Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UZGH8dbki545yftNqWtr36v3chg.roa
File:                     UZGH8dbki545yftNqWtr36v3chg.roa (raw, json)
Hash identifier:          fTEkbXtWqvxEEee+k9H0SG17EItifN0W/LZi9N++gKA=
Subject key identifier:   51:91:87:F1:D6:E4:8B:9E:39:C9:FB:4D:A9:6B:6B:DF:AB:F7:72:18
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A40F31841CD5B3DA4E7D99E0D88FB
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UZGH8dbki545yftNqWtr36v3chg.roa
Signing time:             Wed 01 Jan 2025 19:49:13 +0000
ROA not before:           Wed 01 Jan 2025 19:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204372
IP address blocks:        163.5.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:40:f3:18:41:cd:5b:3d:a4:e7:d9:9e:0d:88:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=519187f1d6e48b9e39c9fb4da96b6bdfabf77218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:6e:ad:45:a0:99:d3:83:a5:89:d2:7d:9b:39:
                    d0:fd:b4:f3:44:f1:c6:41:4d:7e:c4:97:91:0b:41:
                    a2:6d:b2:81:03:0c:46:24:02:5d:00:e0:7b:95:8d:
                    49:0a:d2:13:40:65:63:8d:d5:ca:01:c0:7e:0a:7a:
                    5f:4d:04:a1:96:eb:15:52:4b:fc:52:20:83:5c:61:
                    41:98:7d:ac:a7:de:54:6a:ce:d0:fd:49:30:38:79:
                    c2:7f:7d:0b:49:48:a8:b2:d2:f1:19:64:c0:5f:dd:
                    c8:10:e0:fe:c2:a1:2a:cf:c8:59:aa:56:12:a2:bd:
                    b3:47:ca:c0:f9:52:12:af:09:02:b8:6a:38:2d:d4:
                    ef:13:42:b1:1d:21:94:ae:28:ea:48:e6:af:c5:83:
                    f8:f3:cf:94:c8:ad:b0:e2:dd:b0:73:e7:5f:a9:8f:
                    ad:ad:80:61:24:25:20:91:4f:a3:33:52:8c:f2:1a:
                    8c:04:9b:67:bd:d6:1f:75:dd:91:d1:c5:04:21:8f:
                    6d:8d:78:0a:3f:61:63:02:41:f3:d7:92:99:85:7c:
                    20:3e:fd:4b:a8:ff:0f:c9:b7:91:d5:15:bc:24:51:
                    ec:ea:f5:45:25:44:07:41:c5:e9:fa:30:83:a8:69:
                    49:e3:1a:10:d1:e0:ad:bc:d3:3f:4f:1c:e3:8c:b0:
                    84:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:91:87:F1:D6:E4:8B:9E:39:C9:FB:4D:A9:6B:6B:DF:AB:F7:72:18
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UZGH8dbki545yftNqWtr36v3chg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:87:6f:84:73:5b:34:65:66:2f:6d:0f:48:35:c8:fb:05:af:
         9d:59:69:37:77:c9:7c:5e:f7:0d:42:ba:a4:c3:e4:57:80:25:
         e6:4b:8d:2c:e2:7b:6f:33:9b:68:0a:fd:a4:9e:c9:70:95:a6:
         f9:8e:72:ab:bd:b5:67:81:a4:03:02:a6:2a:c9:34:24:ee:38:
         71:f5:0c:41:a2:a7:3b:17:53:f8:65:4f:6a:3b:84:d4:c6:cb:
         95:65:89:54:e7:2d:13:3d:c5:d5:b4:52:eb:f2:69:6c:7c:9f:
         36:88:fd:c4:b9:4f:c1:84:36:83:af:6e:34:f2:7f:51:52:73:
         6e:56:6f:1a:5f:1a:ad:ec:50:d0:e6:c4:f4:af:59:0e:f1:70:
         16:57:98:89:39:db:48:ed:db:97:14:9a:ba:8b:be:59:58:f5:
         b0:b3:21:38:38:64:82:2b:c3:c6:19:94:6d:91:27:2a:a0:0e:
         66:86:b3:9d:1b:ec:1a:88:d5:30:2d:e2:1e:0d:e2:cf:36:6d:
         c5:48:8c:c7:b3:01:32:27:d3:d2:83:a6:fa:f6:92:9a:da:49:
         1a:9d:43:77:cd:e1:6c:3d:8a:c9:92:d8:5d:61:54:29:2d:2e:
         eb:37:ae:db:06:a4:c1:3b:ba:6c:e8:b5:7c:e7:8e:66:f3:21:
         e5:b2:11:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakDzGEHNWz2k59meDYj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTkxODdmMWQ2ZTQ4YjllMzljOWZiNGRhOTZiNmJkZmFiZjc3MjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA626tRaCZ04OlidJ9mznQ/bTzRPHG
QU1+xJeRC0GibbKBAwxGJAJdAOB7lY1JCtITQGVjjdXKAcB+CnpfTQShlusVUkv8
UiCDXGFBmH2sp95Uas7Q/UkwOHnCf30LSUiostLxGWTAX93IEOD+wqEqz8hZqlYS
or2zR8rA+VISrwkCuGo4LdTvE0KxHSGUrijqSOavxYP488+UyK2w4t2wc+dfqY+t
rYBhJCUgkU+jM1KM8hqMBJtnvdYfdd2R0cUEIY9tjXgKP2FjAkHz15KZhXwgPv1L
qP8PybeR1RW8JFHs6vVFJUQHQcXp+jCDqGlJ4xoQ0eCtvNM/TxzjjLCEgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGRh/HW5IueOcn7Talra9+r93IYMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVVpHSDhkYmtpNTQ1eWZ0TnFXdHIzNnYzY2hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVjMA0G
CSqGSIb3DQEBCwUAA4IBAQAJh2+Ec1s0ZWYvbQ9INcj7Ba+dWWk3d8l8XvcNQrqk
w+RXgCXmS40s4ntvM5toCv2knslwlab5jnKrvbVngaQDAqYqyTQk7jhx9QxBoqc7
F1P4ZU9qO4TUxsuVZYlU5y0TPcXVtFLr8mlsfJ82iP3EuU/BhDaDr2408n9RUnNu
Vm8aXxqt7FDQ5sT0r1kO8XAWV5iJOdtI7duXFJq6i75ZWPWwsyE4OGSCK8PGGZRt
kScqoA5mhrOdG+waiNUwLeIeDeLPNm3FSIzHswEyJ9PSg6b69pKa2kkanUN3zeFs
PYrJkthdYVQpLS7rN67bBqTBO7ps6LV8545m8yHlshHo
-----END CERTIFICATE-----