Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Z8BHW8O_6Liwob_6ZXA4f399NSI.roa
File:                     Z8BHW8O_6Liwob_6ZXA4f399NSI.roa (raw, json)
Hash identifier:          8QzVDlABscGYcmjXl0Q6NfPz7XIaCe63qY2ZEID9w4Q=
Subject key identifier:   67:C0:47:5B:C3:BF:E8:B8:B0:A1:BF:FA:65:70:38:7F:7F:7D:35:22
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC42565839C1938E54BA108C5CC06D282
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Z8BHW8O_6Liwob_6ZXA4f399NSI.roa
Signing time:             Mon 01 Jan 2024 08:30:34 +0000
ROA not before:           Mon 01 Jan 2024 08:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207992
IP address blocks:        163.5.121.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:65:83:9c:19:38:e5:4b:a1:08:c5:cc:06:d2:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67c0475bc3bfe8b8b0a1bffa6570387f7f7d3522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:22:60:a0:87:6d:d6:3d:d2:f7:90:37:68:5f:
                    99:7c:db:6e:a6:a4:bc:cf:da:4b:6a:bb:3e:3c:58:
                    56:d1:89:23:2c:ae:bf:1f:72:3b:83:8d:40:fc:9d:
                    d3:e9:a3:4c:c8:7d:44:b7:41:93:e9:0a:36:87:9c:
                    8c:6a:27:68:5e:99:1f:16:ce:71:4c:0c:05:79:63:
                    42:f8:7a:55:ec:fd:15:a7:0c:30:2e:63:65:bc:86:
                    19:64:a5:36:eb:ba:75:82:5c:cc:2f:b6:b9:b1:dd:
                    94:f0:09:97:dd:df:9b:f8:8d:d6:c0:cd:af:20:6f:
                    1d:c1:fe:6e:5e:27:b7:7c:5d:68:55:9f:c5:28:88:
                    81:0f:f8:f9:d7:50:56:98:ad:cc:fb:e9:23:59:c6:
                    16:78:94:f8:9b:2f:6b:45:31:a0:db:3a:45:29:1b:
                    74:04:70:a3:1e:fc:56:38:59:31:3d:99:1b:e1:b8:
                    32:0d:58:40:fc:f9:71:50:f7:9a:62:f9:78:f7:e2:
                    c5:eb:b8:7a:58:a6:d3:b9:e9:1f:ab:c7:ae:1c:c1:
                    f6:87:a6:5c:4a:2c:72:8a:8f:70:e6:ac:33:7d:c2:
                    30:7c:20:af:b4:7e:1b:81:1a:7e:09:0a:24:e9:37:
                    38:80:92:cd:0a:13:e4:31:21:dc:c9:2e:08:76:da:
                    38:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C0:47:5B:C3:BF:E8:B8:B0:A1:BF:FA:65:70:38:7F:7F:7D:35:22
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Z8BHW8O_6Liwob_6ZXA4f399NSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.121.0/24
                  163.5.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:7f:c7:ca:dd:72:7a:43:62:ef:7d:7c:ed:34:69:bb:b7:31:
         ef:7b:59:bf:af:c0:ed:1f:52:0f:0f:01:f5:34:4a:33:0a:bc:
         6f:43:61:7e:bb:fa:48:f4:86:54:56:81:92:6f:d0:17:95:fd:
         6c:eb:b9:ca:44:0d:fc:be:a6:dd:a9:ab:5e:ce:8f:02:d4:d2:
         be:cd:8f:b0:0c:08:b7:29:7d:61:46:3f:dd:60:a4:56:da:3e:
         27:78:0f:1b:26:a7:8a:f7:99:87:68:62:48:a6:69:60:60:95:
         1b:6c:b8:1e:a7:fd:26:81:10:b6:a7:c2:9c:9d:5b:3c:51:df:
         27:e5:98:59:43:7c:78:fd:cd:52:5e:13:0c:81:70:12:60:f0:
         1b:ab:05:0d:88:66:cf:40:28:3a:32:b4:01:ed:50:03:3d:84:
         65:b9:ce:c6:d0:ea:ea:fe:ed:4c:9f:17:f3:ef:ff:13:7b:95:
         ab:a5:3c:da:fd:6f:ea:bb:72:e1:c9:ab:d8:ec:98:e0:c7:da:
         20:8a:da:83:96:9f:09:73:7a:68:55:96:ca:46:4f:7e:60:f3:
         f8:ba:30:40:3f:14:26:29:71:ff:c8:4c:60:31:00:01:70:e3:
         a1:66:20:cd:28:23:6c:e7:34:78:46:d9:f7:17:84:2e:e7:f1:
         d8:06:89:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJWWDnBk45UuhCMXMBtKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2MwNDc1YmMzYmZlOGI4YjBhMWJmZmE2NTcwMzg3ZjdmN2QzNTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyJgoIdt1j3S95A3aF+ZfNtupqS8
z9pLars+PFhW0YkjLK6/H3I7g41A/J3T6aNMyH1Et0GT6Qo2h5yMaidoXpkfFs5x
TAwFeWNC+HpV7P0VpwwwLmNlvIYZZKU267p1glzML7a5sd2U8AmX3d+b+I3WwM2v
IG8dwf5uXie3fF1oVZ/FKIiBD/j511BWmK3M++kjWcYWeJT4my9rRTGg2zpFKRt0
BHCjHvxWOFkxPZkb4bgyDVhA/PlxUPeaYvl49+LF67h6WKbTuekfq8euHMH2h6Zc
Sixyio9w5qwzfcIwfCCvtH4bgRp+CQok6Tc4gJLNChPkMSHcyS4Idto4cwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGfAR1vDv+i4sKG/+mVwOH9/fTUiMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWjhCSFc4T182TGl3b2JfNlpYQTRmMzk5TlNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowV5AwQA
owWfMA0GCSqGSIb3DQEBCwUAA4IBAQB9f8fK3XJ6Q2LvfXztNGm7tzHve1m/r8Dt
H1IPDwH1NEozCrxvQ2F+u/pI9IZUVoGSb9AXlf1s67nKRA38vqbdqatezo8C1NK+
zY+wDAi3KX1hRj/dYKRW2j4neA8bJqeK95mHaGJIpmlgYJUbbLgep/0mgRC2p8Kc
nVs8Ud8n5ZhZQ3x4/c1SXhMMgXASYPAbqwUNiGbPQCg6MrQB7VADPYRluc7G0Orq
/u1Mnxfz7/8Te5WrpTza/W/qu3LhyavY7Jjgx9ogitqDlp8Jc3poVZbKRk9+YPP4
ujBAPxQmKXH/yExgMQABcOOhZiDNKCNs5zR4Rtn3F4Qu5/HYBolk
-----END CERTIFICATE-----