Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/X4t5qr0tDuW2o4Ick0CX14owHTk.roa
File:                     X4t5qr0tDuW2o4Ick0CX14owHTk.roa (raw, json)
Hash identifier:          tapF7luOdHth0GyNnSgzkquVXoSo28H/GCjq8ATneBY=
Subject key identifier:   5F:8B:79:AA:BD:2D:0E:E5:B6:A3:82:1C:93:40:97:D7:8A:30:1D:39
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019704217E6B543C9E65C1A0AB11FCD5AD9A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/X4t5qr0tDuW2o4Ick0CX14owHTk.roa
Signing time:             Sat 24 May 2025 21:09:53 +0000
ROA not before:           Sat 24 May 2025 21:09:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211484
IP address blocks:        163.5.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:04:21:7e:6b:54:3c:9e:65:c1:a0:ab:11:fc:d5:ad:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 24 21:09:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f8b79aabd2d0ee5b6a3821c934097d78a301d39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9c:fc:aa:a5:a6:41:6e:ad:53:ef:de:c9:e4:
                    e9:21:be:3c:27:08:4b:94:7a:7b:c4:12:fb:75:c4:
                    da:ef:24:a5:d1:28:48:df:d2:57:29:b7:ee:c2:df:
                    6c:94:78:fa:bb:64:14:fb:ea:79:05:08:d8:af:3c:
                    7f:49:9a:d6:a3:5b:f3:f3:de:8d:29:0e:46:08:e5:
                    ee:8f:1f:7c:c8:da:49:8f:f9:df:1d:c6:18:ad:ce:
                    2d:9d:01:8e:5c:43:32:af:88:a5:4f:71:da:03:b4:
                    58:a3:6d:c3:c8:fc:ee:1d:98:a2:89:e5:17:43:7e:
                    40:c6:0e:8b:44:ac:ca:00:01:3d:e7:04:39:6a:00:
                    72:35:86:ba:5d:93:df:16:24:d5:71:a3:37:80:f1:
                    f5:de:9e:41:73:5c:48:80:de:6b:0c:d4:72:b1:15:
                    e8:a2:27:15:37:e7:29:23:37:e9:3f:5e:1c:9f:c9:
                    f4:69:c5:04:d2:a6:15:ec:6f:da:fb:ca:e6:15:1e:
                    7c:a4:4a:a6:f4:21:53:56:26:56:42:8f:ea:b4:33:
                    ac:50:b8:c0:80:d6:51:80:c8:c2:d7:55:16:33:6e:
                    3a:0b:8f:83:9e:ea:0f:cb:9a:75:23:c2:7c:df:28:
                    f9:a1:31:9a:84:02:d3:4e:8e:9b:b1:1d:9b:c4:ad:
                    c5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:8B:79:AA:BD:2D:0E:E5:B6:A3:82:1C:93:40:97:D7:8A:30:1D:39
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/X4t5qr0tDuW2o4Ick0CX14owHTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:29:25:4f:82:ec:2c:39:20:04:46:d3:13:07:ea:b7:ba:9f:
         33:5f:5f:0f:ed:7e:a9:a4:54:d3:41:b6:89:8c:b4:5f:38:ba:
         13:84:10:7e:52:b0:96:00:7b:f0:94:4c:fa:8d:df:71:56:6c:
         0a:ae:df:4a:ed:62:c7:70:37:c9:02:45:a5:48:c3:1e:97:e8:
         20:ab:42:13:25:9e:4e:c0:7a:e2:f6:05:79:d5:aa:59:43:6f:
         8b:a9:ac:fb:94:4f:4a:6e:c3:ab:b0:78:f2:5f:70:f0:fc:67:
         92:07:b7:cc:83:71:0a:9e:24:25:d3:32:99:f5:f9:28:ab:7f:
         f6:df:bd:5c:63:ff:ee:1b:76:c0:b3:58:c4:04:9b:a0:2d:b3:
         ba:63:eb:55:72:a8:1e:3f:9c:96:f7:28:ad:8f:e1:a7:64:b5:
         fb:62:48:12:cc:25:f8:f7:74:c2:e9:e1:61:b9:eb:db:96:b3:
         6d:d4:d0:d8:dd:86:60:18:27:9f:3f:2a:f7:26:95:48:cf:3c:
         72:76:27:08:b3:1b:f3:bb:90:cb:87:72:8d:1a:bf:29:97:69:
         09:d6:c8:14:a7:db:ed:53:9f:16:81:f3:14:6e:39:30:b0:60:
         67:9b:a4:ed:e3:8f:fe:e1:97:2d:96:e2:fe:b4:2f:62:77:e0:
         53:85:09:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcEIX5rVDyeZcGgqxH81a2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNTI0MjEwOTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjhiNzlhYWJkMmQwZWU1YjZhMzgyMWM5MzQwOTdkNzhhMzAxZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZz8qqWmQW6tU+/eyeTpIb48JwhL
lHp7xBL7dcTa7ySl0ShI39JXKbfuwt9slHj6u2QU++p5BQjYrzx/SZrWo1vz896N
KQ5GCOXujx98yNpJj/nfHcYYrc4tnQGOXEMyr4ilT3HaA7RYo23DyPzuHZiiieUX
Q35Axg6LRKzKAAE95wQ5agByNYa6XZPfFiTVcaM3gPH13p5Bc1xIgN5rDNRysRXo
oicVN+cpIzfpP14cn8n0acUE0qYV7G/a+8rmFR58pEqm9CFTViZWQo/qtDOsULjA
gNZRgMjC11UWM246C4+DnuoPy5p1I8J83yj5oTGahALTTo6bsR2bxK3FNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+Leaq9LQ7ltqOCHJNAl9eKMB05MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWDR0NXFyMHREdVcybzRJY2swQ1gxNG93SFRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXEMA0G
CSqGSIb3DQEBCwUAA4IBAQAjKSVPguwsOSAERtMTB+q3up8zX18P7X6ppFTTQbaJ
jLRfOLoThBB+UrCWAHvwlEz6jd9xVmwKrt9K7WLHcDfJAkWlSMMel+ggq0ITJZ5O
wHri9gV51apZQ2+Lqaz7lE9KbsOrsHjyX3Dw/GeSB7fMg3EKniQl0zKZ9fkoq3/2
371cY//uG3bAs1jEBJugLbO6Y+tVcqgeP5yW9yitj+GnZLX7YkgSzCX493TC6eFh
uevblrNt1NDY3YZgGCefPyr3JpVIzzxydicIsxvzu5DLh3KNGr8pl2kJ1sgUp9vt
U58WgfMUbjkwsGBnm6Tt44/+4ZctluL+tC9id+BThQmW
-----END CERTIFICATE-----