Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/bk165Q5-51My0qVzNu-XTX06dOY.roa
File:                     bk165Q5-51My0qVzNu-XTX06dOY.roa (raw, json)
Hash identifier:          MpqI2Nrg4j+bPExfIGfdc4+wIhWXqgToEDaxSogj55A=
Subject key identifier:   6E:4D:7A:E5:0E:7E:E7:53:32:D2:A5:73:36:EF:97:4D:7D:3A:74:E6
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01934D74F338BA0233C1AC9708D948546091
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/bk165Q5-51My0qVzNu-XTX06dOY.roa
Signing time:             Thu 21 Nov 2024 06:42:10 +0000
ROA not before:           Thu 21 Nov 2024 06:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        163.5.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4d:74:f3:38:ba:02:33:c1:ac:97:08:d9:48:54:60:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov 21 06:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e4d7ae50e7ee75332d2a57336ef974d7d3a74e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e9:c2:69:93:0a:39:4a:43:fd:a3:13:d9:b3:
                    29:34:a5:fa:2a:e1:0c:49:c7:fc:75:16:5e:de:d7:
                    b3:bc:e3:6f:c3:d7:57:55:6a:60:d9:f4:09:71:92:
                    3c:51:f2:f8:93:4e:0d:6b:37:1b:33:bb:2e:d8:26:
                    96:b1:84:de:35:b8:ed:03:ba:d4:d1:8e:f6:8f:8b:
                    a3:90:72:23:d8:e9:e2:a1:0e:83:62:13:e7:05:1d:
                    01:29:7a:a8:38:b7:2a:00:be:10:04:aa:41:a0:d9:
                    13:5f:05:9e:71:fa:f0:c3:82:e2:4a:77:5b:4a:46:
                    87:f1:a4:c6:1e:48:82:1d:e1:13:78:b5:bc:79:05:
                    37:1d:06:6d:9d:86:27:ce:f1:f1:4a:68:5b:77:3e:
                    24:d4:b5:54:b1:fe:d6:f5:19:1f:f9:67:c7:88:fd:
                    ce:5f:fa:73:6f:e0:d3:09:4b:d2:dc:89:3e:9e:9a:
                    bc:c0:86:86:17:00:8d:62:a1:58:cb:7d:82:04:0d:
                    30:71:ea:a3:09:75:fb:64:34:69:d1:49:0c:08:f5:
                    2e:b6:97:19:66:a2:d0:8f:62:0a:de:e5:a7:b3:5e:
                    53:33:b1:c6:d2:5b:5b:8e:7e:0e:5f:bc:20:04:50:
                    c3:39:da:22:5a:d0:4f:d2:72:04:fd:b6:f7:2d:15:
                    72:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:4D:7A:E5:0E:7E:E7:53:32:D2:A5:73:36:EF:97:4D:7D:3A:74:E6
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/bk165Q5-51My0qVzNu-XTX06dOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ec:81:db:ad:ab:97:94:c2:ca:18:85:d8:24:d7:d9:81:fa:
         b3:fa:1d:42:4b:04:e0:40:69:88:78:e5:fe:97:60:fe:06:81:
         83:b3:90:64:96:93:ae:15:3d:e0:e6:a9:e3:c9:94:31:2a:24:
         6a:57:48:b2:04:7b:07:85:ec:1c:75:ea:10:0a:8d:5a:13:72:
         80:bb:1d:44:66:d3:3c:f4:e8:44:b0:25:49:40:d0:b1:f2:1b:
         21:f5:84:ca:b2:62:ff:84:39:4b:82:0b:51:46:a3:f8:27:7b:
         f5:82:70:53:4e:6c:39:4f:8a:e2:f1:4f:5f:1f:25:25:ce:64:
         36:df:9e:3d:33:ad:96:33:d9:46:60:e6:23:42:da:0e:de:13:
         3f:84:01:de:e5:f2:b9:7a:3b:1b:c4:e8:54:0e:d9:1c:05:e6:
         82:0d:0c:c5:0a:13:2c:fb:01:64:b5:be:5d:74:70:76:d8:6d:
         f9:d9:55:c5:fd:2f:7b:14:89:74:84:c6:f0:c0:bb:c3:61:b7:
         e7:ec:11:b2:f4:ab:ec:8c:be:12:49:3d:07:76:c4:d8:3b:76:
         2a:6e:72:01:4f:ea:38:b4:2d:45:18:ad:36:a9:c1:e2:96:a5:
         a1:a5:2d:e1:0c:4e:69:6b:ec:34:80:77:7e:96:b3:4a:d7:50:
         0b:2a:e3:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNNdPM4ugIzwayXCNlIVGCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMTIxMDY0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTRkN2FlNTBlN2VlNzUzMzJkMmE1NzMzNmVmOTc0ZDdkM2E3NGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3unCaZMKOUpD/aMT2bMpNKX6KuEM
Scf8dRZe3tezvONvw9dXVWpg2fQJcZI8UfL4k04NazcbM7su2CaWsYTeNbjtA7rU
0Y72j4ujkHIj2OnioQ6DYhPnBR0BKXqoOLcqAL4QBKpBoNkTXwWecfrww4LiSndb
SkaH8aTGHkiCHeETeLW8eQU3HQZtnYYnzvHxSmhbdz4k1LVUsf7W9Rkf+WfHiP3O
X/pzb+DTCUvS3Ik+npq8wIaGFwCNYqFYy32CBA0wceqjCXX7ZDRp0UkMCPUutpcZ
ZqLQj2IK3uWns15TM7HG0ltbjn4OX7wgBFDDOdoiWtBP0nIE/bb3LRVybQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5NeuUOfudTMtKlczbvl019OnTmMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvYmsxNjVRNS01MU15MHFWek51LVhUWDA2ZE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWJMA0G
CSqGSIb3DQEBCwUAA4IBAQBm7IHbrauXlMLKGIXYJNfZgfqz+h1CSwTgQGmIeOX+
l2D+BoGDs5BklpOuFT3g5qnjyZQxKiRqV0iyBHsHhewcdeoQCo1aE3KAux1EZtM8
9OhEsCVJQNCx8hsh9YTKsmL/hDlLggtRRqP4J3v1gnBTTmw5T4ri8U9fHyUlzmQ2
3549M62WM9lGYOYjQtoO3hM/hAHe5fK5ejsbxOhUDtkcBeaCDQzFChMs+wFktb5d
dHB22G352VXF/S97FIl0hMbwwLvDYbfn7BGy9KvsjL4SST0HdsTYO3YqbnIBT+o4
tC1FGK02qcHilqWhpS3hDE5pa+w0gHd+lrNK11ALKuP5
-----END CERTIFICATE-----