Mzk2OTIzYzliN2U0ZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfkXInglZ1TEUxV4kWS7RXwgFmT1
4LXNlCi8nf5n8kNzHbjKkFS6STN5SIzn701Yb1Y0JEzzYtUN1yLH77ecbo4y/1nZ
7NaXVEVsF4UA6td9jX6jzzAVXktJE6nDPujwVoctmIz0FStyzYhLV2JY40pAEpfj
AWf7oGDiANJ/8QtpavNUMl1fju7NuHM6cpV/zB8k7nDLVZMxskqEtLOTzmDbywBu
S3eGfW4C3+2Ii4M4ZFK1pHu1+ZTe/OrnXyyl4OojR+9F811bk9IDZHz6b1dqQK7z
b9KK+aL44M4oDxUqXplrYPuHj6o5Rid9DgVDGZ3j6Gv7H8d2OiIaVmvRhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzcJwND/Ay24/vUyZOWkjybfk2qMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVE53bkEwUDhETGJqLTlUSms1YVNQSnQtVGFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWLMA0G
CSqGSIb3DQEBCwUAA4IBAQBMk3sbK+RjGwOBCqMT6AGMgXm0Y8QbpXtzQQ+bOqcI
EagLUy5//mBxphabxc96EUVW7gxHlUv2sD7VlwDbG280yGmV3idcLTSDgUsSavWg
XSjq+7Cwh5yMOgGtnC3SvvIAuV1Eji671n4spv8HtzYY4sTlwrNtInYHjF3MWaSQ
NyRuHCh10K1c5M8/YxwX+o/7kAdmtdyXSypVqQsTezXAoDE0DuwlOJ/UBnW73BXw
xMnhjpxx5YaVUavt3R/K1vWPpDEabBefSvRGhHbMBW9Kl1j0BWGHMi66o6xYkNdw
Jxva65SoeJGyMuvkpBgOHLMvns1nqmqCig9FfN/0FLhv
-----END CERTIFICATE-----