Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/WgQ7j3MDWkFfve82wo1BRvUXTnk.roa
File:                     WgQ7j3MDWkFfve82wo1BRvUXTnk.roa (raw, json)
Hash identifier:          GzXO/2FlenrkLTgsuzLjX1R6f/zJkKA7fMvZUF9ywFw=
Subject key identifier:   5A:04:3B:8F:73:03:5A:41:5F:BD:EF:36:C2:8D:41:46:F5:17:4E:79
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4256EF6346677CE1F1AD3F3E52ECC13
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/WgQ7j3MDWkFfve82wo1BRvUXTnk.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400897
IP address blocks:        163.5.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6e:f6:34:66:77:ce:1f:1a:d3:f3:e5:2e:cc:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a043b8f73035a415fbdef36c28d4146f5174e79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:bc:1a:d0:5e:3b:c3:de:ee:70:36:46:9d:5b:
                    d8:43:00:38:57:f9:bb:3b:db:68:9f:ce:24:5f:12:
                    3c:9b:25:e3:36:1a:57:3c:2f:77:be:14:75:e3:9e:
                    d3:1a:b5:f9:b7:1c:2f:f5:ec:28:fd:65:fd:c4:d7:
                    ec:b3:25:8c:16:72:49:97:31:25:6a:f4:ff:d6:64:
                    08:a9:3a:79:75:84:6e:77:ae:4d:37:57:54:22:10:
                    c5:39:9f:ce:54:f1:82:c0:5b:95:c4:f5:6d:49:01:
                    c1:75:80:96:9f:9a:e7:b3:cd:90:8d:e1:61:1d:28:
                    79:14:8a:c4:5b:8a:08:b5:70:e1:cd:a3:b5:af:a6:
                    f0:e9:be:3e:69:b4:36:6a:8f:85:33:99:73:dc:92:
                    06:03:53:1d:e0:85:24:b0:92:01:75:92:39:6f:08:
                    5c:ba:4d:2b:98:97:7c:47:be:39:f4:ef:80:f0:7e:
                    44:e9:ba:5b:e2:9e:d6:a3:1a:62:ca:68:57:44:20:
                    ad:c6:ed:d9:df:4d:b4:3a:c2:cd:77:b0:63:99:96:
                    90:ba:11:b0:22:a1:1a:91:ff:cd:86:39:fd:ce:ce:
                    50:9a:4c:fb:a1:6b:d9:b2:fc:8f:b7:61:6f:76:d3:
                    9b:6a:42:4c:00:5f:6c:ad:84:c1:ef:d5:78:b0:6f:
                    ab:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:04:3B:8F:73:03:5A:41:5F:BD:EF:36:C2:8D:41:46:F5:17:4E:79
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/WgQ7j3MDWkFfve82wo1BRvUXTnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:db:59:fb:90:73:27:39:57:d3:69:19:aa:98:af:c8:0c:33:
         17:6c:d9:57:b0:05:f2:eb:78:be:43:c6:cf:01:a3:eb:01:9d:
         c2:0a:1a:2b:40:3c:42:ed:97:92:e2:2d:80:b5:a3:30:9a:bb:
         f7:a3:64:c7:04:91:23:8a:a2:30:f1:0d:9e:a6:f4:d8:a2:8a:
         9f:a1:a4:66:79:09:85:94:04:b1:b9:4a:1c:b2:40:c3:0d:63:
         6d:93:d1:46:62:24:27:86:e3:f3:31:d4:86:f0:04:22:0d:2c:
         79:5b:29:5d:f0:c4:2d:95:be:47:c1:de:4c:69:0e:5f:04:59:
         44:80:6d:f0:3f:1b:24:c2:6f:5a:d9:2a:26:38:8c:ef:fc:b8:
         30:8e:0b:da:20:0a:f8:06:a1:97:ac:ba:1d:69:8b:77:9a:3f:
         9b:35:57:88:89:36:93:06:cb:8c:c1:67:ef:55:b5:c8:2d:95:
         41:b8:26:2a:23:e9:4d:b7:b2:95:57:36:5e:bb:e7:72:63:3e:
         94:2b:26:68:c3:5c:a1:19:3c:99:94:4e:46:43:c7:94:fc:f4:
         5b:0e:13:2b:76:96:5b:4b:e1:4a:70:ca:d2:d1:a5:35:1a:fe:
         ee:33:1c:9b:27:ed:6a:84:d7:1e:73:4e:ef:8a:b9:fc:c6:42:
         f5:d0:96:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJW72NGZ3zh8a0/PlLswTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTA0M2I4ZjczMDM1YTQxNWZiZGVmMzZjMjhkNDE0NmY1MTc0ZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrwa0F47w97ucDZGnVvYQwA4V/m7
O9ton84kXxI8myXjNhpXPC93vhR1457TGrX5txwv9ewo/WX9xNfssyWMFnJJlzEl
avT/1mQIqTp5dYRud65NN1dUIhDFOZ/OVPGCwFuVxPVtSQHBdYCWn5rns82QjeFh
HSh5FIrEW4oItXDhzaO1r6bw6b4+abQ2ao+FM5lz3JIGA1Md4IUksJIBdZI5bwhc
uk0rmJd8R7459O+A8H5E6bpb4p7WoxpiymhXRCCtxu3Z3020OsLNd7BjmZaQuhGw
IqEakf/Nhjn9zs5Qmkz7oWvZsvyPt2FvdtObakJMAF9srYTB79V4sG+rnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoEO49zA1pBX73vNsKNQUb1F055MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvV2dRN2ozTURXa0ZmdmU4MndvMUJSdlVYVG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowX+MA0G
CSqGSIb3DQEBCwUAA4IBAQBy21n7kHMnOVfTaRmqmK/IDDMXbNlXsAXy63i+Q8bP
AaPrAZ3CChorQDxC7ZeS4i2AtaMwmrv3o2THBJEjiqIw8Q2epvTYooqfoaRmeQmF
lASxuUocskDDDWNtk9FGYiQnhuPzMdSG8AQiDSx5Wyld8MQtlb5Hwd5MaQ5fBFlE
gG3wPxskwm9a2SomOIzv/LgwjgvaIAr4BqGXrLodaYt3mj+bNVeIiTaTBsuMwWfv
VbXILZVBuCYqI+lNt7KVVzZeu+dyYz6UKyZow1yhGTyZlE5GQ8eU/PRbDhMrdpZb
S+FKcMrS0aU1Gv7uMxybJ+1qhNcec07virn8xkL10JZP
-----END CERTIFICATE-----