Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UbZLGExZuFNPSRmaU6TH72PNbsw.roa
File:                     UbZLGExZuFNPSRmaU6TH72PNbsw.roa (raw, json)
Hash identifier:          F5K5zw2ZTgx2pBfIJa2hgmgryvp0KdqARR93Yho+330=
Subject key identifier:   51:B6:4B:18:4C:59:B8:53:4F:49:19:9A:53:A4:C7:EF:63:CD:6E:CC
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0195B97E31AE294242E37473A1ACE595A4E9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UbZLGExZuFNPSRmaU6TH72PNbsw.roa
Signing time:             Fri 21 Mar 2025 16:16:50 +0000
ROA not before:           Fri 21 Mar 2025 16:16:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31221
IP address blocks:        163.5.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b9:7e:31:ae:29:42:42:e3:74:73:a1:ac:e5:95:a4:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 21 16:16:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51b64b184c59b8534f49199a53a4c7ef63cd6ecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:88:59:11:76:50:55:18:29:c1:56:6d:3a:44:
                    2b:f5:80:3c:ae:f3:f3:39:62:1d:fd:6f:3c:f4:74:
                    55:07:0b:bf:49:af:19:5e:ea:5b:cb:cf:3a:f3:b3:
                    1f:c5:b0:eb:9e:94:85:bd:09:f8:8c:6b:da:ed:5c:
                    a0:91:39:2c:25:b7:f3:38:74:0a:85:c1:fa:bf:19:
                    9c:e7:9b:61:a4:d8:8a:87:10:14:98:30:9f:fe:ec:
                    a9:51:32:b9:3d:52:29:2c:dc:03:0d:30:e9:cf:cf:
                    31:c3:a9:67:3a:20:1b:49:79:05:bc:14:5f:00:e8:
                    d6:c0:bf:ad:bc:a6:d3:fd:30:fb:2a:37:76:2c:fb:
                    fd:16:b0:87:b0:fb:75:35:25:2d:5b:fd:18:f7:a6:
                    b6:09:e0:8f:37:d6:75:d2:c3:4d:70:e8:ab:db:d8:
                    52:bc:b1:81:6b:fe:f5:76:2d:5b:fb:d1:23:c9:9a:
                    a8:bb:b0:e2:04:43:4a:59:c4:fc:20:15:df:f8:bb:
                    98:b3:66:b9:e5:1d:ab:f5:61:25:07:b1:1a:b1:bc:
                    3d:2e:3e:82:17:2b:f9:a3:0a:07:6d:65:e2:de:be:
                    0f:43:e5:0c:31:7b:d5:f2:8e:ba:ca:1c:a8:01:59:
                    b2:22:4a:2f:98:b5:f1:d2:82:ab:86:56:20:92:00:
                    e6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B6:4B:18:4C:59:B8:53:4F:49:19:9A:53:A4:C7:EF:63:CD:6E:CC
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UbZLGExZuFNPSRmaU6TH72PNbsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:43:80:45:c9:b1:81:22:96:77:0c:67:25:c1:d8:1b:9f:96:
         7e:1d:83:2d:d3:cc:6c:d5:63:56:4d:f7:09:80:f4:60:07:8f:
         ea:47:98:57:ff:0d:41:7e:0b:85:55:98:38:f6:ee:19:6a:36:
         80:63:be:ee:62:ae:70:bd:01:8a:3c:62:2a:4c:5c:43:ea:8d:
         81:c3:df:b1:a1:97:54:24:ce:57:ba:39:65:9e:52:c6:34:ae:
         b8:31:2d:4b:18:a4:60:e4:9c:35:64:10:61:6c:1c:4f:de:cd:
         2a:a2:e6:11:09:11:ac:60:ef:cc:3a:08:95:50:ed:93:bf:b1:
         5e:29:33:b2:68:f2:47:03:9d:c3:6f:6d:ad:69:e7:d5:7d:8b:
         92:dd:2b:15:34:4b:14:22:08:da:d2:57:9c:42:58:8a:f6:e7:
         f2:bc:77:31:0e:42:d9:76:20:01:46:07:49:c7:ab:19:53:cc:
         26:b4:72:6d:9b:79:81:d2:c0:4f:a0:7d:d4:6c:b9:41:97:3d:
         48:c0:5d:30:bb:99:97:db:7d:3a:c9:47:f1:52:37:f6:35:d0:
         70:de:e6:1e:68:23:e3:ee:43:bc:e4:ca:5e:c5:67:6d:c4:1a:
         b2:06:00:68:31:81:da:92:00:8d:a7:aa:e8:a9:9d:89:64:0a:
         b3:dc:04:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW5fjGuKUJC43RzoazllaTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMzIxMTYxNjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWI2NGIxODRjNTliODUzNGY0OTE5OWE1M2E0YzdlZjYzY2Q2ZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YhZEXZQVRgpwVZtOkQr9YA8rvPz
OWId/W889HRVBwu/Sa8ZXupby88687MfxbDrnpSFvQn4jGva7VygkTksJbfzOHQK
hcH6vxmc55thpNiKhxAUmDCf/uypUTK5PVIpLNwDDTDpz88xw6lnOiAbSXkFvBRf
AOjWwL+tvKbT/TD7Kjd2LPv9FrCHsPt1NSUtW/0Y96a2CeCPN9Z10sNNcOir29hS
vLGBa/71di1b+9EjyZqou7DiBENKWcT8IBXf+LuYs2a55R2r9WElB7Easbw9Lj6C
Fyv5owoHbWXi3r4PQ+UMMXvV8o66yhyoAVmyIkovmLXx0oKrhlYgkgDmIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFG2SxhMWbhTT0kZmlOkx+9jzW7MMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVWJaTEdFeFp1Rk5QU1JtYVU2VEg3MlBOYnN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUWMA0G
CSqGSIb3DQEBCwUAA4IBAQCLQ4BFybGBIpZ3DGclwdgbn5Z+HYMt08xs1WNWTfcJ
gPRgB4/qR5hX/w1BfguFVZg49u4ZajaAY77uYq5wvQGKPGIqTFxD6o2Bw9+xoZdU
JM5XujllnlLGNK64MS1LGKRg5Jw1ZBBhbBxP3s0qouYRCRGsYO/MOgiVUO2Tv7Fe
KTOyaPJHA53Db22taefVfYuS3SsVNEsUIgja0lecQliK9ufyvHcxDkLZdiABRgdJ
x6sZU8wmtHJtm3mB0sBPoH3UbLlBlz1IwF0wu5mX2306yUfxUjf2NdBw3uYeaCPj
7kO85MpexWdtxBqyBgBoMYHakgCNp6roqZ2JZAqz3ARt
-----END CERTIFICATE-----