Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/a5Fphh6oXZeOpumsPJSz8RqrCdc.roa
File:                     a5Fphh6oXZeOpumsPJSz8RqrCdc.roa (raw, json)
Hash identifier:          aMnO0wu+XcePDhhrSZfCjSaGu+HG7xW25JJOfvQhuNU=
Subject key identifier:   6B:91:69:86:1E:A8:5D:97:8E:A6:E9:AC:3C:94:B3:F1:1A:AB:09:D7
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018E95386714CAED38E123309E57A80BC4FB
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/a5Fphh6oXZeOpumsPJSz8RqrCdc.roa
Signing time:             Sun 31 Mar 2024 15:54:45 +0000
ROA not before:           Sun 31 Mar 2024 15:54:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142111
IP address blocks:        163.5.79.0/24 maxlen: 24
                          163.5.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:38:67:14:ca:ed:38:e1:23:30:9e:57:a8:0b:c4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 31 15:54:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b9169861ea85d978ea6e9ac3c94b3f11aab09d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bb:61:62:67:d3:27:f2:9a:e1:ce:39:66:92:
                    3c:32:ba:b0:13:75:d8:a2:e8:c0:18:34:16:d7:f6:
                    9f:92:18:6f:ef:87:38:e2:b8:9c:0d:3d:ef:aa:e8:
                    21:74:2a:c7:ee:3e:39:6f:42:e0:d5:39:0f:fa:ca:
                    4a:e8:dd:cd:fd:37:f0:8c:fc:8b:f1:30:21:ee:99:
                    5a:a6:fc:de:c5:8d:05:b3:6f:8d:76:5c:1d:5c:21:
                    45:5e:d8:c5:be:34:d2:71:b5:12:a7:2a:cd:7c:75:
                    e7:19:ad:ee:1f:a4:8f:c4:8e:e3:59:a5:f3:c5:d9:
                    90:ed:9f:51:15:dc:5e:6a:09:72:aa:3d:d1:84:15:
                    47:38:6b:17:ae:70:f0:d8:b1:44:69:1d:9d:cc:eb:
                    e3:28:87:d2:48:ca:cc:81:77:6f:ef:0d:6a:2f:31:
                    1d:d6:ce:09:d2:d8:60:81:a6:53:8a:08:bb:1b:3d:
                    b1:e6:59:a3:83:a0:4c:69:a6:25:28:72:a7:86:4c:
                    10:6a:33:80:1e:ed:25:cd:5e:17:b4:52:d1:5b:23:
                    46:a4:13:db:a8:31:86:da:dd:57:8b:ea:44:6e:49:
                    0c:1c:55:bc:4c:d0:74:09:f6:ed:0b:64:bd:1a:c2:
                    e7:b2:ec:22:b6:33:69:18:50:a4:3d:39:eb:60:5d:
                    de:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:91:69:86:1E:A8:5D:97:8E:A6:E9:AC:3C:94:B3:F1:1A:AB:09:D7
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/a5Fphh6oXZeOpumsPJSz8RqrCdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.79.0/24
                  163.5.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:13:29:f0:c6:6b:0e:fc:38:85:bf:b4:5d:aa:c2:6b:06:ac:
         5c:eb:d4:af:3a:0e:7b:c1:73:b3:17:c3:95:4a:c5:2f:10:c8:
         09:d0:28:07:1c:eb:da:aa:db:60:5f:e8:d8:52:a7:59:f3:6f:
         60:0e:a5:f6:d0:76:78:8a:1a:94:a6:05:c9:3d:9c:d1:11:82:
         a8:7e:ba:da:6a:ed:d1:9a:79:71:87:8a:62:a3:69:b7:0f:cc:
         6f:da:97:a1:68:f3:fa:e9:46:d8:5b:0f:77:62:8a:d8:f3:47:
         d5:03:9f:41:b6:1b:f5:85:2b:d6:41:37:f1:76:01:25:e2:c7:
         4b:a8:96:b2:f4:1c:93:f9:d3:ad:6d:2a:71:d4:df:bf:69:48:
         e1:a7:a4:16:21:45:d3:b0:84:2d:f6:55:7a:5f:e7:f2:76:4c:
         30:78:86:e6:09:aa:21:1a:1c:4b:bf:44:b1:3a:1d:42:94:44:
         a5:00:ea:0e:3b:18:57:30:1c:cf:7f:d1:1c:79:f3:90:50:5b:
         ad:87:a0:b2:16:31:a4:45:f1:4c:0f:56:60:a4:a5:30:82:e4:
         b5:85:f1:10:f8:c0:9a:45:44:9a:6b:45:46:12:32:6c:8b:b4:
         a3:2f:0b:7d:7d:c3:85:ef:f9:70:ed:b5:a3:5f:d8:3e:93:ce:
         77:ab:30:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6VOGcUyu044SMwnleoC8T7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMzMxMTU1NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjkxNjk4NjFlYTg1ZDk3OGVhNmU5YWMzYzk0YjNmMTFhYWIwOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7thYmfTJ/Ka4c45ZpI8MrqwE3XY
oujAGDQW1/afkhhv74c44ricDT3vqughdCrH7j45b0Lg1TkP+spK6N3N/TfwjPyL
8TAh7plapvzexY0Fs2+NdlwdXCFFXtjFvjTScbUSpyrNfHXnGa3uH6SPxI7jWaXz
xdmQ7Z9RFdxeaglyqj3RhBVHOGsXrnDw2LFEaR2dzOvjKIfSSMrMgXdv7w1qLzEd
1s4J0thggaZTigi7Gz2x5lmjg6BMaaYlKHKnhkwQajOAHu0lzV4XtFLRWyNGpBPb
qDGG2t1Xi+pEbkkMHFW8TNB0CfbtC2S9GsLnsuwitjNpGFCkPTnrYF3eIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGuRaYYeqF2XjqbprDyUs/EaqwnXMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvYTVGcGhoNm9YWmVPcHVtc1BKU3o4UnFyQ2RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVPAwQA
owWhMA0GCSqGSIb3DQEBCwUAA4IBAQCAEynwxmsO/DiFv7RdqsJrBqxc69SvOg57
wXOzF8OVSsUvEMgJ0CgHHOvaqttgX+jYUqdZ829gDqX20HZ4ihqUpgXJPZzREYKo
frraau3Rmnlxh4pio2m3D8xv2pehaPP66UbYWw93YorY80fVA59Bthv1hSvWQTfx
dgEl4sdLqJay9ByT+dOtbSpx1N+/aUjhp6QWIUXTsIQt9lV6X+fydkwweIbmCaoh
GhxLv0SxOh1ClESlAOoOOxhXMBzPf9EcefOQUFuth6CyFjGkRfFMD1ZgpKUwguS1
hfEQ+MCaRUSaa0VGEjJsi7SjLwt9fcOF7/lw7bWjX9g+k853qzA3
-----END CERTIFICATE-----