Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/XlpYS2GqO1svQeTKSQDsMPVEDQM.roa
File:                     XlpYS2GqO1svQeTKSQDsMPVEDQM.roa (raw, json)
Hash identifier:          5fT6yRaL9zdASjOETnsmbodPADxmgTLO0D1m+QGUmyI=
Subject key identifier:   5E:5A:58:4B:61:AA:3B:5B:2F:41:E4:CA:49:00:EC:30:F5:44:0D:03
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0197371BCF0120104246A6B7C50A2120FA70
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/XlpYS2GqO1svQeTKSQDsMPVEDQM.roa
Signing time:             Tue 03 Jun 2025 18:44:18 +0000
ROA not before:           Tue 03 Jun 2025 18:44:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14445
IP address blocks:        163.5.29.0/24 maxlen: 24
                          163.5.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:1b:cf:01:20:10:42:46:a6:b7:c5:0a:21:20:fa:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun  3 18:44:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e5a584b61aa3b5b2f41e4ca4900ec30f5440d03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f2:c8:42:29:14:54:d3:ad:b3:2e:4f:ef:eb:
                    ec:49:bb:b7:7e:4c:ef:67:6d:45:28:62:d8:9b:fa:
                    d0:49:1d:3a:22:f2:4f:c6:3b:8c:ca:07:40:b8:95:
                    d8:b4:f3:4a:bc:4d:20:bb:ad:df:f1:d6:86:aa:dd:
                    3c:de:ab:3e:b6:1f:05:83:f9:dd:ef:da:f0:8c:18:
                    2d:28:05:c4:01:5b:78:e5:c5:df:fb:0a:6a:12:e5:
                    0e:11:4b:eb:5d:1d:18:88:ff:73:68:cb:a4:2f:b3:
                    af:aa:77:0c:93:0c:05:75:87:aa:7b:a5:75:1e:e2:
                    a7:bb:75:c7:f4:28:72:14:a6:58:16:51:8a:3c:94:
                    52:8d:b4:1c:f1:18:fe:68:52:2b:4e:d4:a1:18:a7:
                    04:60:16:73:bc:17:f7:d7:f7:da:1f:f5:ee:45:c5:
                    d8:44:24:4b:25:92:aa:d1:b4:65:38:84:b6:6d:89:
                    4a:c5:84:25:6b:d7:65:48:f2:cf:fb:90:6b:d2:13:
                    0b:f6:e3:15:d2:2c:fb:bd:93:74:2a:fe:98:72:9f:
                    5a:1a:16:5d:ef:cf:b9:4f:9a:2a:d9:26:64:d2:1b:
                    6c:f4:a1:8d:c9:e6:f4:98:03:3e:5c:f4:18:47:81:
                    07:56:d9:8e:90:de:f2:18:bc:7d:f0:13:97:ff:9e:
                    03:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:5A:58:4B:61:AA:3B:5B:2F:41:E4:CA:49:00:EC:30:F5:44:0D:03
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/XlpYS2GqO1svQeTKSQDsMPVEDQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.29.0/24
                  163.5.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:84:da:1f:a9:cc:2c:55:a2:9e:19:87:03:8f:3b:1a:5f:aa:
         f3:09:15:26:89:06:3e:c3:4f:07:7d:2e:1d:b3:00:cc:3c:db:
         b6:46:3c:80:6b:d9:26:ed:aa:aa:e2:65:48:07:0f:05:55:60:
         bc:36:f3:4e:12:c7:66:34:e7:84:0c:ed:cf:0e:20:54:8d:c4:
         21:94:65:49:1b:cc:5a:2d:c4:1c:64:03:78:19:20:07:37:38:
         9c:3f:b0:2b:c9:ba:21:c2:38:07:99:a8:ee:f0:2e:7a:b0:4a:
         70:fe:cb:3e:36:5d:91:a9:18:4c:6c:7d:f3:8c:44:7c:87:44:
         fc:47:09:20:b9:b8:ed:42:e7:eb:44:8c:f9:cf:5b:e2:ef:44:
         c5:f5:db:05:a0:e3:11:0a:bb:fb:95:10:56:d5:81:95:44:3c:
         90:8d:44:e0:6e:88:17:91:fb:7b:45:64:0a:28:53:55:0e:7a:
         4e:10:45:72:8c:af:84:3f:fc:d9:09:1d:30:af:2f:67:03:61:
         e4:ae:78:67:20:cd:3c:3a:b9:22:be:c6:ff:45:37:a2:5e:5d:
         25:a9:70:bc:0a:82:9b:ac:00:63:dc:64:75:1f:81:54:f4:3b:
         13:2e:1e:e2:e7:7b:be:09:8d:15:86:76:99:af:a0:1c:67:08:
         db:6c:5b:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZc3G88BIBBCRqa3xQohIPpwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNjAzMTg0NDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTVhNTg0YjYxYWEzYjViMmY0MWU0Y2E0OTAwZWMzMGY1NDQwZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvLIQikUVNOtsy5P7+vsSbu3fkzv
Z21FKGLYm/rQSR06IvJPxjuMygdAuJXYtPNKvE0gu63f8daGqt083qs+th8Fg/nd
79rwjBgtKAXEAVt45cXf+wpqEuUOEUvrXR0YiP9zaMukL7OvqncMkwwFdYeqe6V1
HuKnu3XH9ChyFKZYFlGKPJRSjbQc8Rj+aFIrTtShGKcEYBZzvBf31/faH/XuRcXY
RCRLJZKq0bRlOIS2bYlKxYQla9dlSPLP+5Br0hML9uMV0iz7vZN0Kv6Ycp9aGhZd
78+5T5oq2SZk0hts9KGNyeb0mAM+XPQYR4EHVtmOkN7yGLx98BOX/54D0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF5aWEthqjtbL0HkykkA7DD1RA0DMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWGxwWVMyR3FPMXN2UWVUS1NRRHNNUFZFRFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowUdAwQA
owXIMA0GCSqGSIb3DQEBCwUAA4IBAQAwhNofqcwsVaKeGYcDjzsaX6rzCRUmiQY+
w08HfS4dswDMPNu2RjyAa9km7aqq4mVIBw8FVWC8NvNOEsdmNOeEDO3PDiBUjcQh
lGVJG8xaLcQcZAN4GSAHNzicP7ArybohwjgHmaju8C56sEpw/ss+Nl2RqRhMbH3z
jER8h0T8RwkgubjtQufrRIz5z1vi70TF9dsFoOMRCrv7lRBW1YGVRDyQjUTgbogX
kft7RWQKKFNVDnpOEEVyjK+EP/zZCR0wry9nA2HkrnhnIM08Orkivsb/RTeiXl0l
qXC8CoKbrABj3GR1H4FU9DsTLh7i53u+CY0VhnaZr6AcZwjbbFts
-----END CERTIFICATE-----