Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/W1WmlVQjXyvqEKXW-zAeSafpYYk.roa
File:                     W1WmlVQjXyvqEKXW-zAeSafpYYk.roa (raw, json)
Hash identifier:          WKjl6db/GKJg/urE7el3kzhdu36pqp6xDR2XHVUJMoI=
Subject key identifier:   5B:55:A6:95:54:23:5F:2B:EA:10:A5:D6:FB:30:1E:49:A7:E9:61:89
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A23A934CF2C37533E83D87DD04E3C
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/W1WmlVQjXyvqEKXW-zAeSafpYYk.roa
Signing time:             Wed 01 Jan 2025 19:49:05 +0000
ROA not before:           Wed 01 Jan 2025 19:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12189
IP address blocks:        163.5.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:23:a9:34:cf:2c:37:53:3e:83:d8:7d:d0:4e:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b55a69554235f2bea10a5d6fb301e49a7e96189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:78:ea:64:44:72:20:a2:68:5f:88:d4:87:02:
                    20:68:d2:9b:5a:ff:99:f7:db:ac:0f:df:90:71:2b:
                    77:b6:43:4f:54:ec:65:f8:ad:cb:f1:52:b8:ba:84:
                    51:14:82:d4:01:aa:3f:3a:c2:56:a1:da:49:57:b1:
                    b4:35:40:60:52:f7:b3:10:01:1f:63:20:a3:20:9a:
                    a2:2a:1a:51:da:b6:28:d2:65:5e:f1:6b:87:a1:8a:
                    f3:6c:0b:d9:92:e0:6d:f5:f2:ab:26:b4:d1:a2:b5:
                    a5:d4:81:2d:c0:b2:85:fd:c2:94:c8:76:8f:d6:41:
                    05:c0:ba:6f:8a:35:31:51:67:00:8c:e3:fb:06:39:
                    bd:6d:fe:fa:a0:55:4a:c2:11:51:22:ab:f8:bd:b9:
                    96:9f:17:6c:f7:a9:c4:22:cc:23:cd:62:93:d9:bf:
                    31:14:31:6f:7d:b8:42:de:04:6f:a2:dc:1f:20:72:
                    12:e6:5f:f3:e3:4a:32:93:a4:26:0f:19:9f:d4:25:
                    44:4a:e0:27:67:ac:cc:17:5d:b4:1e:b8:f4:17:ea:
                    d1:d9:d7:2b:9a:2f:b0:ea:00:37:cf:93:26:3d:d2:
                    1a:90:25:14:cd:44:f5:fa:c0:6a:e5:e3:c5:0c:c4:
                    fc:d0:4d:7d:08:dc:94:3a:bf:ca:7e:cd:c0:f4:af:
                    fe:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:55:A6:95:54:23:5F:2B:EA:10:A5:D6:FB:30:1E:49:A7:E9:61:89
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/W1WmlVQjXyvqEKXW-zAeSafpYYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:66:26:f4:63:c7:c1:dd:da:10:0d:cd:0f:e9:82:87:67:28:
         b6:99:b5:fe:f3:84:f0:d7:25:af:3a:48:ae:e3:e5:fb:40:72:
         f8:7d:06:5d:b4:a4:f7:e4:e6:ce:cd:fc:53:5b:1e:6b:a9:c6:
         00:f1:2a:b9:8e:3e:35:cc:41:42:fa:a5:1e:7f:9d:1e:87:92:
         ec:9b:6c:ad:a0:f0:49:a2:0d:af:21:5c:1d:57:f2:1c:dd:f7:
         4a:3a:e4:0e:d0:f8:f1:ed:42:ad:22:c2:a5:d1:bb:df:c1:6a:
         1c:9a:05:07:80:6f:70:f4:07:d4:ef:f6:bf:cc:71:42:b1:f9:
         d5:58:23:c6:f0:f1:e1:67:29:3b:3f:0e:b1:58:56:3c:31:d0:
         e8:b9:fd:a8:fe:fd:6f:d7:9c:66:2e:40:a0:57:3a:8d:6d:f3:
         d7:46:82:8e:22:e0:90:6d:7d:a7:33:e1:a1:71:a0:7f:3c:a8:
         54:a5:99:8b:20:99:1b:13:b1:be:30:5d:d6:be:68:e7:18:6f:
         2b:22:18:f3:c0:75:96:a1:81:dc:07:93:0b:57:29:1b:e9:91:
         f4:fb:d8:a0:04:0b:70:4d:97:79:46:fa:fb:61:c4:e3:1e:d5:
         46:71:59:c2:dd:15:43:9b:50:ce:a3:e9:02:63:72:36:30:80:
         08:f4:98:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiOpNM8sN1M+g9h90E48MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjU1YTY5NTU0MjM1ZjJiZWExMGE1ZDZmYjMwMWU0OWE3ZTk2MTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33jqZERyIKJoX4jUhwIgaNKbWv+Z
99usD9+QcSt3tkNPVOxl+K3L8VK4uoRRFILUAao/OsJWodpJV7G0NUBgUvezEAEf
YyCjIJqiKhpR2rYo0mVe8WuHoYrzbAvZkuBt9fKrJrTRorWl1IEtwLKF/cKUyHaP
1kEFwLpvijUxUWcAjOP7Bjm9bf76oFVKwhFRIqv4vbmWnxds96nEIswjzWKT2b8x
FDFvfbhC3gRvotwfIHIS5l/z40oyk6QmDxmf1CVESuAnZ6zMF120Hrj0F+rR2dcr
mi+w6gA3z5MmPdIakCUUzUT1+sBq5ePFDMT80E19CNyUOr/Kfs3A9K/+gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtVppVUI18r6hCl1vswHkmn6WGJMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVzFXbWxWUWpYeXZxRUtYVy16QWVTYWZwWVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXCMA0G
CSqGSIb3DQEBCwUAA4IBAQBmZib0Y8fB3doQDc0P6YKHZyi2mbX+84Tw1yWvOkiu
4+X7QHL4fQZdtKT35ObOzfxTWx5rqcYA8Sq5jj41zEFC+qUef50eh5Lsm2ytoPBJ
og2vIVwdV/Ic3fdKOuQO0Pjx7UKtIsKl0bvfwWocmgUHgG9w9AfU7/a/zHFCsfnV
WCPG8PHhZyk7Pw6xWFY8MdDouf2o/v1v15xmLkCgVzqNbfPXRoKOIuCQbX2nM+Gh
caB/PKhUpZmLIJkbE7G+MF3WvmjnGG8rIhjzwHWWoYHcB5MLVykb6ZH0+9igBAtw
TZd5Rvr7YcTjHtVGcVnC3RVDm1DOo+kCY3I2MIAI9Jh1
-----END CERTIFICATE-----