Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/a2IR9Vrtz_HOf6zSVukay3vq0dA.roa
File:                     a2IR9Vrtz_HOf6zSVukay3vq0dA.roa (raw, json)
Hash identifier:          IL2K9Q8tjPRT4RlJBndsRY9fyGnugyV2RSeRwtpsA9g=
Subject key identifier:   6B:62:11:F5:5A:ED:CF:F1:CE:7F:AC:D2:56:E9:1A:CB:7B:EA:D1:D0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CE86565D2DE137CE7DF2377182F6029A0
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/a2IR9Vrtz_HOf6zSVukay3vq0dA.roa
Signing time:             Mon 08 Jan 2024 09:26:48 +0000
ROA not before:           Mon 08 Jan 2024 09:26:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198607
IP address blocks:        163.5.87.0/24 maxlen: 24
                          163.5.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:65:65:d2:de:13:7c:e7:df:23:77:18:2f:60:29:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  8 09:26:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b6211f55aedcff1ce7facd256e91acb7bead1d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:48:34:15:12:94:99:37:92:9a:24:8a:6c:fe:
                    a9:94:a6:fd:1a:7d:5a:26:21:46:77:63:45:02:06:
                    84:a6:17:6b:a3:02:b8:9b:36:ae:f7:83:03:c9:98:
                    b1:30:11:44:49:65:91:36:c4:1c:16:48:9e:18:d6:
                    5d:28:19:56:0f:c9:2d:43:f2:3b:de:9e:56:c1:d2:
                    8a:a5:4f:82:67:05:5d:aa:5b:fb:d0:fe:c8:14:90:
                    6a:aa:05:6d:5e:b6:4b:55:64:79:ad:c5:a2:ff:80:
                    6b:21:60:c5:eb:8a:66:ea:9a:55:20:a6:0d:46:12:
                    aa:c6:d4:f4:ed:0d:da:86:85:17:5e:a2:4c:03:fe:
                    cd:be:3b:b3:2c:10:0c:a9:2b:eb:0e:51:d1:44:b8:
                    0f:36:14:0f:6c:1c:08:74:80:2d:2d:cd:42:ed:0c:
                    5c:7b:df:9b:0b:b9:bb:30:b2:a7:f5:09:82:11:93:
                    21:46:6f:d8:d7:c3:93:54:25:d0:63:94:a8:c6:26:
                    44:07:03:7e:31:e5:1d:3a:d4:96:10:d7:da:60:1f:
                    1f:e5:4a:64:8e:80:81:06:b6:57:24:a8:f9:35:80:
                    0f:a1:2c:70:b8:9e:c5:fc:b3:96:a8:d9:dd:7c:9d:
                    a0:21:46:83:6e:f7:cf:f5:e0:d4:bf:1f:48:e5:c6:
                    1f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:62:11:F5:5A:ED:CF:F1:CE:7F:AC:D2:56:E9:1A:CB:7B:EA:D1:D0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/a2IR9Vrtz_HOf6zSVukay3vq0dA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.87.0/24
                  163.5.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:e6:df:2b:e0:f1:8c:38:da:41:d9:8d:d1:a0:2a:0c:d8:95:
         83:b5:66:03:14:05:c1:f9:7a:d1:05:fb:b0:68:e8:a2:21:ef:
         89:0a:41:b0:43:35:2d:e4:a1:63:8e:22:e5:6d:71:87:ba:02:
         7e:88:79:1f:b3:36:b2:48:b4:7f:cc:0e:fa:f9:d6:8a:c8:fd:
         d2:56:f3:ed:80:1d:be:77:b3:89:9e:82:04:b1:fa:e1:56:ba:
         5e:1f:03:09:36:89:cf:73:35:3b:6b:cc:9c:0a:a3:b4:a2:63:
         60:50:f1:7c:4b:3c:9e:13:db:e3:df:4c:03:1a:ed:5d:a9:e2:
         29:20:68:e2:b6:be:c9:42:e9:db:39:b5:f8:e0:4b:a7:e2:3d:
         5e:05:ac:d1:9a:17:db:7a:eb:48:a1:6a:47:c5:07:9c:bc:2f:
         8e:31:6a:0a:d4:4b:ca:9b:ca:60:7d:19:52:4b:90:c2:52:98:
         4a:fd:9d:85:2d:84:75:16:ac:6e:18:2f:ba:34:6b:f8:b1:58:
         e9:a9:b2:1a:d7:66:5f:24:4e:24:40:e6:7b:e9:94:a0:ab:f2:
         cc:00:87:51:0a:a6:a5:b8:67:2b:cc:4a:40:87:7f:b9:f1:8e:
         e6:88:66:47:b6:f6:1b:e4:38:6d:46:20:60:27:40:9a:66:ce:
         16:5c:c0:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzoZWXS3hN8598jdxgvYCmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTA4MDkyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjYyMTFmNTVhZWRjZmYxY2U3ZmFjZDI1NmU5MWFjYjdiZWFkMWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUg0FRKUmTeSmiSKbP6plKb9Gn1a
JiFGd2NFAgaEphdrowK4mzau94MDyZixMBFESWWRNsQcFkieGNZdKBlWD8ktQ/I7
3p5WwdKKpU+CZwVdqlv70P7IFJBqqgVtXrZLVWR5rcWi/4BrIWDF64pm6ppVIKYN
RhKqxtT07Q3ahoUXXqJMA/7NvjuzLBAMqSvrDlHRRLgPNhQPbBwIdIAtLc1C7Qxc
e9+bC7m7MLKn9QmCEZMhRm/Y18OTVCXQY5SoxiZEBwN+MeUdOtSWENfaYB8f5Upk
joCBBrZXJKj5NYAPoSxwuJ7F/LOWqNndfJ2gIUaDbvfP9eDUvx9I5cYf5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGtiEfVa7c/xzn+s0lbpGst76tHQMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvYTJJUjlWcnR6X0hPZjZ6U1Z1a2F5M3ZxMGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVXAwQA
owV/MA0GCSqGSIb3DQEBCwUAA4IBAQCd5t8r4PGMONpB2Y3RoCoM2JWDtWYDFAXB
+XrRBfuwaOiiIe+JCkGwQzUt5KFjjiLlbXGHugJ+iHkfszaySLR/zA76+daKyP3S
VvPtgB2+d7OJnoIEsfrhVrpeHwMJNonPczU7a8ycCqO0omNgUPF8SzyeE9vj30wD
Gu1dqeIpIGjitr7JQunbObX44Eun4j1eBazRmhfbeutIoWpHxQecvC+OMWoK1EvK
m8pgfRlSS5DCUphK/Z2FLYR1FqxuGC+6NGv4sVjpqbIa12ZfJE4kQOZ76ZSgq/LM
AIdRCqaluGcrzEpAh3+58Y7miGZHtvYb5DhtRiBgJ0CaZs4WXMAV
-----END CERTIFICATE-----