Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Zc9PDGxYqywDv2s9DSmMX1xpYiE.roa
File:                     Zc9PDGxYqywDv2s9DSmMX1xpYiE.roa (raw, json)
Hash identifier:          dd2WGs/K2+DcYfdUn4PBg5DPt4PlZzk3TSog6neg1vE=
Subject key identifier:   65:CF:4F:0C:6C:58:AB:2C:03:BF:6B:3D:0D:29:8C:5F:5C:69:62:21
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0190A3BF7FB0F97582900873D930C59A3BFE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Zc9PDGxYqywDv2s9DSmMX1xpYiE.roa
Signing time:             Thu 11 Jul 2024 21:42:34 +0000
ROA not before:           Thu 11 Jul 2024 21:42:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        163.5.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a3:bf:7f:b0:f9:75:82:90:08:73:d9:30:c5:9a:3b:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 11 21:42:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65cf4f0c6c58ab2c03bf6b3d0d298c5f5c696221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2c:bc:9a:3b:33:21:a3:90:53:88:2f:05:d4:
                    33:f9:d2:bd:4e:fe:86:c8:db:63:a4:5c:6c:83:22:
                    05:0f:c6:b9:c6:f7:fc:5c:4f:4c:c0:05:2f:9a:cf:
                    4c:be:1a:ba:74:1c:d5:db:aa:d3:5f:39:cb:c0:43:
                    cf:76:10:0f:1d:9d:c8:a4:c4:34:cd:dd:81:65:c7:
                    9b:c0:40:1a:66:0c:1f:f6:2f:80:58:2b:d7:24:9c:
                    3a:7a:84:27:14:a8:94:cb:39:98:c0:8a:94:3c:d4:
                    a3:48:71:37:ad:76:40:3e:57:1e:14:e4:cd:32:6c:
                    2c:6f:40:55:58:af:50:f0:8e:ec:62:e1:9f:6a:d4:
                    6c:b9:26:74:c7:ea:a4:db:71:8b:45:dd:ea:ba:b8:
                    d3:f9:ce:9f:1e:06:07:f9:40:36:68:3f:e4:21:85:
                    c6:3a:52:cd:84:85:5e:b6:98:f4:45:88:29:5b:fb:
                    c9:8d:91:83:0e:64:c8:03:99:96:f3:2c:ab:fd:8d:
                    7a:48:54:f3:c0:9c:e5:eb:f1:74:11:3a:d3:68:49:
                    eb:52:6a:af:1a:33:d6:6c:6f:64:3a:39:0b:e9:fd:
                    50:62:61:a2:46:57:12:f3:5a:fe:b1:1b:b6:e2:f8:
                    ca:08:74:25:0e:69:92:53:9e:4b:2a:23:96:72:17:
                    4e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:CF:4F:0C:6C:58:AB:2C:03:BF:6B:3D:0D:29:8C:5F:5C:69:62:21
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Zc9PDGxYqywDv2s9DSmMX1xpYiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:b1:ca:de:a7:cd:62:b1:8d:78:6f:49:91:53:2a:69:0c:7f:
         80:f2:d6:9d:43:43:d0:72:2e:4b:5e:f4:3a:87:00:2b:67:76:
         27:b6:b4:26:85:02:f5:67:d3:f3:02:00:df:61:79:ed:8e:7a:
         50:e8:11:ce:55:09:20:73:19:37:86:7a:bf:b7:04:ac:39:07:
         16:4a:42:1c:05:a4:ae:1d:e4:ff:76:94:04:f9:17:a1:32:16:
         11:0c:35:c8:b4:6a:11:7e:31:4a:b6:cc:f8:a4:8f:a5:b7:63:
         6c:fa:08:aa:2e:f7:e0:94:9e:c1:c8:ce:05:20:91:f0:f1:05:
         ab:a6:09:85:d8:2f:ba:31:3c:d2:ff:ce:4c:7a:12:a6:e7:9e:
         f2:89:5c:87:23:0e:c0:f8:28:56:5a:d2:b4:99:a6:b3:c8:c0:
         a6:2a:20:58:b0:bc:20:0a:22:8c:c9:47:94:51:80:11:12:1c:
         4f:72:6a:d0:eb:8e:7f:b8:3b:7b:b4:9e:a8:1f:72:07:c4:c3:
         82:31:e4:3d:e7:1a:39:00:00:c8:55:32:03:14:06:4c:59:52:
         10:89:39:40:83:34:c9:1b:86:0d:b8:4a:6e:0e:57:9c:cd:9e:
         cb:61:9d:27:fd:71:e7:1f:f4:04:03:6a:ef:20:6f:62:55:06:
         90:9a:c0:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCjv3+w+XWCkAhz2TDFmjv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNzExMjE0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWNmNGYwYzZjNThhYjJjMDNiZjZiM2QwZDI5OGM1ZjVjNjk2MjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviy8mjszIaOQU4gvBdQz+dK9Tv6G
yNtjpFxsgyIFD8a5xvf8XE9MwAUvms9Mvhq6dBzV26rTXznLwEPPdhAPHZ3IpMQ0
zd2BZcebwEAaZgwf9i+AWCvXJJw6eoQnFKiUyzmYwIqUPNSjSHE3rXZAPlceFOTN
Mmwsb0BVWK9Q8I7sYuGfatRsuSZ0x+qk23GLRd3qurjT+c6fHgYH+UA2aD/kIYXG
OlLNhIVetpj0RYgpW/vJjZGDDmTIA5mW8yyr/Y16SFTzwJzl6/F0ETrTaEnrUmqv
GjPWbG9kOjkL6f1QYmGiRlcS81r+sRu24vjKCHQlDmmSU55LKiOWchdO5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXPTwxsWKssA79rPQ0pjF9caWIhMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWmM5UERHeFlxeXdEdjJzOURTbU1YMXhwWWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVeMA0G
CSqGSIb3DQEBCwUAA4IBAQBAscrep81isY14b0mRUyppDH+A8tadQ0PQci5LXvQ6
hwArZ3YntrQmhQL1Z9PzAgDfYXntjnpQ6BHOVQkgcxk3hnq/twSsOQcWSkIcBaSu
HeT/dpQE+RehMhYRDDXItGoRfjFKtsz4pI+lt2Ns+giqLvfglJ7ByM4FIJHw8QWr
pgmF2C+6MTzS/85MehKm557yiVyHIw7A+ChWWtK0maazyMCmKiBYsLwgCiKMyUeU
UYAREhxPcmrQ645/uDt7tJ6oH3IHxMOCMeQ95xo5AADIVTIDFAZMWVIQiTlAgzTJ
G4YNuEpuDleczZ7LYZ0n/XHnH/QEA2rvIG9iVQaQmsBn
-----END CERTIFICATE-----