Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/dPEe0pmoY7BKDvGU17B0SK6xc5M.roa
File:                     dPEe0pmoY7BKDvGU17B0SK6xc5M.roa (raw, json)
Hash identifier:          Y73opuJLJXfMiQFBm0F6Uz77+l5FZ7QlQqEpqyC/EUQ=
Subject key identifier:   74:F1:1E:D2:99:A8:63:B0:4A:0E:F1:94:D7:B0:74:48:AE:B1:73:93
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A3BD50DB03992B346F54320EF9C2F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/dPEe0pmoY7BKDvGU17B0SK6xc5M.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198831
IP address blocks:        163.5.59.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3b:d5:0d:b0:39:92:b3:46:f5:43:20:ef:9c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74f11ed299a863b04a0ef194d7b07448aeb17393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:84:76:d1:fe:1d:11:af:4f:d5:ac:69:19:95:
                    02:15:0d:af:cb:15:a3:98:1c:c5:a2:67:14:57:3c:
                    62:68:2b:f2:dd:63:77:2d:cd:47:3b:e8:85:6a:c2:
                    db:33:15:32:e1:4b:bf:63:d8:5c:52:5d:ad:f4:43:
                    9b:c0:37:41:6c:b6:48:0e:de:41:fb:d5:0e:f7:e1:
                    04:3c:cc:3c:6c:48:4a:9f:86:b1:05:ff:a3:8d:dd:
                    63:00:96:9e:1e:38:d6:80:a9:6a:c3:31:ec:8e:4e:
                    2d:72:95:60:41:66:f2:10:7f:15:09:a0:4b:90:7b:
                    f6:a2:9d:43:63:83:b0:80:bd:3d:31:78:07:a2:be:
                    55:53:49:29:ba:1b:98:ab:57:48:1d:20:c8:0c:bc:
                    83:df:82:ee:3f:df:19:24:6e:5e:25:e2:97:99:a8:
                    c5:ff:fe:b1:59:0d:7f:9d:63:3c:21:3b:5a:39:4a:
                    42:a5:39:4c:46:de:13:e9:66:56:c2:2b:da:77:e1:
                    80:68:fc:d6:e4:a7:de:f7:cb:0b:56:51:ae:62:eb:
                    76:61:a4:55:a6:b2:18:3c:06:67:8c:8e:5b:63:ad:
                    aa:3a:77:f8:dc:90:11:38:08:5f:6b:31:8a:67:d9:
                    a4:05:47:d9:3d:43:af:82:3f:72:63:e5:c6:79:fb:
                    d1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F1:1E:D2:99:A8:63:B0:4A:0E:F1:94:D7:B0:74:48:AE:B1:73:93
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/dPEe0pmoY7BKDvGU17B0SK6xc5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.59.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:cf:cb:e7:7d:4d:73:22:bd:8c:1e:84:70:a1:9d:e7:f4:58:
         f3:0e:f0:02:c3:7e:01:08:23:88:9f:63:d9:01:99:c3:88:c3:
         fc:c3:c8:36:b8:6e:c1:86:de:6c:63:b3:62:90:7d:21:00:ad:
         03:df:83:5f:ae:22:78:2f:b9:dd:26:ba:ba:f6:c9:65:1f:4f:
         7c:42:59:3f:0f:ae:6e:cf:e6:94:28:1e:bd:5f:be:86:26:3f:
         10:44:74:f5:d7:30:43:4e:38:a3:75:6d:f7:ea:2d:b7:f9:7f:
         66:06:a4:cf:23:94:63:06:b8:79:cc:31:67:71:43:db:4a:21:
         05:cf:3f:74:c5:ef:8d:67:2a:9f:6a:6b:1a:f0:50:fb:db:9c:
         94:dd:75:47:2c:9e:ca:52:59:83:1c:e4:57:bb:0c:74:27:67:
         31:f1:89:33:49:06:f7:96:e7:ef:0b:b8:ad:eb:00:63:21:4d:
         87:b5:b1:0c:23:10:d4:20:68:08:92:8b:d6:30:91:f4:a4:b0:
         ae:12:30:d8:43:ad:4d:17:58:a7:9b:91:b6:07:58:51:b0:08:
         21:ea:16:97:28:cd:13:7b:31:24:d2:2f:0a:5e:d2:8f:19:aa:
         5c:4b:9f:46:a9:30:ff:d5:b4:94:95:ed:42:d6:68:d7:74:2a:
         e2:01:00:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjajvVDbA5krNG9UMg75wvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGYxMWVkMjk5YTg2M2IwNGEwZWYxOTRkN2IwNzQ0OGFlYjE3MzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIR20f4dEa9P1axpGZUCFQ2vyxWj
mBzFomcUVzxiaCvy3WN3Lc1HO+iFasLbMxUy4Uu/Y9hcUl2t9EObwDdBbLZIDt5B
+9UO9+EEPMw8bEhKn4axBf+jjd1jAJaeHjjWgKlqwzHsjk4tcpVgQWbyEH8VCaBL
kHv2op1DY4OwgL09MXgHor5VU0kpuhuYq1dIHSDIDLyD34LuP98ZJG5eJeKXmajF
//6xWQ1/nWM8ITtaOUpCpTlMRt4T6WZWwivad+GAaPzW5Kfe98sLVlGuYut2YaRV
prIYPAZnjI5bY62qOnf43JAROAhfazGKZ9mkBUfZPUOvgj9yY+XGefvR6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHTxHtKZqGOwSg7xlNewdEiusXOTMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZFBFZTBwbW9ZN0JLRHZHVTE3QjBTSzZ4YzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowU7AwQA
uf02MA0GCSqGSIb3DQEBCwUAA4IBAQAwz8vnfU1zIr2MHoRwoZ3n9FjzDvACw34B
CCOIn2PZAZnDiMP8w8g2uG7Bht5sY7NikH0hAK0D34NfriJ4L7ndJrq69sllH098
Qlk/D65uz+aUKB69X76GJj8QRHT11zBDTjijdW336i23+X9mBqTPI5RjBrh5zDFn
cUPbSiEFzz90xe+NZyqfamsa8FD725yU3XVHLJ7KUlmDHORXuwx0J2cx8YkzSQb3
lufvC7it6wBjIU2HtbEMIxDUIGgIkovWMJH0pLCuEjDYQ61NF1inm5G2B1hRsAgh
6haXKM0TezEk0i8KXtKPGapcS59GqTD/1bSUle1C1mjXdCriAQDZ
-----END CERTIFICATE-----